965 files changed, 103840 insertions, 20829 deletions

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 75ebac5..418378f 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,1889 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
+  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
+     removed entirely.
+     [Richard Levitte]
+
+  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
+     seems that in spite of existing for more than a year, many application
+     author have done nothing to provide the necessary callbacks, which
+     means that this particular engine will not work properly anywhere.
+     This is a very unfortunate situation which forces us, in the name
+     of usability, to give the hw_ncipher.c a static lock, which is part
+     of libcrypto.
+     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
+     appear in 0.9.8 or later.  We EXPECT application authors to have
+     dealt properly with this when 0.9.8 is released (unless we actually
+     make such changes in the libcrypto locking code that changes will
+     have to be made anyway).
+     [Richard Levitte]
+
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
+  *) Add the VC-CE target, introduce the WINCE sysname, and add
+     INSTALL.WCE and appropriate conditionals to make it build.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+     cygssl-x.y.z.dll, where x, y and z are the major, minor and
+     edit numbers of the version.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Introduce safe string copy and catenation functions
+     (BUF_strlcpy() and BUF_strlcat()).
+     [Ben Laurie (CHATS) and Richard Levitte]
+
+  *) Avoid using fixed-size buffers for one-line DNs.
+     [Ben Laurie (CHATS)]
+
+  *) Add BUF_MEM_grow_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid using fixed size buffers for configuration file location.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation for various CA files.
+     [Ben Laurie (CHATS)]
+
+  *) Use sizeof in preference to magic numbers.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation in cert requests.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to check for (supposedly impossible) buffer
+     overflows.
+     [Ben Laurie (CHATS)]
+
+  *) Don't cache truncated DNS entries in the local cache (this could
+     potentially lead to a spoofing attack).
+     [Ben Laurie (CHATS)]
+
+  *) Fix various buffers to be large enough for hex/decimal
+     representations in a platform independent manner.
+     [Ben Laurie (CHATS)]
+
+  *) Add CRYPTO_realloc_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Add BIO_indent() to avoid much slightly worrying code to do
+     indents.
+     [Ben Laurie (CHATS)]
+
+  *) Convert sprintf()/BIO_puts() to BIO_printf().
+     [Ben Laurie (CHATS)]
+
+  *) buffer_gets() could terminate with the buffer only half
+     full. Fixed.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to prevent user-supplied crypto functions from
+     overflowing internal buffers by having large block sizes, etc.
+     [Ben Laurie (CHATS)]
+
+  *) New OPENSSL_assert() macro (similar to assert(), but enabled
+     unconditionally).
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused copy of key in RC4.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+     [Ben Laurie (CHATS)]
+
+  *) Fix off-by-one error in EGD path.
+     [Ben Laurie (CHATS)]
+
+  *) If RANDFILE path is too long, ignore instead of truncating.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized X.509 structure
+     CBCParameter.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous function knumber().
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous structure, KSSL_ERR.
+     [Ben Laurie (CHATS)]
+
+  *) Protect against overlong session ID context length in an encoded
+     session object. Since these are local, this does not appear to be
+     exploitable.
+     [Ben Laurie (CHATS)]
+
+  *) Change from security patch (see 0.9.6e below) that did not affect
+     the 0.9.6 release series:
+
+     Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CAN-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Change the SSL kerb5 codes to match RFC 2712.
+     [Richard Levitte]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
+
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:
+
+	# Place yourself outside of the OpenSSL source tree.  In
+	# this example, the environment variable OPENSSL_SOURCE
+	# is assumed to contain the absolute OpenSSL source directory.
+	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+		mkdir -p `dirname $F`
+		ln -s $OPENSSL_SOURCE/$F $F
+	done
+
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successfull, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]
+
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+     [Lutz Jaenicke]
+
+  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
+     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
+     [Lutz Jaenicke]
+
+  *) Add an "init" command to the ENGINE config module and auto initialize
+     ENGINEs. Without any "init" command the ENGINE will be initialized 
+     after all ctrl commands have been executed on it. If init=1 the 
+     ENGINE is initailized at that point (ctrls before that point are run
+     on the uninitialized ENGINE and after on the initialized one). If
+     init=0 then the ENGINE will not be iniatialized at all.
+     [Steve Henson]
+
+  *) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters@parc.xerox.com>]
+
+  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+     [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+  *) Add and OPENSSL_LOAD_CONF define which will cause
+     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+     This allows older applications to transparently support certain
+     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+     load the config file and OPENSSL_add_all_algorithms_conf() which will
+     always load it have also been added.
+     [Steve Henson]
+
+  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+     Adjust NIDs and EVP layer.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  *) Move default behaviour from OPENSSL_config(). If appname is NULL
+     use "openssl_conf" if filename is NULL use default openssl config file.
+     [Steve Henson]
+
+  *) Add an argument to OPENSSL_config() to allow the use of an alternative
+     config section name. Add a new flag to tolerate a missing config file
+     and move code to CONF_modules_load_file().
+     [Steve Henson]
+
+  *) Support for crypto accelerator cards from Accelerated Encryption
+     Processing, www.aep.ie.  (Use engine 'aep')
+     The support was copied from 0.9.6c [engine] and adapted/corrected
+     to work with the new engine framework.
+     [AEP Inc. and Richard Levitte]
+
+  *) Support for SureWare crypto accelerator cards from Baltimore
+     Technologies.  (Use engine 'sureware')
+     The support was copied from 0.9.6c [engine] and adapted
+     to work with the new engine framework.
+     [Richard Levitte]
+
+  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+     make the newer ENGINE framework commands for the CHIL engine work.
+     [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
+
+  *) Make it possible to produce shared libraries on ReliantUNIX.
+     [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
+
+  *) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add -keyform to rsautl, and document -engine.
+     [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
+
+  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+     BIO_R_NO_SUCH_FILE error code rather than the generic
+     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+     [Ben Laurie]
+
+  *) Add new functions
+          ERR_peek_last_error
+          ERR_peek_last_error_line
+          ERR_peek_last_error_line_data.
+     These are similar to
+          ERR_peek_error
+          ERR_peek_error_line
+          ERR_peek_error_line_data,
+     but report on the latest error recorded rather than the first one
+     still in the error queue.
+     [Ben Laurie, Bodo Moeller]
+        
+  *) default_algorithms option in ENGINE config module. This allows things
+     like:
+     default_algorithms = ALL
+     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+     [Steve Henson]
+
+  *) Prelminary ENGINE config module.
+     [Steve Henson]
+
+  *) New experimental application configuration code.
+     [Steve Henson]
+
+  *) Change the AES code to follow the same name structure as all other
+     symmetric ciphers, and behave the same way.  Move everything to
+     the directory crypto/aes, thereby obsoleting crypto/rijndael.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
+  *) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  *) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
+  *) Add support for Subject Information Access extension.
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+     additional bytes when new memory had to be allocated, not just
+     when reusing an existing buffer.
+     [Bodo Moeller]
+
+  *) New command line and configuration option 'utf8' for the req command.
+     This allows field values to be specified as UTF8 strings.
+     [Steve Henson]
+
+  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+     runs for the former and machine-readable output for the latter.
+     [Ben Laurie]
+
+  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
+     of the e-mail address in the DN (i.e., it will go into a certificate
+     extension only).  The new configuration file option 'email_in_dn = no'
+     has the same effect.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Change all functions with names starting with des_ to be starting
+     with DES_ instead.  Add wrappers that are compatible with libdes,
+     but are named _ossl_old_des_*.  Finally, add macros that map the
+     des_* symbols to the corresponding _ossl_old_des_* if libdes
+     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
+     desired, the des_* symbols will be mapped to DES_*, with one
+     exception.
+
+     Since we provide two compatibility mappings, the user needs to
+     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+     compatibility is desired.  The default (i.e., when that macro
+     isn't defined) is OpenSSL 0.9.6c compatibility.
+
+     There are also macros that enable and disable the support of old
+     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
+     are defined, the default will apply: to support the old des routines.
+
+     In either case, one must include openssl/des.h to get the correct
+     definitions.  Do not try to just include openssl/des_old.h, that
+     won't work.
+
+     NOTE: This is a major break of an old API into a new one.  Software
+     authors are encouraged to switch to the DES_ style functions.  Some
+     time in the future, des_old.h and the libdes compatibility functions
+     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+     default), and then completely removed.
+     [Richard Levitte]
+
+  *) Test for certificates which contain unsupported critical extensions.
+     If such a certificate is found during a verify operation it is 
+     rejected by default: this behaviour can be overridden by either
+     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+     X509_supported_extension() has also been added which returns 1 if a
+     particular extension is supported.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter does
+     not have to be to be initialized before the call to EVP_DigestInit() and
+     it is tidied up after a call to EVP_DigestFinal(). New function
+     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+     EVP_MD_CTX_copy() changed to not require the destination to be
+     initialized valid and new function EVP_MD_CTX_copy_ex() added which
+     requires the destination to be valid.
+
+     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
+  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+     so that complete 'Handshake' protocol structures are kept in memory
+     instead of overwriting 'msg_type' and 'length' with 'body' data.
+     [Bodo Moeller]
+
+  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+     [Massimo Santin via Richard Levitte]
+
+  *) Major restructuring to the underlying ENGINE code. This includes
+     reduction of linker bloat, separation of pure "ENGINE" manipulation
+     (initialisation, etc) from functionality dealing with implementations
+     of specific crypto iterfaces. This change also introduces integrated
+     support for symmetric ciphers and digest implementations - so ENGINEs
+     can now accelerate these by providing EVP_CIPHER and EVP_MD
+     implementations of their own. This is detailed in crypto/engine/README
+     as it couldn't be adequately described here. However, there are a few
+     API changes worth noting - some RSA, DSA, DH, and RAND functions that
+     were changed in the original introduction of ENGINE code have now
+     reverted back - the hooking from this code to ENGINE is now a good
+     deal more passive and at run-time, operations deal directly with
+     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+     dereferencing through an ENGINE pointer any more. Also, the ENGINE
+     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+     they were not being used by the framework as there is no concept of a
+     BIGNUM_METHOD and they could not be generalised to the new
+     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+     ENGINE_cpy() has been removed as it cannot be consistently defined in
+     the new code.
+     [Geoff Thorpe]
+
+  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+     [Steve Henson]
+
+  *) Change mkdef.pl to sort symbols that get the same entry number,
+     and make sure the automatically generated functions ERR_load_*
+     become part of libeay.num as well.
+     [Richard Levitte]
+
+  *) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello receveived from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+     [Bodo Moeller]
+
+  *) Add some demos for certificate and certificate request creation.
+     [Steve Henson]
+
+  *) Make maximum certificate chain size accepted from the peer application
+     settable (SSL*_get/set_max_cert_list()), as proposed by
+     "Douglas E. Engert" <deengert@anl.gov>.
+     [Lutz Jaenicke]
+
+  *) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+     be done prior to destruction. Use this to unload error strings from
+     ENGINEs that load their own error strings. NB: This adds two new API
+     functions to "get" and "set" this destroy handler in an ENGINE.
+     [Geoff Thorpe]
+
+  *) Alter all existing ENGINE implementations (except "openssl" and
+     "openbsd") to dynamically instantiate their own error strings. This
+     makes them more flexible to be built both as statically-linked ENGINEs
+     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+     Also, add stub code to each that makes building them as self-contained
+     shared-libraries easier (see README.ENGINE).
+     [Geoff Thorpe]
+
+  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+     implementations into applications that are completely implemented in
+     self-contained shared-libraries. The "dynamic" ENGINE exposes control
+     commands that can be used to configure what shared-library to load and
+     to control aspects of the way it is handled. Also, made an update to
+     the README.ENGINE file that brings its information up-to-date and
+     provides some information and instructions on the "dynamic" ENGINE
+     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+     [Geoff Thorpe]
+
+  *) Make it possible to unload ranges of ERR strings with a new
+     "ERR_unload_strings" function.
+     [Geoff Thorpe]
+
+  *) Add a copy() function to EVP_MD.
+     [Ben Laurie]
+
+  *) Make EVP_MD routines take a context pointer instead of just the
+     md_data void pointer.
+     [Ben Laurie]
+
+  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+     that the digest can only process a single chunk of data
+     (typically because it is provided by a piece of
+     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+     is only going to provide a single chunk of data, and hence the
+     framework needn't accumulate the data for oneshot drivers.
+     [Ben Laurie]
+
+  *) As with "ERR", make it possible to replace the underlying "ex_data"
+     functions. This change also alters the storage and management of global
+     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+     index counters. The API functions that use this state have been changed
+     to take a "class_index" rather than pointers to the class's local STACK
+     and counter, and there is now an API function to dynamically create new
+     classes. This centralisation allows us to (a) plug a lot of the
+     thread-safety problems that existed, and (b) makes it possible to clean
+     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+     such data would previously have always leaked in application code and
+     workarounds were in place to make the memory debugging turn a blind eye
+     to it. Application code that doesn't use this new function will still
+     leak as before, but their memory debugging output will announce it now
+     rather than letting it slide.
+
+     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+     has a return value to indicate success or failure.
+     [Geoff Thorpe]
+
+  *) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+
+     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+     [Geoff Thorpe]
+
+  *) Add EVP test program.
+     [Ben Laurie]
+
+  *) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
+  *) Rationalise EVP so it can be extended: don't include a union of
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
+     Usage example:
+
+         EVP_MD_CTX md;
+
+         EVP_MD_CTX_init(&md);             /* new function call */
+         EVP_DigestInit(&md, EVP_sha1());
+         EVP_DigestUpdate(&md, in, len);
+         EVP_DigestFinal(&md, out, NULL);
+         EVP_MD_CTX_cleanup(&md);          /* new function call */
+
+     [Ben Laurie]
+
+  *) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway): E.g.,
+
+         des_key_schedule ks;
+
+	 des_set_key_checked(..., &ks);
+	 des_ncbc_encrypt(..., &ks, ...);
+
+     (Note that a later change renames 'des_...' into 'DES_...'.)
+     [Ben Laurie]
+
+  *) Initial reduction of linker bloat: the use of some functions, such as
+     PEM causes large amounts of unused functions to be linked in due to
+     poor organisation. For example pem_all.c contains every PEM function
+     which has a knock on effect of linking in large amounts of (unused)
+     ASN1 code. Grouping together similar functions and splitting unrelated
+     functions prevents this.
+     [Steve Henson]
+
+  *) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
+  *) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  *) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  *) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>
+      via Richard Levitte]
+
+  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
+  *) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Added the OS2-EMX target.
+     ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Enhance the general user interface with mechanisms for inner control
+     and with possibilities to have yes/no kind of prompts.
+     [Richard Levitte]
+
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
+  *) Add the possibility to control engines through control names but with
+     arbitrary arguments instead of just a string.
+     Change the key loaders to take a UI_METHOD instead of a callback
+     function pointer.  NOTE: this breaks binary compatibility with earlier
+     versions of OpenSSL [engine].
+     Adapt the nCipher code for these new conditions and add a card insertion
+     callback.
+     [Richard Levitte]
+
+  *) Enhance the general user interface with mechanisms to better support
+     dialog box interfaces, application-defined prompts, the possibility
+     to use defaults (for example default passwords from somewhere else)
+     and interrupts/cancellations.
+     [Richard Levitte]
+
+  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
+  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+     tidy up some unnecessarily weird code in 'sk_new()').
+     [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
+
+  *) Change the key loading routines for ENGINEs to use the same kind
+     callback (pem_password_cb) as all other routines that need this
+     kind of callback.
+     [Richard Levitte]
+
+  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+     than this minimum value is recommended.
+     [Lutz Jaenicke]
+
+  *) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  *) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     wont compile. This is used by the any applications that need to
+     declare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is 
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
+  *) Initial CRL based revocation checking. If the CRL checking flag(s)
+     are set then the CRL is looked up in the X509_STORE structure and
+     its validity and signature checked, then if the certificate is found
+     in the CRL the verify fails with a revoked error.
+
+     Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+     Command line options added to 'verify' application to support this.
+
+     This needs some additional work, such as being able to handle multiple
+     CRLs with different times, extension based lookup (rather than just
+     by subject name) and ultimately more complete V2 CRL extension
+     handling.
+     [Steve Henson]
+
+  *) Add a general user interface API (crypto/ui/).  This is designed
+     to replace things like des_read_password and friends (backward
+     compatibility functions using this new API are provided).
+     The purpose is to remove prompting functions from the DES code
+     section as well as provide for prompting through dialog boxes in
+     a window system and the like.
+     [Richard Levitte]
+
+  *) Add "ex_data" support to ENGINE so implementations can add state at a
+     per-structure level rather than having to store it globally.
+     [Geoff]
+
+  *) Make it possible for ENGINE structures to be copied when retrieved by
+     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+     This causes the "original" ENGINE structure to act like a template,
+     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+     operational state can be localised to each ENGINE structure, despite the
+     fact they all share the same "methods". New ENGINE structures returned in
+     this case have no functional references and the return value is the single
+     structural reference. This matches the single structural reference returned
+     by ENGINE_by_id() normally, when it is incremented on the pre-existing
+     ENGINE structure.
+     [Geoff]
+
+  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+     needs to match any other type at all we need to manually clear the
+     tag cache.
+     [Steve Henson]
+
+  *) Changes to the "openssl engine" utility to include;
+     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+       about an ENGINE's available control commands.
+     - executing control commands from command line arguments using the
+       '-pre' and '-post' switches. '-post' is only used if '-t' is
+       specified and the ENGINE is successfully initialised. The syntax for
+       the individual commands are colon-separated, for example;
+	 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+     [Geoff]
+
+  *) New dynamic control command support for ENGINEs. ENGINEs can now
+     declare their own commands (numbers), names (strings), descriptions,
+     and input types for run-time discovery by calling applications. A
+     subset of these commands are implicitly classed as "executable"
+     depending on their input type, and only these can be invoked through
+     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+     can be based on user input, config files, etc). The distinction is
+     that "executable" commands cannot return anything other than a boolean
+     result and can only support numeric or string input, whereas some
+     discoverable commands may only be for direct use through
+     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+     pointers, or other custom uses. The "executable" commands are to
+     support parameterisations of ENGINE behaviour that can be
+     unambiguously defined by ENGINEs and used consistently across any
+     OpenSSL-based application. Commands have been added to all the
+     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+     control over shared-library paths without source code alterations.
+     [Geoff]
+
+  *) Changed all ENGINE implementations to dynamically allocate their
+     ENGINEs rather than declaring them statically. Apart from this being
+     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+     this also allows the implementations to compile without using the
+     internal engine_int.h header.
+     [Geoff]
+
+  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+     'const' value. Any code that should be able to modify a RAND_METHOD
+     should already have non-const pointers to it (ie. they should only
+     modify their own ones).
+     [Geoff]
+
+  *) Made a variety of little tweaks to the ENGINE code.
+     - "atalla" and "ubsec" string definitions were moved from header files
+       to C code. "nuron" string definitions were placed in variables
+       rather than hard-coded - allowing parameterisation of these values
+       later on via ctrl() commands.
+     - Removed unused "#if 0"'d code.
+     - Fixed engine list iteration code so it uses ENGINE_free() to release
+       structural references.
+     - Constified the RAND_METHOD element of ENGINE structures.
+     - Constified various get/set functions as appropriate and added
+       missing functions (including a catch-all ENGINE_cpy that duplicates
+       all ENGINE values onto a new ENGINE except reference counts/state).
+     - Removed NULL parameter checks in get/set functions. Setting a method
+       or function to NULL is a way of cancelling out a previously set
+       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
+       and doesn't justify the extra error symbols and code.
+     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+       flags from engine_int.h to engine.h.
+     - Changed prototypes for ENGINE handler functions (init(), finish(),
+       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+     [Geoff]
+
+  *) Implement binary inversion algorithm for BN_mod_inverse in addition
+     to the algorithm using long division.  The binary algorithm can be
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
+     [Bodo Moeller]
+
+  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+     could not support the combine flag in choice fields.
+     [Steve Henson]
+
+  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+     extensions from a certificate request to the certificate.
+     [Steve Henson]
+
+  *) Allow multiple 'certopt' and 'nameopt' options to be separated
+     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+     file: this allows the display of the certificate about to be
+     signed to be customised, to allow certain fields to be included
+     or excluded and extension details. The old system didn't display
+     multicharacter strings properly, omitted fields not in the policy
+     and couldn't display additional details such as extensions.
+     [Steve Henson]
+
+  *) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
+     EC_POINT_mul is a simple wrapper function for the typical case
+     that the point list has just one item (besides the optional
+     generator).
+     [Bodo Moeller]
+
+  *) First EC_METHODs for curves over GF(p):
+
+     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+     operations and provides various method functions that can also
+     operate with faster implementations of modular arithmetic.     
+
+     EC_GFp_mont_method() reuses most functions that are part of
+     EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+     [Bodo Moeller; point addition and point doubling
+     implementation directly derived from source code provided by
+     Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
+
+  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+     crypto/ec/ec_lib.c):
+
+     Curves are EC_GROUP objects (with an optional group generator)
+     based on EC_METHODs that are built into the library.
+
+     Points are EC_POINT objects based on EC_GROUP objects.
+
+     Most of the framework would be able to handle curves over arbitrary
+     finite fields, but as there are no obvious types for fields other
+     than GF(p), some functions are limited to that for now.
+     [Bodo Moeller]
+
+  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
+     that the file contains a complete HTTP response.
+     [Richard Levitte]
+
+  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+     change the def and num file printf format specifier from "%-40sXXX"
+     to "%-39s XXX". The latter will always guarantee a space after the
+     field while the former will cause them to run together if the field
+     is 40 of more characters long.
+     [Steve Henson]
+
+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
+     [Bodo Moeller]
+
+  *) Modify EVP_Digest*() routines so they now return values. Although the
+     internal software routines can never fail additional hardware versions
+     might.
+     [Steve Henson]
+
+  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+     ASN1 error codes
+          ERR_R_NESTED_ASN1_ERROR
+          ...
+          ERR_R_MISSING_ASN1_EOS
+     were 4 .. 9, conflicting with
+          ERR_LIB_RSA (= ERR_R_RSA_LIB)
+          ...
+          ERR_LIB_PEM (= ERR_R_PEM_LIB).
+     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+     Add new error code 'ERR_R_INTERNAL_ERROR'.
+     [Bodo Moeller]
+
+  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+     suffices.
+     [Bodo Moeller]
+
+  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
+     sets the subject name for a new request or supersedes the
+     subject name in a given request. Formats that can be parsed are
+          'CN=Some Name, OU=myOU, C=IT'
+     and
+          'CN=Some Name/OU=myOU/C=IT'.
+
+     Add options '-batch' and '-verbose' to 'openssl req'.
+     [Massimiliano Pala <madwolf@hackmasters.net>]
+
+  *) Introduce the possibility to access global variables through
+     functions on platform were that's the best way to handle exporting
+     global variables in shared libraries.  To enable this functionality,
+     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+     is normally done by Configure or something similar).
+
+     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+     in the source file (foo.c) like this:
+
+	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+	OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+	OPENSSL_DECLARE_GLOBAL(int,foo);
+	#define foo OPENSSL_GLOBAL_REF(foo)
+	OPENSSL_DECLARE_GLOBAL(double,bar);
+	#define bar OPENSSL_GLOBAL_REF(bar)
+
+     The #defines are very important, and therefore so is including the
+     header file everywhere where the defined globals are used.
+
+     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+     of ASN.1 items, but that structure is a bit different.
+
+     The largest change is in util/mkdef.pl which has been enhanced with
+     better and easier to understand logic to choose which symbols should
+     go into the Windows .def files as well as a number of fixes and code
+     cleanup (among others, algorithm keywords are now sorted
+     lexicographically to avoid constant rewrites).
+     [Richard Levitte]
+
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
+  *) Function OCSP_request_verify(). This checks the signature on an
+     OCSP request and verifies the signer certificate. The signer
+     certificate is just checked for a generic purpose and OCSP request
+     trust settings.
+     [Steve Henson]
+
+  *) Add OCSP_check_validity() function to check the validity of OCSP
+     responses. OCSP responses are prepared in real time and may only
+     be a few seconds old. Simply checking that the current time lies
+     between thisUpdate and nextUpdate max reject otherwise valid responses
+     caused by either OCSP responder or client clock inaccuracy. Instead
+     we allow thisUpdate and nextUpdate to fall within a certain period of
+     the current time. The age of the response can also optionally be
+     checked. Two new options -validity_period and -status_age added to
+     ocsp utility.
+     [Steve Henson]
+
+  *) If signature or public key algorithm is unrecognized print out its
+     OID rather that just UNKNOWN.
+     [Steve Henson]
+
+  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+     ID to be generated from the issuer certificate alone which can then be
+     passed to OCSP_id_issuer_cmp().
+     [Steve Henson]
+
+  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+     ASN1 modules to export functions returning ASN1_ITEM pointers
+     instead of the ASN1_ITEM structures themselves. This adds several
+     new macros which allow the underlying ASN1 function/structure to
+     be accessed transparently. As a result code should not use ASN1_ITEM
+     references directly (such as &X509_it) but instead use the relevant
+     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+     use of the new ASN1 code on platforms where exporting structures
+     is problematical (for example in shared libraries) but exporting
+     functions returning pointers to structures is not.
+     [Steve Henson]
+
+  *) Add support for overriding the generation of SSL/TLS session IDs.
+     These callbacks can be registered either in an SSL_CTX or per SSL.
+     The purpose of this is to allow applications to control, if they wish,
+     the arbitrary values chosen for use as session IDs, particularly as it
+     can be useful for session caching in multiple-server environments. A
+     command-line switch for testing this (and any client code that wishes
+     to use such a feature) has been added to "s_server".
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+     of the form '#if defined(...) || defined(...) || ...' and
+     '#if !defined(...) && !defined(...) && ...'.  This also avoids
+     the growing number of special cases it was previously handling.
+     [Richard Levitte]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the 
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) New function EVP_CIPHER_CTX_set_padding() this is used to
+     disable standard block padding (aka PKCS#5 padding) in the EVP
+     API, which was previously mandatory. This means that the data is
+     not padded in any way and so the total length much be a multiple
+     of the block size, otherwise an error occurs.
+     [Steve Henson]
+
+  *) Initial (incomplete) OCSP SSL support.
+     [Steve Henson]
+
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now 
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
+  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+     the clients preferred ciphersuites and rather use its own preferences.
+     Should help to work around M$ SGC (Server Gated Cryptography) bug in
+     Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+     [Lutz Jaenicke]
+
+  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+     to aes and add a new 'exist' option to print out symbols that don't
+     appear to exist.
+     [Steve Henson]
+
+  *) Additional options to ocsp utility to allow flags to be set and
+     additional certificates supplied.
+     [Steve Henson]
+
+  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+     OCSP client a number of certificate to only verify the response
+     signature against.
+     [Richard Levitte]
+
+  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+     handle the new API. Currently only ECB, CBC modes supported. Add new
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]
+
+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
+  *) Functions for OCSP responders. OCSP_request_onereq_count(),
+     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+     extract information from a certificate request. OCSP_response_create()
+     creates a response and optionally adds a basic response structure.
+     OCSP_basic_add1_status() adds a complete single response to a basic
+     response and returns the OCSP_SINGLERESP structure just added (to allow
+     extensions to be included for example). OCSP_basic_add1_cert() adds a
+     certificate to a basic response and OCSP_basic_sign() signs a basic
+     response with various flags. New helper functions ASN1_TIME_check()
+     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+     (converts ASN1_TIME to GeneralizedTime).
+     [Steve Henson]
+
+  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+     structure from a certificate. X509_pubkey_digest() digests the public_key
+     contents: this is used in various key identifiers. 
+     [Steve Henson]
+
+  *) Make sk_sort() tolerate a NULL argument.
+     [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     response then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+     result in a zero length in the ASN1_INTEGER structure which was
+     not consistent with the structure when d2i_ASN1_INTEGER() was used
+     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+     where it did not print out a minus for negative ASN1_INTEGER.
+     [Steve Henson]
+
+  *) Add summary printout to ocsp utility. The various functions which
+     convert status values to strings have been renamed to:
+     OCSP_response_status_str(), OCSP_cert_status_str() and
+     OCSP_crl_reason_str() and are no longer static. New options
+     to verify nonce values and to disable verification. OCSP response
+     printout format cleaned up.
+     [Steve Henson]
+
+  *) Add additional OCSP certificate checks. These are those specified
+     in RFC2560. This consists of two separate checks: the CA of the
+     certificate being checked must either be the OCSP signer certificate
+     or the issuer of the OCSP signer certificate. In the latter case the
+     OCSP signer certificate must contain the OCSP signing extended key
+     usage. This check is performed by attempting to match the OCSP
+     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+     in the OCSP_CERTID structures of the response.
+     [Steve Henson]
+
+  *) Initial OCSP certificate verification added to OCSP_basic_verify()
+     and related routines. This uses the standard OpenSSL certificate
+     verify routines to perform initial checks (just CA validity) and
+     to obtain the certificate chain. Then additional checks will be
+     performed on the chain. Currently the root CA is checked to see
+     if it is explicitly trusted for OCSP signing. This is used to set
+     a root CA as a global signing root: that is any certificate that
+     chains to that CA is an acceptable OCSP signing certificate.
+     [Steve Henson]
+
+  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+     extensions from a separate configuration file.
+     As when reading extensions from the main configuration file,
+     the '-extensions ...' option may be used for specifying the
+     section to use.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP utility. Allows OCSP requests to be generated or
+     read. The request can be sent to a responder and the output
+     parsed, outputed or printed in text form. Not complete yet:
+     still needs to check the OCSP response validity.
+     [Steve Henson]
+
+  *) New subcommands for 'openssl ca':
+     'openssl ca -status <serial>' prints the status of the cert with
+     the given serial number (according to the index file).
+     'openssl ca -updatedb' updates the expiry status of certificates
+     in the index file.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) New configuration for the GNU Hurd.
+     [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
+
+  *) Initial code to implement OCSP basic response verify. This
+     is currently incomplete. Currently just finds the signer's
+     certificate and verifies the signature on the response.
+     [Steve Henson]
+
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Allowing defining memory allocation callbacks that will be given
+     file name and line number information in additional arguments
+     (a const char* and an int).  The basic functionality remains, as
+     well as the original possibility to just replace malloc(),
+     realloc() and free() by functions that do not know about these
+     additional arguments.  To register and find out the current
+     settings for extended allocation functions, the following
+     functions are provided:
+
+	CRYPTO_set_mem_ex_functions
+	CRYPTO_set_locked_mem_ex_functions
+	CRYPTO_get_mem_ex_functions
+	CRYPTO_get_locked_mem_ex_functions
+
+     These work the same way as CRYPTO_set_mem_functions and friends.
+     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+     extended allocation function is enabled.
+     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+     a conventional allocation function is enabled.
+     [Richard Levitte, Bodo Moeller]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, quering stops
+     when enough entropy was collected without querying more sockets.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices, as specified by DEVRANDOM, until a sufficient amount
+     of data has been collected.   We spend at most 10 ms on each file
+     (select timeout) and read in non-blocking mode.  DEVRANDOM now
+     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+     (previously it was just the string "/dev/urandom"), so on typical
+     platforms the 10 ms delay will never occur.
+     Also separate out the Unix variant to its own file, rand_unix.c.
+     For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     wont normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
+  *) Update OCSP API. Remove obsolete extensions argument from
+     various functions. Extensions are now handled using the new
+     OCSP extension code. New simple OCSP HTTP function which 
+     can be used to send requests and parse the response.
+     [Steve Henson]
+
+  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+     uses the special reorder version of SET OF to sort the attributes
+     and reorder them to match the encoded order. This resolves a long
+     standing problem: a verify on a PKCS7 structure just after signing
+     it used to fail because the attribute order did not match the
+     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+     it uses the received order. This is necessary to tolerate some broken
+     software that does not order SET OF. This is handled by encoding
+     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+     to produce the required SET OF.
+     [Steve Henson]
+
+  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+     files to get correct declarations of the ASN.1 item variables.
+     [Richard Levitte]
+
+  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+     ASN1_ITEM and no wrapper functions.
+     [Steve Henson]
+
+  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+     replace the old function pointer based I/O routines. Change most of
+     the *_d2i_bio() and *_d2i_fp() functions to use these.
+     [Steve Henson]
+
+  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+     lines, recognice more "algorithms" that can be deselected, and make
+     it complain about algorithm deselection that isn't recognised.
+     [Richard Levitte]
+
+  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
+     [Steve Henson]
+
+  *) New extension functions for OCSP structures, these follow the
+     same conventions as certificates and CRLs.
+     [Steve Henson]
+
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certifcates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
+  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+     entries for variables.
+     [Steve Henson]
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
+  *) Reimplement the OCSP ASN1 module using the new code.
+     [Steve Henson]
+
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
+  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
+     [Steve Henson]
+
+  *) Change BN_mod_exp_recp so that negative moduli are tolerated
+     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
+     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+     for negative moduli.
+     [Bodo Moeller]
+
+  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+     of not touching the result's sign bit.
+     [Bodo Moeller]
+
+  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+     set.
+     [Bodo Moeller]
+
+  *) Changed the LHASH code to use prototypes for callbacks, and created
+     macros to declare and implement thin (optionally static) functions
+     that provide type-safety and avoid function pointer casting for the
+     type-specific callbacks.
+     [Geoff Thorpe]
+
+  *) Added Kerberos Cipher Suites to be used with TLS, as written in
+     RFC 2712.
+     [Veers Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
+
+  *) Reformat the FAQ so the different questions and answers can be divided
+     in sections depending on the subject.
+     [Richard Levitte]
+
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (using the probabilistic Tonelli-Shanks algorithm unless
+     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
+     be handled deterministically).
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
+  *) New function BN_kronecker.
+     [Bodo Moeller]
+
+  *) Fix BN_gcd so that it works on negative inputs; the result is
+     positive unless both parameters are zero.
+     Previously something reasonably close to an infinite loop was
+     possible because numbers could be growing instead of shrinking
+     in the implementation of Euclid's algorithm.
+     [Bodo Moeller]
+
+  *) Fix BN_is_word() and BN_is_one() macros to take into account the
+     sign of the number in question.
+
+     Fix BN_is_word(a,w) to work correctly for w == 0.
+
+     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+     because its test if the absolute value of 'a' equals 'w'.
+     Note that BN_abs_is_word does *not* handle w == 0 reliably;
+     it exists mostly for use in the implementations of BN_is_zero(),
+     BN_is_one(), and BN_is_word().
+     [Bodo Moeller]
+
+  *) New function BN_swap.
+     [Bodo Moeller]
+
+  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+     the exponentiation functions are more likely to produce reasonable
+     results on negative inputs.
+     [Bodo Moeller]
+
+  *) Change BN_mod_mul so that the result is always non-negative.
+     Previously, it could be negative if one of the factors was negative;
+     I don't think anyone really wanted that behaviour.
+     [Bodo Moeller]
+
+  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+     and add new functions:
+
+          BN_nnmod
+          BN_mod_sqr
+          BN_mod_add
+          BN_mod_add_quick
+          BN_mod_sub
+          BN_mod_sub_quick
+          BN_mod_lshift1
+          BN_mod_lshift1_quick
+          BN_mod_lshift
+          BN_mod_lshift_quick
+
+     These functions always generate non-negative results.
+
+     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
+     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
+
+     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
+     be reduced modulo  m.
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+
+  *) In 'openssl passwd', verify passwords read from the terminal
+     unless the '-salt' option is used (which usually means that
+     verification would just waste user's time since the resulting
+     hash is going to be compared with some given password hash)
+     or the new '-noverify' option is used.
+
+     This is an incompatible change, but it does not affect
+     non-interactive use of 'openssl passwd' (passwords on the command
+     line, '-stdin' option, '-in ...' option) and thus should not
+     cause any problems.
+     [Bodo Moeller]
+
+  *) Remove all references to RSAref, since there's no more need for it.
+     [Richard Levitte]
+
+  *) Make DSO load along a path given through an environment variable
+     (SHLIB_PATH) with shl_load().
+     [Richard Levitte]
+
+  *) Constify the ENGINE code as a result of BIGNUM constification.
+     Also constify the RSA code and most things related to it.  In a
+     few places, most notable in the depth of the ASN.1 code, ugly
+     casts back to non-const were required (to be solved at a later
+     time)
+     [Richard Levitte]
+
+  *) Make it so the openssl application has all engines loaded by default.
+     [Richard Levitte]
+
+  *) Constify the BIGNUM routines a little more.
+     [Richard Levitte]
+
+  *) Add the following functions:
+
+	ENGINE_load_cswift()
+	ENGINE_load_chil()
+	ENGINE_load_atalla()
+	ENGINE_load_nuron()
+	ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
+  *) 'openssl engine' can now list capabilities.
+     [Richard Levitte]
+
+  *) Better error reporting in 'openssl engine'.
+     [Richard Levitte]
+
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
+  *) Add engine application.  It can currently list engines by name and
+     identity, and test if they are actually available.
+     [Richard Levitte]
+
+  *) Improve RPM specification file by forcing symbolic linking and making
+     sure the installed documentation is also owned by root.root.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) Give the OpenSSL applications more possibilities to make use of
+     keys (public as well as private) handled by engines.
+     [Richard Levitte]
+
+  *) Add OCSP code that comes from CertCo.
+     [Richard Levitte]
+
+  *) Add VMS support for the Rijndael code.
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
+  *) Rework the filename-translation in the DSO code. It is now possible to
+     have far greater control over how a "name" is turned into a filename
+     depending on the operating environment and any oddities about the
+     different shared library filenames on each system.
+     [Geoff Thorpe]
+
+  *) Support threads on FreeBSD-elf in Configure.
+     [Richard Levitte]
+
+  *) Fix for SHA1 assembly problem with MASM: it produces
+     warnings about corrupt line number information when assembling
+     with debugging information. This is caused by the overlapping
+     of two sections.
+     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+  *) NCONF changes.
+     NCONF_get_number() has no error checking at all.  As a replacement,
+     NCONF_get_number_e() is defined (_e for "error checking") and is
+     promoted strongly.  The old NCONF_get_number is kept around for
+     binary backward compatibility.
+     Make it possible for methods to load from something other than a BIO,
+     by providing a function pointer that is given a name instead of a BIO.
+     For example, this could be used to load configuration data from an
+     LDAP server.
+     [Richard Levitte]
+
+  *) Fix for non blocking accept BIOs. Added new I/O special reason
+     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+     with non blocking I/O was not possible because no retry code was
+     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+     this case.
+     [Steve Henson]
+
+  *) Added the beginnings of Rijndael support.
+     [Ben Laurie]
+
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and X509_print_ex() function
+     to allow certificate printing to more controllable, additional
+     'certopt' option to 'x509' to allow new printing options to be
+     set.
+     [Steve Henson]
+
+  *) Clean old EAY MD5 hack from e_os.h.
+     [Richard Levitte]
+
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
+  *) Undo an undocumented change introduced in 0.9.6e which caused
+     repeated calls to OpenSSL_add_all_ciphers() and 
+     OpenSSL_add_all_digests() to be ignored, even after calling
+     EVP_cleanup().
+     [Richard Levitte]
+
+  *) Change the default configuration reader to deal with last line not
+     being properly terminated.
+     [Richard Levitte]
+
+  *) Change X509_NAME_cmp() so it applies the special rules on handling
+     DN values that are of type PrintableString, as well as RDNs of type
+     emailAddress where the value has the type ia5String.
+     [stefank@valicert.com via Richard Levitte]
+
+  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+     the bitwise-OR of the two for use by the majority of applications
+     wanting this behaviour, and update the docs. The documented
+     behaviour and actual behaviour were inconsistent and had been
+     changing anyway, so this is more a bug-fix than a behavioural
+     change.
+     [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
+  *) Fix initialization code race conditions in
+        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
+        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
+        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
+        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
+     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
  Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
 
   *) [In 0.9.6g-engine release:]
@@ -23,6 +1906,12 @@
 
  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
 
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
   *) Fix cipher selection routines: ciphers without encryption had no flags
      for the cipher strength set and where therefore not handled correctly
      by the selection routines (PR #130).
@@ -54,7 +1943,7 @@
   *) Add various sanity checks to asn1_get_length() to reject
      the ASN1 length bytes if they exceed sizeof(long), will appear
      negative or the content length exceeds the length of the
-     supplied buffer.
+     supplied buffer. (CAN-2002-0659)
      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
 
   *) Assertions for various potential buffer overflows, not known to
@@ -159,8 +2048,8 @@
      value is 0.
      [Richard Levitte]
 
-  *) [In 0.9.6c-engine release:]
-     Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+  *) [In 0.9.6d-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
      [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
 
   *) Add the configuration target linux-s390x.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 15cfbaa..df29f78 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -23,10 +23,26 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
+# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
+#		to live in the subdirectory lib/ and the header files in
+#		include/.  A value is required.
+# --with-krb5-lib  Declare where the Kerberos 5 libraries live.  A value is
+#		required.
+#		(Default: KRB5_DIR/lib)
+# --with-krb5-include  Declare where the Kerberos 5 header files live.  A
+#		value is required.
+#		(Default: KRB5_DIR/include)
+# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
+#		supported values are "MIT" and "Heimdal".  A value is required.
+#
 # --test-sanity Make a number of sanity checks on the data in this file.
 #               This is a debugging tool for OpenSSL developers.
 #
-# rsaref        use RSAref
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
@@ -34,6 +50,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
+# no-krb5       do not compile in any KRB5 library or code.
+# [no-]zlib     [don't] compile support for zlib compression.
+# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
+#		library and will be loaded in run-time by the OpenSSL library.
 # 386           generate 80386 code
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@@ -100,7 +120,7 @@ my $alpha_asm="::::::::";
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
-#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
 
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -113,88 +133,96 @@ my %table=(
 #"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
 
 # Our development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
-"dist",		"cc:-O::(unknown):::::",
+"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"dist",		"cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
-"gcc",		"gcc:-O3::(unknown)::BN_LLONG:::",
-"cc",		"cc:-O::(unknown):::::",
+"gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
+"cc",		"cc:-O::(unknown)::::::",
 
-#### Solaris x86 setups
-# -DNO_INLINE_ASM switches off inline assembler. We have to do it
+#### Solaris x86 with GNU C setups
+# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
 # here because whenever GNU C instantiates an assembler template it
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Linux setups
-"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# !!!Folowing can't be even tested yet!!!
-#    We have to wait till 64-bit glibc for SPARC is operational!!!
-#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # Sunos configs, assuming sparc for the gcc one.
-##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
 
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -212,7 +240,7 @@ my %table=(
 # - Keep in mind that the HP compiler by default generates code
 #   suitable for execution on the host you're currently compiling at.
 #   If the toolkit is ment to be used on various PA-RISC processors
-#   consider './config +Dportable'.
+#   consider './config +DAportable'.
 # - +DD64 is chosen in favour of +DA2.0W because it's ment to be
 #   compatible with *future* releases.
 # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
@@ -224,59 +252,70 @@ my %table=(
 #   crypto/sha/sha_lcl.h.
 #					<appro@fy.chalmers.se>
 #
-#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# 64bit PARISC for GCC without optimization, which seems to make problems.
+# Submitted by <ross.alexander@uk.neceur.com>
+"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# IA-64 targets
+# I have no idea if this one actually works, feedback needed. <appro>
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.
 
-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # HPUX 9.X on Motorola 68k platforms with gcc
-"hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",
+"hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::",
 
 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
-#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
-#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::",
+#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.
 
 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 
 #### PARISC Linux setups
-"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 
 # Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
 # from the older DEC C Compiler to the newer compiler.  It's now the
@@ -303,15 +342,15 @@ my %table=(
 #
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
 #
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
+"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
 #
 # This probably belongs in a different section.
 #
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -326,76 +365,82 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
 # assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-pentium",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppro",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-k6",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
 
 # QNX 4
-"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
+"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
 
 # QNX 6
-"qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
+"qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
 
 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # UnixWare 2.0x fails destest with -O
-"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # UnixWare 2.1
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # OpenUNIX 8
-"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
-"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
+"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IBM's AIX.
-"aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
-"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -411,7 +456,7 @@ my %table=(
 #
 # j90 is considered the base machine type for unicos machines,
 # so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -421,96 +466,121 @@ my %table=(
 # for some st_addr stuff, and then sizeof and address-of fails
 # I could not use the ams/alpha.o option because the Cray assembler, 'cam'
 # did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
 
 # DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 
 # SCO 3 - Tim Rice <tim@multitalents.net>
-"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
-"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC",
 
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
-"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
-"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
 
 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 
 # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
 # You need to compile using the c89.sh wrapper in the tools directory, because the
 # IBM compiler does not like the -L switch after any object modules.
 #
-"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 
 # Windows NT, Microsoft Visual C++ 4.0
 
-"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
-"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
-"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
-"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Mingw32
 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
 # and its library files in util/pl/*)
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
 # UWIN 
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
 # Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::",
+"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
 # K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
 
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-i386",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-m68k",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-m88k",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-powerpc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-vax",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
 
 ##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+##### GNU Hurd
+"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+##### OS/2 EMX
+"OS2-EMX", "gcc::::::::",
 
 ##### VxWorks for various targets
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
 
 );
 
-my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
-	BC-16 Mingw32);
+my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS
+	BC-32 BC-16 Mingw32 OS2-EMX);
 
 my $idx = 0;
 my $idx_cc = $idx++;
 my $idx_cflags = $idx++;
 my $idx_unistd = $idx++;
 my $idx_thread_cflag = $idx++;
+my $idx_sys_id = $idx++;
 my $idx_lflags = $idx++;
 my $idx_bn_ops = $idx++;
 my $idx_bn_obj = $idx++;
@@ -528,6 +598,7 @@ my $idx_shared_cflag = $idx++;
 my $idx_shared_ldflag = $idx++;
 my $idx_shared_extension = $idx++;
 my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
 
 my $prefix="";
 my $openssldir="";
@@ -535,6 +606,8 @@ my $exe_ext="";
 my $install_prefix="";
 my $no_threads=0;
 my $no_shared=1;
+my $zlib=0;
+my $no_krb5=0;
 my $threads=0;
 my $no_asm=0;
 my $no_dso=0;
@@ -562,6 +635,14 @@ my $processor="";
 my $default_ranlib;
 my $perl;
 
+my $no_ssl2=0;
+my $no_ssl3=0;
+my $no_tls1=0;
+my $no_md5=0;
+my $no_sha=0;
+my $no_rsa=0;
+my $no_dh=0;
+
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
   or $perl="perl";
@@ -572,11 +653,14 @@ my $flags;
 my $depflags;
 my $openssl_algorithm_defines;
 my $openssl_thread_defines;
+my $openssl_sys_defines="";
 my $openssl_other_defines;
 my $libs;
 my $target;
 my $options;
 my $symlink;
+my $make_depend=0;
+my %withargs=();
 
 my @argvcopy=@ARGV;
 my $argvstring="";
@@ -588,6 +672,7 @@ while($argv_unprocessed)
 	$depflags="";
 	$openssl_algorithm_defines="";
 	$openssl_thread_defines="";
+	$openssl_sys_defines="";
 	$openssl_other_defines="";
 	$libs="";
 	$target="";
@@ -608,36 +693,87 @@ PROCESS_ARGS:
 		elsif (/^no-asm$/)
 		 	{
 			$no_asm=1;
-			$flags .= "-DNO_ASM ";
-			$openssl_other_defines .= "#define NO_ASM\n";
+			$flags .= "-DOPENSSL_NO_ASM ";
+			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
+			}
+		elsif (/^no-hw-(.+)$/)
+			{
+			my $hw=$1;
+			$hw =~ tr/[a-z]/[A-Z]/;
+			$flags .= "-DOPENSSL_NO_HW_$hw ";
+			$openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n";
+			}
+		elsif (/^no-hw$/)
+			{
+			$flags .= "-DOPENSSL_NO_HW ";
+			$openssl_other_defines .= "#define OPENSSL_NO_HW\n";
 			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
+		elsif (/^no-krb5$/)
+			{ $no_krb5=1; }
 		elsif (/^no-threads$/)
 			{ $no_threads=1; }
 		elsif (/^threads$/)
 			{ $threads=1; }
 		elsif (/^no-shared$/)
 			{ $no_shared=1; }
-		elsif (/^shared$/)
+		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
 			{ $no_shared=0; }
+		elsif (/^no-zlib$/)
+			{ $zlib=0; }
+		elsif (/^zlib$/)
+			{ $zlib=1; }
+		elsif (/^zlib-dynamic$/)
+			{ $zlib=2; }
 		elsif (/^no-symlinks$/)
 			{ $symlink=0; }
+		elsif (/^no-ssl$/)
+			{ $no_ssl2 = $no_ssl3 = 1; }
+		elsif (/^no-ssl2$/)
+			{ $no_ssl2 = 1; }
+		elsif (/^no-ssl3$/)
+			{ $no_ssl3 = 1; }
+		elsif (/^no-tls1?$/)
+			{ $no_tls1 = 1; }
 		elsif (/^no-(.+)$/)
 			{
 			my $algo=$1;
 			push @skip,$algo;
 			$algo =~ tr/[a-z]/[A-Z]/;
-			$flags .= "-DNO_$algo ";
-			$depflags .= "-DNO_$algo ";
-			$openssl_algorithm_defines .= "#define NO_$algo\n";
+			$flags .= "-DOPENSSL_NO_$algo ";
+			$depflags .= "-DOPENSSL_NO_$algo ";
+			$openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n";
+			if ($algo eq "RIJNDAEL")
+				{
+				push @skip, "aes";
+				$flags .= "-DOPENSSL_NO_AES ";
+				$depflags .= "-DOPENSSL_NO_AES ";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n";
+				}
 			if ($algo eq "DES")
 				{
 				push @skip, "mdc2";
 				$options .= " no-mdc2";
-				$flags .= "-DNO_MDC2 ";
-				$depflags .= "-DNO_MDC2 ";
-				$openssl_algorithm_defines .= "#define NO_MDC2\n";
+				$flags .= "-DOPENSSL_NO_MDC2 ";
+				$depflags .= "-DOPENSSL_NO_MDC2 ";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
+				}
+			if ($algo eq "MD5")
+				{
+				$no_md5 = 1;
+				}
+			if ($algo eq "SHA")
+				{
+				$no_sha = 1;
+				}
+			if ($algo eq "RSA")
+				{
+				$no_rsa = 1;
+				}
+			if ($algo eq "DH")
+				{
+				$no_dh = 1;
 				}
 			}
 		elsif (/^reconfigure/ || /^reconf/)
@@ -667,9 +803,9 @@ PROCESS_ARGS:
 			{ $processor=386; }
 		elsif (/^rsaref$/)
 			{
-			$libs.= "-lRSAglue -lrsaref ";
-			$flags.= "-DRSAref ";
-			$openssl_other_defines .= "#define RSAref\n";
+			# No RSAref support any more since it's not needed.
+			# The check for the option is there so scripts aren't
+			# broken
 			}
 		elsif (/^[-+]/)
 			{
@@ -693,6 +829,10 @@ PROCESS_ARGS:
 				{
 				$install_prefix=$1;
 				}
+			elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
+				{
+				$withargs{"krb5-".$1}=$2;
+				}
 			else
 				{
 				print STDERR $usage;
@@ -719,6 +859,39 @@ PROCESS_ARGS:
 	}
 }
 
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+
+$no_tls1=1 if ($no_md5 || $no_sha);
+$no_tls1=1 if ($no_dh);
+
+if ($no_ssl2)
+	{
+	push @skip,"SSL2";
+	$flags .= "-DOPENSSL_NO_SSL2 ";
+	$depflags .= "-DOPENSSL_NO_SSL2 ";
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n";
+	}
+
+if ($no_ssl3)
+	{
+	push @skip,"SSL3";
+	$flags .= "-DOPENSSL_NO_SSL3 ";
+	$depflags .= "-DOPENSSL_NO_SSL3 ";
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n";
+	}
+
+if ($no_tls1)
+	{
+	push @skip,"TLS1";
+	$flags .= "-DOPENSSL_NO_TLS1 ";
+	$depflags .= "-DOPENSSL_NO_TLS1 ";
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n";
+	}
+
 if ($target eq "TABLE") {
 	foreach $target (sort keys %table) {
 		print_table_entry($target);
@@ -745,6 +918,7 @@ print "Configuring for $target\n";
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 
 $exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
 
@@ -752,7 +926,7 @@ chop $openssldir if $openssldir =~ /\/$/;
 chop $prefix if $prefix =~ /\/$/;
 
 $openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
 
 
 print "IsWindows=$IsWindows\n";
@@ -762,16 +936,17 @@ my $cc = $fields[$idx_cc];
 my $cflags = $fields[$idx_cflags];
 my $unistd = $fields[$idx_unistd];
 my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
 my $lflags = $fields[$idx_lflags];
 my $bn_ops = $fields[$idx_bn_ops];
 my $bn_obj = $fields[$idx_bn_obj];
 my $des_obj = $fields[$idx_des_obj];
 my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
+$md5_obj = $fields[$idx_md5_obj];
+$sha1_obj = $fields[$idx_sha1_obj];
 my $cast_obj = $fields[$idx_cast_obj];
 my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
+$rmd160_obj = $fields[$idx_rmd160_obj];
 my $rc5_obj = $fields[$idx_rc5_obj];
 my $dso_scheme = $fields[$idx_dso_scheme];
 my $shared_target = $fields[$idx_shared_target];
@@ -779,9 +954,76 @@ my $shared_cflag = $fields[$idx_shared_cflag];
 my $shared_ldflag = $fields[$idx_shared_ldflag];
 my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
+my $arflags = $fields[$idx_arflags];
 
 $cflags="$flags$cflags" if ($flags ne "");
 
+# Kerberos settings.  The flavor must be provided from outside, either through
+# the script "config" or manually.
+if ($no_krb5
+	|| !defined($withargs{"krb5-flavor"})
+	|| $withargs{"krb5-flavor"} eq "")
+	{
+	$cflags="-DOPENSSL_NO_KRB5 $cflags";
+	$options.=" no-krb5" unless $no_krb5;
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n";
+	}
+else
+	{
+	my ($lresolv, $lpath, $lext);
+	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
+		{
+		die "Sorry, Heimdal is currently not supported\n";
+		}
+	##### HACK to force use of Heimdal.
+	##### WARNING: Since we don't really have adequate support for Heimdal,
+	#####          using this will break the build.  You'll have to make
+	#####          changes to the source, and if you do, please send
+	#####          patches to openssl-dev@openssl.org
+	if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
+		{
+		warn "Heimdal isn't really supported.  Your build WILL break\n";
+		warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
+		$withargs{"krb5-dir"} = "/usr/heimdal"
+			if $withargs{"krb5-dir"} eq "";
+		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+			"/lib -lgssapi -lkrb5 -lcom_err"
+			if $withargs{"krb5-lib"} eq "";
+		$cflags="-DKRB5_HEIMDAL $cflags";
+		}
+	if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
+		{
+		$withargs{"krb5-dir"} = "/usr/kerberos"
+			if $withargs{"krb5-dir"} eq "";
+		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+			"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
+			if $withargs{"krb5-lib"} eq "";
+		$cflags="-DKRB5_MIT $cflags";
+		$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
+		if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
+			{
+			$cflags="-DKRB5_MIT_OLD11 $cflags";
+			}
+		}
+	LRESOLV:
+	foreach $lpath ("/lib", "/usr/lib")
+		{
+		foreach $lext ("a", "so")
+			{
+			$lresolv = "$lpath/libresolv.$lext";
+			last LRESOLV	if (-r "$lresolv");
+			$lresolv = "";
+			}
+		}
+	$withargs{"krb5-lib"} .= " -lresolv"
+		if ("$lresolv" ne "");
+	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+		if $withargs{"krb5-include"} eq "" &&
+		   $withargs{"krb5-dir"} ne "";
+
+	$libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne "";
+	}
+
 # The DSO code currently always implements all functions so that no
 # applications will have to worry about that from a compilation point
 # of view. However, the "method"s may return zero unless that platform
@@ -795,18 +1037,14 @@ if (!$no_dso && $dso_scheme ne "")
 	if ($dso_scheme eq "DLFCN")
 		{
 		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
-		$openssl_other_defines .= "#define DSO_DLFCN\n";
-		$openssl_other_defines .= "#define HAVE_DLFCN_H\n";
 		}
 	elsif ($dso_scheme eq "DLFCN_NO_H")
 		{
 		$dso_cflags = "-DDSO_DLFCN";
-		$openssl_other_defines .= "#define DSO_DLFCN\n";
 		}
 	else
 		{
 		$dso_cflags = "-DDSO_$dso_scheme";
-		$openssl_other_defines .= "#define DSO_$dso_scheme\n";
 		}
 	$cflags = "$dso_cflags $cflags";
 	}
@@ -822,13 +1060,13 @@ if ($thread_cflag eq "(unknown)")
 	{
 	# If the user asked for "threads", hopefully they also provided
 	# any system-dependent compiler options that are necessary.
-	$thread_cflags="-DTHREADS $cflags" ;
-	$thread_defines .= "#define THREADS\n";
+	$thread_cflags="-DOPENSSL_THREADS $cflags" ;
+	$thread_defines .= "#define OPENSSL_THREADS\n";
 	}
 else
 	{
-	$thread_cflags="-DTHREADS $thread_cflag $cflags";
-	$thread_defines .= "#define THREADS\n";
+	$thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
+	$thread_defines .= "#define OPENSSL_THREADS\n";
 #	my $def;
 #	foreach $def (split ' ',$thread_cflag)
 #		{
@@ -839,7 +1077,7 @@ else
 #		}
 	}	
 
-$lflags="$libs$lflags"if ($libs ne "");
+$lflags="$libs$lflags" if ($libs ne "");
 
 if ($no_asm)
 	{
@@ -847,28 +1085,42 @@ if ($no_asm)
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	}
 
+if (!$no_shared)
+	{
+	$cast_obj="";	# CAST assembler is not PIC
+	}
+
 if ($threads)
 	{
-		$cflags=$thread_cflags;
-		$openssl_thread_defines .= $thread_defines;
+	$cflags=$thread_cflags;
+	$openssl_thread_defines .= $thread_defines;
+	}
+
+if ($zlib)
+	{
+	$cflags = "-DZLIB $cflags";
+	$cflags = "-DZLIB_SHARED $cflags" if $zlib == 2;
+	$lflags = "$lflags -lz" if $zlib == 1;
 	}
 
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
-if ($shared_target ne "")
+if ($shared_target eq "")
+	{
+	$no_shared = 1;
+	}
+if (!$no_shared)
 	{
 	if ($shared_cflag ne "")
 		{
 		$cflags = "$shared_cflag $cflags";
 		}
-	if (!$no_shared)
-		{
-		#$shared_mark = "\$(SHARED_LIBS)";
-		}
 	}
-else
+
+if ($sys_id ne "")
 	{
-	$no_shared = 1;
+	$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+	$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
 	}
 
 if ($ranlib eq "")
@@ -939,7 +1191,8 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 	}
 
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
 print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
 my $sdirs=0;
 while (<IN>)
@@ -949,7 +1202,7 @@ while (<IN>)
 	if ($sdirs) {
 		my $dir;
 		foreach $dir (@skip) {
-			s/$dir//;
+			s/([ 	])$dir /\1/;
 			}
 		}
 	$sdirs = 0 unless /\\$/;
@@ -968,6 +1221,7 @@ while (<IN>)
 	s/^OPTIONS=.*$/OPTIONS=$options/;
 	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
 	s/^CC=.*$/CC= $cc/;
+	s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
@@ -983,7 +1237,9 @@ while (<IN>)
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^RANLIB=.*/RANLIB= $ranlib/;
+	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
 	s/^PERL=.*/PERL= $perl/;
+	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1010,6 +1266,8 @@ while (<IN>)
 	}
 close(IN);
 close(OUT);
+rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
 
 print "CC            =$cc\n";
 print "CFLAG         =$cflags\n";
@@ -1025,7 +1283,10 @@ print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
+print "ARFLAGS       =$arflags\n";
 print "PERL          =$perl\n";
+print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
+	if $withargs{"krb5-include"} ne "";
 
 my $des_ptr=0;
 my $des_risc1=0;
@@ -1042,6 +1303,7 @@ my $rc4_chunk=0;
 my $bf_ptr=0;
 my @type=("char","short","int","long");
 my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+my $export_var_as_fn=0;
 
 my $des_int;
 
@@ -1071,26 +1333,47 @@ foreach (sort split(/\s+/,$bn_ops))
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+	$export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
 	}
 
 open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
+unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
+open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
 print OUT "/* opensslconf.h */\n";
 print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
 
 print OUT "/* OpenSSL was configured with the following options: */\n";
-$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n#  define $1\n# endif/mg;
+my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
+$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
 $openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
-$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n#  define $1\n# endif/mg;
-$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n#  define $1\n# endif/mg;
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n$openssl_algorithm_defines#endif\n";
-print OUT "#ifdef OPENSSL_THREAD_DEFINES\n$openssl_thread_defines#endif\n";
-print OUT "#ifdef OPENSSL_OTHER_DEFINES\n$openssl_other_defines#endif\n\n";
+$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+print OUT $openssl_sys_defines;
+print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
+print OUT $openssl_algorithm_defines;
+print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n";
+print OUT $openssl_thread_defines;
+print OUT $openssl_other_defines,"\n";
+
+print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
+print OUT "   asks for it.  This is a transient feature that is provided for those\n";
+print OUT "   who haven't had the time to do the appropriate changes in their\n";
+print OUT "   applications.  */\n";
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
+print OUT $openssl_algorithm_defines_trans;
+print OUT "#endif\n\n";
 
 while (<IN>)
 	{
 	if	(/^#define\s+OPENSSLDIR/)
 		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+			if $export_var_as_fn;
+		  printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
+			($export_var_as_fn)?"define":"undef"; }
 	elsif	(/^#define\s+OPENSSL_UNISTD/)
 		{
 		$unistd = "<unistd.h>" if $unistd eq "";
@@ -1149,6 +1432,8 @@ while (<IN>)
 	}
 close(IN);
 close(OUT);
+rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
 
 
 # Fix the date
@@ -1188,11 +1473,13 @@ if($IsWindows) {
 EOF
 	close(OUT);
 } else {
-	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
-		if $symlink;
-	### (system 'make depend') == 0 or exit $? if $depflags ne "";
-	# Run "make depend" manually if you want to be able to delete
-	# the source code files of ciphers you left out.
+	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+	my $make_targets = "";
+	$make_targets .= " links" if $symlink;
+	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+	$make_targets .= " gentests" if $symlink;
+	(system $make_command.$make_targets) == 0 or exit $?
+		if $make_targets ne "";
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1202,7 +1489,16 @@ EOF
 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
-	}	    
+	}
+	if ($depflags ne "" && !$make_depend) {
+		print <<EOF;
+
+Since you've disabled at least one algorithm, you need to do the following
+before building:
+
+	make depend
+EOF
+	}
 }
 
 print <<EOF;
@@ -1289,11 +1585,11 @@ sub print_table_entry
 	{
 	my $target = shift;
 
-	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
-	my $bn_obj,my $des_obj,my $bf_obj,
+	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
+	my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_ldflag,my $shared_extension,my $ranlib)=
+	my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 			
 	print <<EOF
@@ -1303,6 +1599,7 @@ sub print_table_entry
 \$cflags       = $cflags
 \$unistd       = $unistd
 \$thread_cflag = $thread_cflag
+\$sys_id       = $sys_id
 \$lflags       = $lflags
 \$bn_ops       = $bn_ops
 \$bn_obj       = $bn_obj
@@ -1320,6 +1617,7 @@ sub print_table_entry
 \$shared_ldflag = $shared_ldflag
 \$shared_extension = $shared_extension
 \$ranlib       = $ranlib
+\$arflags      = $arflags
 EOF
 	}
 
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index f9cd7d2..9d1b0bb 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -9,6 +9,7 @@ OpenSSL  -  Frequently Asked Questions
 * Where can I get a compiled version of OpenSSL?
 * Why aren't tools like 'autoconf' and 'libtool' used?
 * What is an 'engine' version?
+* How do I check the authenticity of the OpenSSL distribution?
 
 [LEGAL] Legal questions
 
@@ -29,17 +30,22 @@ OpenSSL  -  Frequently Asked Questions
 * Why can't I use OpenSSL certificates with SSL client authentication?
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
 
 [BUILD] Questions about building and testing OpenSSL
 
 * Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 * What is special about OpenSSL on Redhat?
+* Why does the OpenSSL compilation fail on MacOS X?
 * Why does the OpenSSL test suite fail on MacOS X?
+* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
+* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -53,6 +59,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 
 ===============================================================================
 
@@ -61,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6g was released on 9 August 2002.
+OpenSSL 0.9.7 was released on December 31, 2002.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -132,6 +139,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With
 version 0.9.7 (not yet released) the changes were merged into the main
 development line, so that the special release is no longer necessary.
 
+* How do I check the authenticity of the OpenSSL distribution?
+
+We provide MD5 digests and ASC signatures of each tarball.
+Use MD5 to check that a tarball from a mirror site is identical:
+
+   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+
+You can check authenticity using pgp or gpg. You need the OpenSSL team
+member public key used to sign it (download it from a key server). Then
+just do:
+
+   pgp TARBALL.asc
+
 [LEGAL] =======================================================================
 
 * Do I need patent licenses to use OpenSSL?
@@ -222,6 +242,8 @@ support can be found at
   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
 However, be warned that /dev/random is usually a blocking device, which
 may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+  http://www.cosy.sbg.ac.at/~andi/
 
 
 * Why do I get an "unable to write 'random state'" error message?
@@ -348,6 +370,13 @@ DO NOT DO THIS! This command will give away your CAs private key and
 reduces its security to zero: allowing anyone to forge certificates in
 whatever name they choose.
 
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+The ways to print out the oneline format of the DN (Distinguished Name) have
+been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
+interface, the "-nameopt" option could be introduded. See the manual
+page of the "openssl x509" commandline tool for details. The old behaviour
+has however been left as default for the sake of compatibility.
 
 [BUILD] =======================================================================
 
@@ -392,6 +421,17 @@ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
 for download instructions) can be safely used, for example.
 
 
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it.  This gets triggered when you run the
+test suite (using "make test").  The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 
 On some Alpha installations running Tru64 Unix and Compaq C, the compilation
@@ -489,6 +529,18 @@ IDEA:  5,214,703 25/05/2010
 RC5:   5,724,428 03/03/2015
 
 
+* Why does the OpenSSL compilation fail on MacOS X?
+
+If the failure happens when trying to build the "openssl" binary, with
+a large number of undefined symbols, it's very probable that you have
+OpenSSL 0.9.6b delivered with the operating system (you can find out by
+running '/usr/bin/openssl version') and that you were trying to build
+OpenSSL 0.9.7 or newer.  The problem is that the loader ('ld') in
+MacOS X has a misfeature that's quite difficult to go around.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+
 * Why does the OpenSSL test suite fail on MacOS X?
 
 If the failure happens when running 'make test' and the RC4 test fails,
@@ -502,6 +554,34 @@ libraries you just built.
 Look in the file PROBLEMS for a more detailed explanation and for possible
 solutions.
 
+* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
+
+Failure in BN_sqr test is most likely caused by a failure to configure the
+toolkit for current platform or lack of support for the platform in question.
+Run './config -t' and './apps/openssl version -p'. Do these platform
+identifiers match? If they don't, then you most likely failed to run
+./config and you're hereby advised to do so before filing a bug report.
+If ./config itself fails to run, then it's most likely problem with your
+local environment and you should turn to your system administrator (or
+similar). If identifiers match (and/or no alternative identifier is
+suggested by ./config script), then the platform is unsupported. There might
+or might not be a workaround. Most notably on SPARC64 platforms with GNU
+C compiler you should be able to produce a working build by running
+'./config -m32'. I understand that -m32 might not be what you want/need,
+but the build should be operational. For further details turn to
+<openssl-dev@openssl.org>.
+
+* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
+
+As of 0.9.7 assembler routines were overhauled for position independence
+of the machine code, which is essential for shared library support. For
+some reason OpenBSD is equipped with an out-of-date GNU assembler which
+finds the new code offensive. To work around the problem, configure with
+no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.
+For your convenience a pre-compiled replacement binary is provided at
+http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from
+binutils-2.8 released in 1997.
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?
@@ -667,5 +747,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
 SSL_CTX_set_verify() function to enable the use of client certificates.
 
 
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
+versions, uniqueIdentifier was incorrectly used for X.509 certificates.
+The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
+Change your code to use the new name when compiling against OpenSSL 0.9.7.
+
+
 ===============================================================================
 
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index 75a843b..a427f12 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -2,8 +2,10 @@
  INSTALLATION ON THE UNIX PLATFORM
  ---------------------------------
 
- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
-  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+  This document describes installation on operating systems in the Unix
+  family.]
 
  To install OpenSSL, you will need:
 
@@ -53,6 +55,15 @@
                 This will usually require additional system-dependent options!
                 See "Note on multi-threading" below.
 
+  no-zlib       Don't try to build with support for zlib compression and
+                decompression.
+
+  zlib          Build with support for zlib compression/decompression.
+
+  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
+                when needed.  This is only supported on systems where loading
+                of shared libraries is supported.  This is the default choice.
+
   no-shared     Don't try to create shared libraries.
 
   shared        In addition to the usual static libraries, create shared
@@ -129,8 +140,8 @@
      standard headers).  If it is a problem with OpenSSL itself, please
      report the problem to <openssl-bugs@openssl.org> (note that your
      message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/rt2.html and will be forwarded to a public
-     mailing list). Include the output of "make report" in your message.
+     via http://www.openssl.org/support/rt2.html and will be forwarded to a
+     public mailing list). Include the output of "make report" in your message.
      Please check out the request tracker. Maybe the bug was already
      reported or has already been fixed.
 
@@ -151,7 +162,7 @@
      in Makefile.ssl and run "make clean; make". Please send a bug
      report to <openssl-bugs@openssl.org>, including the output of
      "make report" in order to be added to the request tracker at
-     http://www.openssl.org/rt2.html.
+     http://www.openssl.org/support/rt2.html.
 
   4. If everything tests ok, install OpenSSL with
 
@@ -285,3 +296,15 @@
  targets for shared library creation, like linux-shared.  Those targets
  can currently be used on their own just as well, but this is expected
  to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 56e11a1..fa18de1 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -15,6 +15,11 @@ OPTIONS=
 CONFIGURE_ARGS=
 SHLIB_TARGET=
 
+# HERE indicates where this Makefile lives.  This can be used to indicate
+# where sub-Makefiles are expected to be.  Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
 # INSTALL_PREFIX is for package builders so that they can configure
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@@ -24,7 +29,6 @@ INSTALLTOP=/usr/local/ssl
 # Do not edit this manually. Use Configure --openssldir=DIR do change this!
 OPENSSLDIR=/usr/local/ssl
 
-# RSAref  - Define if we are to link with RSAref.
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
 # NO_RC2  - Define to build without the RC2 algorithm
@@ -60,11 +64,13 @@ DEPFLAG=
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
-AR=ar r
+ARFLAGS=
+AR=ar $(ARFLAGS) r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
 TARFLAGS= --no-recursion
+MAKEDEPPROG=makedepend
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -151,20 +157,27 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 
+# KRB5 stuff
+KRB5_INCLUDES=
+
 # When we're prepared to use shared libraries in the programs we link here
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=
 
-DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
+DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl
 
 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
 
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -190,29 +203,24 @@ BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h e_os2.h
+EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
 # When we're prepared to use shared libraries in the programs we link here
 # we might remove 'clean-shared' from the targets to perform at this stage
 
-all: clean-shared Makefile.ssl sub_all
+all: Makefile.ssl sub_all openssl.pc
 
 sub_all:
 	@for i in $(DIRS); \
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
-	done; \
-	if echo "$(DIRS)" | \
-	    egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
-	   [ -n "$(SHARED_LIBS)" ]; then \
-		$(MAKE) $(SHARED_LIBS); \
-	fi
+	done;
 
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -220,6 +228,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
+
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
@@ -237,7 +246,7 @@ clean-shared:
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+			( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 		fi; \
 	done
 
@@ -269,12 +278,7 @@ do_gnu-shared:
 	libs="$$libs -l$$i"; \
 	done
 
-DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
-	collect2=`gcc -print-prog-name=collect2 2>&1` && \
-	[ -n "$$collect2" ] && \
-	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
-	[ -n "$$my_ld" ] && \
-	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
 
 # For Darwin AKA Mac OS/X (dyld)
 do_darwin-shared: 
@@ -289,7 +293,7 @@ do_darwin-shared:
 
 do_cygwin-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -o cyg$$i.dll \
+	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
@@ -352,10 +356,13 @@ do_solaris-shared:
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  MINUSZ='-z '; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+			$$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
@@ -414,26 +421,44 @@ do_irix-shared:
 	fi
 
 # This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+#          by temporarily specifying "+s"!
+#
 do_hpux-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		+vnocompatwarnings \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ 		+vnocompatwarnings \
+		-b -z +s \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
-	libs="$$libs -L. -l$$i"; \
+		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 
 # This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
 do_hpux64-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ 		-b -z \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
-	libs="$$libs -L. -l$$i"; \
+		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 
 # The following method is said to work on all platforms.  Tests will
@@ -479,6 +504,33 @@ do_aix-shared:
 	libs="$$libs -l$$i"; \
 	done
 
+do_reliantunix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+	( set -x; \
+	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+	    cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+	    ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+	  ) || exit 1; \
+	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+	) || exit 1; \
+	rm -rf $$tmpdir ; \
+	libs="$$libs -l$$i"; \
+	done
+
+openssl.pc: Makefile.ssl
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/lib'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
 Makefile.ssl: Makefile.org
 	@echo "Makefile.ssl is older than Makefile.org."
 	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@@ -497,6 +549,7 @@ clean:
 		rm -f $(LIBS); \
 	fi; \
 	done;
+	rm -f openssl.pc
 	rm -f *.a *.o speed.* *.map *.so .pure core
 	rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
@@ -525,10 +578,14 @@ links:
 	@for i in $(DIRS); do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
 	fi; \
 	done;
 
+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
@@ -541,15 +598,25 @@ dclean:
 
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)
 	touch rehash.time
 
 test:   tests
 
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
-	@apps/openssl version -a
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		apps/openssl version -a
 
 report:
 	@$(PERL) util/selftest.pl
@@ -559,7 +626,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
 
@@ -583,6 +650,7 @@ tags:
 
 errors:
 	$(PERL) util/mkerr.pl -recurse -write
+	(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
 
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -593,9 +661,9 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update
 
-crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 
 TABLE: Configure
@@ -610,6 +678,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
 tar:
+	find . -type d -print | xargs chmod 755
+	find . -type f -print | xargs chmod a+r
+	find . -type f -perm -0100 -print | xargs chmod a+x
 	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
 	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
@@ -619,6 +690,14 @@ tar:
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
 
+tar-snap:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+	ls -l ../$(TARFILE)
+
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
@@ -631,6 +710,7 @@ dist_pem_h:
 install: all install_docs
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -652,11 +732,12 @@ install: all install_docs
 	do \
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
-	done
+	done;
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
@@ -664,14 +745,17 @@ install: all install_docs
 			if [ -f "$$i" -o -f "$$i.a" ]; then \
 			(       echo installing $$i; \
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
@@ -680,6 +764,7 @@ install: all install_docs
 			set $(MAKE); \
 			$$1 -f $$here/Makefile link-shared ); \
 	fi
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -687,26 +772,43 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man=`cd util; ./pod2mantest ignore`; \
+	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+	here="`pwd`"; \
+	filecase=; \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+		filecase=-i; \
+	fi; \
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) $$pod2man \
+		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | \
+			grep -v $$filecase "^$$fn\$$" | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+			 done); \
 	done; \
 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) $$pod2man \
+		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | \
+			grep -v $$filecase "^$$fn\$$" | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+			 done); \
 	done
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index 43b5ac3..b262f9d 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -4,19 +4,24 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.6g
+VERSION=0.9.7
 MAJOR=0
-MINOR=9.6
-SHLIB_VERSION_NUMBER=0.9.6
+MINOR=9.7
+SHLIB_VERSION_NUMBER=0.9.7
 SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=0
-SHLIB_MINOR=9.6
+SHLIB_MINOR=9.7
 SHLIB_EXT=
 PLATFORM=dist
-OPTIONS=
+OPTIONS= no-krb5
 CONFIGURE_ARGS=dist
 SHLIB_TARGET=
 
+# HERE indicates where this Makefile lives.  This can be used to indicate
+# where sub-Makefiles are expected to be.  Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
 # INSTALL_PREFIX is for package builders so that they can configure
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@@ -26,7 +31,6 @@ INSTALLTOP=/usr/local/ssl
 # Do not edit this manually. Use Configure --openssldir=DIR do change this!
 OPENSSLDIR=/usr/local/ssl
 
-# RSAref  - Define if we are to link with RSAref.
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
 # NO_RC2  - Define to build without the RC2 algorithm
@@ -57,16 +61,18 @@ OPENSSLDIR=/usr/local/ssl
 
 CC= cc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -O
+CFLAG= -DOPENSSL_NO_KRB5 -O
 DEPFLAG= 
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
-AR=ar r
+ARFLAGS= 
+AR=ar $(ARFLAGS) r
 RANLIB= /usr/bin/ranlib
 PERL= /usr/local/bin/perl
 TAR= tar
 TARFLAGS= --no-recursion
+MAKEDEPPROG=makedepend
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -153,20 +159,27 @@ RMD160_ASM_OBJ=
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 
+# KRB5 stuff
+KRB5_INCLUDES=
+
 # When we're prepared to use shared libraries in the programs we link here
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=
 
-DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
+DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl
 
 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
 
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -192,29 +205,24 @@ BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h e_os2.h
+EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
 # When we're prepared to use shared libraries in the programs we link here
 # we might remove 'clean-shared' from the targets to perform at this stage
 
-all: clean-shared Makefile.ssl sub_all
+all: Makefile.ssl sub_all openssl.pc
 
 sub_all:
 	@for i in $(DIRS); \
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
-	done; \
-	if echo "$(DIRS)" | \
-	    egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
-	   [ -n "$(SHARED_LIBS)" ]; then \
-		$(MAKE) $(SHARED_LIBS); \
-	fi
+	done;
 
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -222,6 +230,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
+
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
@@ -239,7 +248,7 @@ clean-shared:
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+			( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 		fi; \
 	done
 
@@ -271,12 +280,7 @@ do_gnu-shared:
 	libs="$$libs -l$$i"; \
 	done
 
-DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
-	collect2=`gcc -print-prog-name=collect2 2>&1` && \
-	[ -n "$$collect2" ] && \
-	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
-	[ -n "$$my_ld" ] && \
-	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
 
 # For Darwin AKA Mac OS/X (dyld)
 do_darwin-shared: 
@@ -291,7 +295,7 @@ do_darwin-shared:
 
 do_cygwin-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -o cyg$$i.dll \
+	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
@@ -354,10 +358,13 @@ do_solaris-shared:
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  MINUSZ='-z '; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+			$$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
@@ -416,26 +423,44 @@ do_irix-shared:
 	fi
 
 # This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+#          by temporarily specifying "+s"!
+#
 do_hpux-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		+vnocompatwarnings \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ 		+vnocompatwarnings \
+		-b -z +s \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
-	libs="$$libs -L. -l$$i"; \
+		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 
 # This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
 do_hpux64-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ 		-b -z \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
-	libs="$$libs -L. -l$$i"; \
+		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 
 # The following method is said to work on all platforms.  Tests will
@@ -481,6 +506,33 @@ do_aix-shared:
 	libs="$$libs -l$$i"; \
 	done
 
+do_reliantunix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+	( set -x; \
+	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+	    cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+	    ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+	  ) || exit 1; \
+	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+	) || exit 1; \
+	rm -rf $$tmpdir ; \
+	libs="$$libs -l$$i"; \
+	done
+
+openssl.pc: Makefile.ssl
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/lib'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
 Makefile.ssl: Makefile.org
 	@echo "Makefile.ssl is older than Makefile.org."
 	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@@ -499,6 +551,7 @@ clean:
 		rm -f $(LIBS); \
 	fi; \
 	done;
+	rm -f openssl.pc
 	rm -f *.a *.o speed.* *.map *.so .pure core
 	rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
@@ -527,10 +580,14 @@ links:
 	@for i in $(DIRS); do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
 	fi; \
 	done;
 
+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
@@ -543,15 +600,25 @@ dclean:
 
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)
 	touch rehash.time
 
 test:   tests
 
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
-	@apps/openssl version -a
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		apps/openssl version -a
 
 report:
 	@$(PERL) util/selftest.pl
@@ -561,7 +628,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
 
@@ -585,6 +652,7 @@ tags:
 
 errors:
 	$(PERL) util/mkerr.pl -recurse -write
+	(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
 
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -595,9 +663,9 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update
 
-crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 
 TABLE: Configure
@@ -612,6 +680,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
 tar:
+	find . -type d -print | xargs chmod 755
+	find . -type f -print | xargs chmod a+r
+	find . -type f -perm -0100 -print | xargs chmod a+x
 	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
 	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
@@ -621,6 +692,14 @@ tar:
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
 
+tar-snap:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+	ls -l ../$(TARFILE)
+
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
@@ -633,6 +712,7 @@ dist_pem_h:
 install: all install_docs
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -654,11 +734,12 @@ install: all install_docs
 	do \
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
-	done
+	done;
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
@@ -666,14 +747,17 @@ install: all install_docs
 			if [ -f "$$i" -o -f "$$i.a" ]; then \
 			(       echo installing $$i; \
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
@@ -682,6 +766,7 @@ install: all install_docs
 			set $(MAKE); \
 			$$1 -f $$here/Makefile link-shared ); \
 	fi
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -689,26 +774,43 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man=`cd util; ./pod2mantest ignore`; \
+	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+	here="`pwd`"; \
+	filecase=; \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+		filecase=-i; \
+	fi; \
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) $$pod2man \
+		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | \
+			grep -v $$filecase "^$$fn\$$" | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+			 done); \
 	done; \
 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) $$pod2man \
+		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | \
+			grep -v $$filecase "^$$fn\$$" | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+			 done); \
 	done
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 577db09..28f42ce 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,66 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64, Linux 64-bit on Sparc v9
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Now only builds PIC code when shared library support is requested.
+      o Support for pkg-config.
+      o Lots of new manuals.
+      o Makes symbolic links to or copies of manuals to cover all described
+        functions.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o A few new engines added in the demos area.
+      o Extended and corrected OID (object identifier) table.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+	Only supports MIT Kerberos for now.
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
   Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
 
       o Important building fixes on Unix.
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
index 7e6af8a..4bf3130 100644
--- a/crypto/openssl/PROBLEMS
+++ b/crypto/openssl/PROBLEMS
@@ -1,5 +1,11 @@
 * System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-[NOTE: This is currently undergoing tests, and may be removed soon]
+
+
+    NOTE: The problem described here only applies when OpenSSL isn't built
+    with shared library support (i.e. without the "shared" configuration
+    option).  If you build with shared library support, you will have no
+    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
+
 
 This is really a misfeature in ld, which seems to look for .dylib libraries
 along the whole library path before it bothers looking for .a libraries.  This
@@ -40,3 +46,27 @@ scripts use the same name for output and input files, which means different
 will interfere with each other and lead to test failure.
 
 The solution is simple for now: don't run parallell make when testing.
+
+
+* Bugs in gcc 3.0 triggered
+
+According to a problem report, there are bugs in gcc 3.0 that are
+triggered by some of the code in OpenSSL, more specifically in
+PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+
+	header+=11;
+	if (*header != '4') return(0); header++;
+	if (*header != ',') return(0); header++;
+
+What happens is that gcc might optimize a little too agressively, and
+you end up with an extra incrementation when *header != '4'.
+
+We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
+
+As subject suggests SHA-1 might perform poorly (4 times slower)
+if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
+this seems to be the fact that compiler emits multiplication to
+perform shift operations:-( To work the problem around configure
+with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index da90153..b74af83 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.6g 9 August 2002
+ OpenSSL 0.9.7 31 Dec 2002
 
  Copyright (c) 1998-2002 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -154,7 +154,7 @@
     - Stack Traceback (if the application dumps core)
 
  Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:
 
     openssl-bugs@openssl.org
 
diff --git a/crypto/openssl/README.ASN1 b/crypto/openssl/README.ASN1
new file mode 100644
index 0000000..11bcfaf
--- /dev/null
+++ b/crypto/openssl/README.ASN1
@@ -0,0 +1,187 @@
+
+OpenSSL ASN1 Revision
+=====================
+
+This document describes some of the issues relating to the new ASN1 code.
+
+Previous OpenSSL ASN1 problems
+=============================
+
+OK why did the OpenSSL ASN1 code need revising in the first place? Well
+there are lots of reasons some of which are included below...
+
+1. The code is difficult to read and write. For every single ASN1 structure
+(e.g. SEQUENCE) four functions need to be written for new, free, encode and
+decode operations. This is a very painful and error prone operation. Very few
+people have ever written any OpenSSL ASN1 and those that have usually wish
+they hadn't.
+
+2. Partly because of 1. the code is bloated and takes up a disproportionate
+amount of space. The SEQUENCE encoder is particularly bad: it essentially
+contains two copies of the same operation, one to compute the SEQUENCE length
+and the other to encode it.
+
+3. The code is memory based: that is it expects to be able to read the whole
+structure from memory. This is fine for small structures but if you have a
+(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
+
+4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
+changing the tag to the expected one, attempting to read it, then changing it
+back again. This means that decode buffers have to be writable even though they
+are ultimately unchanged. This gets in the way of constification.
+
+5. The handling of EXPLICIT isn't much better. It adds a chunk of code into 
+the decoder and encoder for every EXPLICIT tag.
+
+6. APPLICATION and PRIVATE tags aren't even supported at all.
+
+7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
+types that are not OPTIONAL.
+
+8. Much of the code assumes that a tag will fit in a single octet. This is
+only true if the tag is 30 or less (mercifully tags over 30 are rare).
+
+9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
+macros that properly support it.
+
+10. Encoders have no concept of OPTIONAL and have no error checking. If the
+passed structure contains a NULL in a mandatory field it will not be encoded,
+resulting in an invalid structure.
+
+11. It is tricky to add ASN1 encoders and decoders to external applications.
+
+Template model
+==============
+
+One of the major problems with revision is the sheer volume of the ASN1 code.
+Attempts to change (for example) the IMPLICIT behaviour would result in a
+modification of *every* single decode function. 
+
+I decided to adopt a template based approach. I'm using the term 'template'
+in a manner similar to SNACC templates: it has nothing to do with C++
+templates.
+
+A template is a description of an ASN1 module as several constant C structures.
+It describes in a machine readable way exactly how the ASN1 structure should
+behave. If this template contains enough detail then it is possible to write
+versions of new, free, encode, decode (and possibly others operations) that
+operate on templates.
+
+Instead of having to write code to handle each operation only a single
+template needs to be written. If new operations are needed (such as a 'print'
+operation) only a single new template based function needs to be written 
+which will then automatically handle all existing templates.
+
+Plans for revision
+==================
+
+The revision will consist of the following steps. Other than the first two
+these can be handled in any order.
+ 
+o Design and write template new, free, encode and decode operations, initially
+memory based. *DONE*
+
+o Convert existing ASN1 code to template form. *IN PROGRESS*
+
+o Convert an existing ASN1 compiler (probably SNACC) to output templates
+in OpenSSL form.
+
+o Add support for BIO based ASN1 encoders and decoders to handle large
+structures, initially blocking I/O.
+
+o Add support for non blocking I/O: this is quite a bit harder than blocking
+I/O.
+
+o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
+certificates etc etc.
+
+Description of major changes
+============================
+
+The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
+absent. The meaning of absent depends on the context. If for example the
+boolean type is DEFAULT FALSE (as in the case of the critical flag for
+certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
+Usually the value will only ever be read via an API which will hide this from
+an application.
+
+There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
+SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
+old code would omit the structure if the STACK was NULL (which is fine) or if
+it had zero elements (which is NOT OK). This causes problems because an empty
+SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
+it is encoded it will be omitted resulting in different encodings. The new code
+only omits the encoding if the STACK is NULL, if it contains zero elements it
+is encoded and empty. There is an additional problem though: because an empty
+STACK was omitted, sometimes the corresponding *_new() function would
+initialize the STACK to empty so an application could immediately use it, if
+this is done with the new code (i.e. a NULL) it wont work. Therefore a new
+STACK should be allocated first. One instance of this is the X509_CRL list of
+revoked certificates: a helper function X509_CRL_add0_revoked() has been added
+for this purpose.
+
+The X509_ATTRIBUTE structure used to have an element called 'set' which took
+the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
+to the behaviour of CHOICE in the new code this has been changed to a field
+called 'single' which is 0 for a SET OF and 1 for single. The old field has
+been deleted to deliberately break source compatibility. Since this structure
+is normally accessed via higher level functions this shouldn't break too much.
+
+The X509_REQ_INFO certificate request info structure no longer has a field
+called 'req_kludge'. This used to be set to 1 if the attributes field was
+(incorrectly) omitted. You can check to see if the field is omitted now by
+checking if the attributes field is NULL. Similarly if you need to omit
+the field then free attributes and set it to NULL.
+
+The top level 'detached' field in the PKCS7 structure is no longer set when
+a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
+The behaviour of PKCS7_get_detached() is unaffected.
+
+The values of 'type' in the GENERAL_NAME structure have changed. This is
+because the old code use the ASN1 initial octet as the selector. The new
+code uses the index in the ASN1_CHOICE template.
+
+The DIST_POINT_NAME structure has changed to be a true CHOICE type.
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+	STACK_OF(GENERAL_NAME) *fullname;
+	STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+This means that name.fullname or name.relativename should be set
+and type reflects the option. That is if name.fullname is set then
+type is 0 and if name.relativename is set type is 1.
+
+With the old code using the i2d functions would typically involve:
+
+unsigned char *buf, *p;
+int len;
+/* Find length of encoding */
+len = i2d_SOMETHING(x, NULL);
+/* Allocate buffer */
+buf = OPENSSL_malloc(len);
+if(buf == NULL) {
+	/* Malloc error */
+}
+/* Use temp variable because &p gets updated to point to end of
+ * encoding.
+ */
+p = buf;
+i2d_SOMETHING(x, &p);
+
+
+Using the new i2d you can also do:
+
+unsigned char *buf = NULL;
+int len;
+len = i2d_SOMETHING(x, &buf);
+if(len < 0) {
+	/* Malloc error */
+}
+
+and it will automatically allocate and populate a buffer with the
+encoding. After this call 'buf' will point to the start of the
+encoding which is len bytes long.
diff --git a/crypto/openssl/README.ENGINE b/crypto/openssl/README.ENGINE
index 43e39d5..0ff8333 100644
--- a/crypto/openssl/README.ENGINE
+++ b/crypto/openssl/README.ENGINE
@@ -1,63 +1,289 @@
-
   ENGINE
   ======
 
-  With OpenSSL 0.9.6, a new component has been added to support external 
-  crypto devices, for example accelerator cards.  The component is called
-  ENGINE, and has still a pretty experimental status and almost no
-  documentation.  It's designed to be fairly easily extensible by the
-  calling programs.
+  With OpenSSL 0.9.6, a new component was added to support alternative
+  cryptography implementations, most commonly for interfacing with external
+  crypto devices (eg. accelerator cards). This component is called ENGINE,
+  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+  caused a little confusion as 0.9.6** releases were rolled in two
+  versions, a "standard" and an "engine" version. In development for 0.9.7,
+  the ENGINE code has been merged into the main branch and will be present
+  in the standard releases from 0.9.7 forwards.
 
-  There's currently built-in support for the following crypto devices:
+  There are currently built-in ENGINE implementations for the following
+  crypto devices:
 
       o CryptoSwift
       o Compaq Atalla
       o nCipher CHIL
+      o Nuron
+      o Broadcom uBSec
+
+  In addition, dynamic binding to external ENGINE implementations is now
+  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+  section below for details.
+
+  At this stage, a number of things are still needed and are being worked on:
+
+      1 Integration of EVP support.
+      2 Configuration support.
+      3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+  the ENGINE model so that alternative implementations of existing
+  algorithms/modes (or previously unimplemented ones) can be provided by
+  ENGINE implementations.
 
-  A number of things are still needed and are being worked on:
+2 Configuration support currently exists in the ENGINE API itself, in the
+  form of "control commands". These allow an application to expose to the
+  user/admin the set of commands and parameter types a given ENGINE
+  implementation supports, and for an application to directly feed string
+  based input to those ENGINEs, in the form of name-value pairs. This is an
+  extensible way for ENGINEs to define their own "configuration" mechanisms
+  that are specific to a given ENGINE (eg. for a particular hardware
+  device) but that should be consistent across *all* OpenSSL-based
+  applications when they use that ENGINE. Work is in progress (or at least
+  in planning) for supporting these control commands from the CONF (or
+  NCONF) code so that applications using OpenSSL's existing configuration
+  file format can have ENGINE settings specified in much the same way.
+  Presently however, applications must use the ENGINE API itself to provide
+  such functionality. To see first hand the types of commands available
+  with the various compiled-in ENGINEs (see further down for dynamic
+  ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+       openssl engine -vvvv
 
-      o An openssl utility command to handle or at least check available
-        engines.
-      o A better way of handling the methods that are handled by the
-        engines.
-      o Documentation!
+3 Documentation? Volunteers welcome! The source code is reasonably well
+  self-documenting, but some summaries and usage instructions are needed -
+  moreover, they are needed in the same POD format the existing OpenSSL
+  documentation is provided in. Any complete or incomplete contributions
+  would help make this happen.
+
+  STABILITY & BUG-REPORTS
+  =======================
 
   What already exists is fairly stable as far as it has been tested, but
-  the test base has been a bit small most of the time.
+  the test base has been a bit small most of the time. For the most part,
+  the vendors of the devices these ENGINEs support have contributed to the
+  development and/or testing of the implementations, and *usually* (with no
+  guarantees) have experience in using the ENGINE support to drive their
+  devices from common OpenSSL-based applications. Bugs and/or inexplicable
+  behaviour in using a specific ENGINE implementation should be sent to the
+  author of that implementation (if it is mentioned in the corresponding C
+  file), and in the case of implementations for commercial hardware
+  devices, also through whatever vendor support channels are available.  If
+  none of this is possible, or the problem seems to be something about the
+  ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+  implementation) then you should mail complete details to the relevant
+  OpenSSL mailing list. For a definition of "complete details", refer to
+  the OpenSSL "README" file. As for which list to send it to;
 
-  Because of this experimental status and what's lacking, the ENGINE
-  component is not yet part of the default OpenSSL distribution.  However,
-  we have made a separate kit for those who want to try this out, to be
-  found in the same places as the default OpenSSL distribution, but with
-  "-engine-" being part of the kit file name.  For example, version 0.9.6
-  is distributed in the following two files:
+     openssl-users: if you are *using* the ENGINE abstraction, either in an
+          pre-compiled application or in your own application code.
 
-      openssl-0.9.6.tar.gz
-      openssl-engine-0.9.6.tar.gz
+     openssl-dev: if you are discussing problems with OpenSSL source code.
 
-  NOTES
+  USAGE
   =====
 
-  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
-  not need to download both.
+  The default "openssl" ENGINE is always chosen when performing crypto
+  operations unless you specify otherwise. You must actively tell the
+  openssl utility commands to use anything else through a new command line
+  switch called "-engine". Also, if you want to use the ENGINE support in
+  your own code to do something similar, you must likewise explicitly
+  select the ENGINE implementation you want.
+
+  Depending on the type of hardware, system, and configuration, "settings"
+  may need to be applied to an ENGINE for it to function as expected/hoped.
+  The recommended way of doing this is for the application to support
+  ENGINE "control commands" so that each ENGINE implementation can provide
+  whatever configuration primitives it might require and the application
+  can allow the user/admin (and thus the hardware vendor's support desk
+  also) to provide any such input directly to the ENGINE implementation.
+  This way, applications do not need to know anything specific to any
+  device, they only need to provide the means to carry such user/admin
+  input through to the ENGINE in question. Ie. this connects *you* (and
+  your helpdesk) to the specific ENGINE implementation (and device), and
+  allows application authors to not get buried in hassle supporting
+  arbitrary devices they know (and care) nothing about.
+
+  A new "openssl" utility, "openssl engine", has been added in that allows
+  for testing and examination of ENGINE implementations. Basic usage
+  instructions are available by specifying the "-?" command line switch.
+
+  DYNAMIC ENGINES
+  ===============
+
+  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+  implementations that aren't pre-compiled and linked into OpenSSL-based
+  applications. This could be because existing compiled-in implementations
+  have known problems and you wish to use a newer version with an existing
+  application. It could equally be because the application (or OpenSSL
+  library) you are using simply doesn't have support for the ENGINE you
+  wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+  you with a self-contained implementation in the form of a shared-library.
+  The other use-case for "dynamic" is with applications that wish to
+  maintain the smallest foot-print possible and so do not link in various
+  ENGINE implementations from OpenSSL, but instead leaves you to provide
+  them, if you want them, in the form of "dynamic"-loadable
+  shared-libraries. It should be possible for hardware vendors to provide
+  their own shared-libraries to support arbitrary hardware to work with
+  applications based on OpenSSL 0.9.7 or later. If you're using an
+  application based on 0.9.7 (or later) and the support you desire is only
+  announced for versions later than the one you need, ask the vendor to
+  backport their ENGINE to the version you need.
+
+  How does "dynamic" work?
+  ------------------------
+    The dynamic ENGINE has a special flag in its implementation such that
+    every time application code asks for the 'dynamic' ENGINE, it in fact
+    gets its own copy of it. As such, multi-threaded code (or code that
+    multiplexes multiple uses of 'dynamic' in a single application in any
+    way at all) does not get confused by 'dynamic' being used to do many
+    independent things. Other ENGINEs typically don't do this so there is
+    only ever 1 ENGINE structure of its type (and reference counts are used
+    to keep order). The dynamic ENGINE itself provides absolutely no
+    cryptographic functionality, and any attempt to "initialise" the ENGINE
+    automatically fails. All it does provide are a few "control commands"
+    that can be used to control how it will load an external ENGINE
+    implementation from a shared-library. To see these control commands,
+    use the command-line;
+
+       openssl engine -vvvv dynamic
+
+    The "SO_PATH" control command should be used to identify the
+    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+    might possibly be useful if there is a minor version conflict and you
+    (or a vendor helpdesk) is convinced you can safely ignore it.
+    "ID" is probably only needed if a shared-library implements
+    multiple ENGINEs, but if you know the engine id you expect to be using,
+    it doesn't hurt to specify it (and this provides a sanity check if
+    nothing else). "LIST_ADD" is only required if you actually wish the
+    loaded ENGINE to be discoverable by application code later on using the
+    ENGINE's "id". For most applications, this isn't necessary - but some
+    application authors may have nifty reasons for using it. The "LOAD"
+    command is the only one that takes no parameters and is the command
+    that uses the settings from any previous commands to actually *load*
+    the shared-library ENGINE implementation. If this command succeeds, the
+    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+    that has been loaded from the shared-library. As such, any control
+    commands supported by the loaded ENGINE could then be executed as per
+    normal. Eg. if ENGINE "foo" is implemented in the shared-library
+    "libfoo.so" and it supports some special control command "CMD_FOO", the
+    following code would load and use it (NB: obviously this code has no
+    error checking);
+
+       ENGINE *e = ENGINE_by_id("dynamic");
+       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
+       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+    For testing, the "openssl engine" utility can be useful for this sort
+    of thing. For example the above code excerpt would achieve much the
+    same result as;
+
+       openssl engine dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD \
+                 -pre "CMD_FOO:some input data"
+
+    Or to simply see the list of commands supported by the "foo" ENGINE;
+
+       openssl engine -vvvv dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD
+
+    Applications that support the ENGINE API and more specifically, the
+    "control commands" mechanism, will provide some way for you to pass
+    such commands through to ENGINEs. As such, you would select "dynamic"
+    as the ENGINE to use, and the parameters/commands you pass would
+    control the *actual* ENGINE used. Each command is actually a name-value
+    pair and the value can sometimes be omitted (eg. the "LOAD" command).
+    Whilst the syntax demonstrated in "openssl engine" uses a colon to
+    separate the command name from the value, applications may provide
+    their own syntax for making that separation (eg. a win32 registry
+    key-value pair may be used by some applications). The reason for the
+    "-pre" syntax in the "openssl engine" utility is that some commands
+    might be issued to an ENGINE *after* it has been initialised for use.
+    Eg. if an ENGINE implementation requires a smart-card to be inserted
+    during initialisation (or a PIN to be typed, or whatever), there may be
+    a control command you can issue afterwards to "forget" the smart-card
+    so that additional initialisation is no longer possible. In
+    applications such as web-servers, where potentially volatile code may
+    run on the same host system, this may provide some arguable security
+    value. In such a case, the command would be passed to the ENGINE after
+    it has been initialised for use, and so the "-post" switch would be
+    used instead. Applications may provide a different syntax for
+    supporting this distinction, and some may simply not provide it at all
+    ("-pre" is almost always what you're after, in reality).
 
-  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
-  crypto device.  The internal OpenSSL functions are contained in the
-  engine "openssl", and will be used by default.
+  How do I build a "dynamic" ENGINE?
+  ----------------------------------
+    This question is trickier - currently OpenSSL bundles various ENGINE
+    implementations that are statically built in, and any application that
+    calls the "ENGINE_load_builtin_engines()" function will automatically
+    have all such ENGINEs available (and occupying memory). Applications
+    that don't call that function have no ENGINEs available like that and
+    would have to use "dynamic" to load any such ENGINE - but on the other
+    hand such applications would only have the memory footprint of any
+    ENGINEs explicitly loaded using user/admin provided control commands.
+    The main advantage of not statically linking ENGINEs and only using
+    "dynamic" for hardware support is that any installation using no
+    "external" ENGINE suffers no unnecessary memory footprint from unused
+    ENGINEs. Likewise, installations that do require an ENGINE incur the
+    overheads from only *that* ENGINE once it has been loaded.
 
-  No external crypto device is chosen unless you say so.  You have actively
-  tell the openssl utility commands to use it through a new command line
-  switch called "-engine".  And if you want to use the ENGINE library to
-  do something similar, you must also explicitly choose an external crypto
-  device, or the built-in crypto routines will be used, just as in the
-  default OpenSSL distribution.
+    Sounds good? Maybe, but currently building an ENGINE implementation as
+    a shared-library that can be loaded by "dynamic" isn't automated in
+    OpenSSL's build process. It can be done manually quite easily however.
+    Such a shared-library can either be built with any OpenSSL code it
+    needs statically linked in, or it can link dynamically against OpenSSL
+    if OpenSSL itself is built as a shared library. The instructions are
+    the same in each case, but in the former (statically linked any
+    dependencies on OpenSSL) you must ensure OpenSSL is built with
+    position-independent code ("PIC"). The default OpenSSL compilation may
+    already specify the relevant flags to do this, but you should consult
+    with your compiler documentation if you are in any doubt.
 
+    This example will show building the "atalla" ENGINE in the
+    crypto/engine/ directory as a shared-library for use via the "dynamic"
+    ENGINE.
+    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+       source tree.
+    2) Recompile at least one source file so you can see all the compiler
+       flags (and syntax) being used to build normally. Eg;
+           touch hw_atalla.c ; make
+       will rebuild "hw_atalla.o" using all such flags.
+    3) Manually enter the same compilation line to compile the
+       "hw_atalla.c" file but with the following two changes;
+         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+	 (b) change the output file from "hw_atalla.o" to something new,
+             eg. "tmp_atalla.o"
+    4) Link "tmp_atalla.o" into a shared-library using the top-level
+       OpenSSL libraries to resolve any dependencies. The syntax for doing
+       this depends heavily on your system/compiler and is a nightmare
+       known well to anyone who has worked with shared-library portability
+       before. 'gcc' on Linux, for example, would use the following syntax;
+          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+    5) Test your shared library using "openssl engine" as explained in the
+       previous section. Eg. from the top-level directory, you might try;
+          apps/openssl engine -vvvv dynamic \
+              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+       If the shared-library loads successfully, you will see both "-pre"
+       commands marked as "SUCCESS" and the list of control commands
+       displayed (because of "-vvvv") will be the control commands for the
+       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+       the "-t" switch to the utility if you want it to try and initialise
+       the atalla ENGINE for use to test any possible hardware/driver
+       issues.
 
   PROBLEMS
   ========
 
-  It seems like the ENGINE part doesn't work too well with CryptoSwift on
-  Win32.  A quick test done right before the release showed that trying
-  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
-  an attempt is made to write at memory address 0x00000002.
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+  A quick test done right before the release showed that trying "openssl speed
+  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+  to write at memory address 0x00000002.
 
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index f1ac7e7..8b2ce7e 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -5,7 +5,7 @@
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request 
+# CA -newreq[-nodes] ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
@@ -54,7 +54,7 @@ $RET = 0;
 
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
 	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newreq-nodes$/) {
+	    # create a certificate request
+	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -143,7 +148,7 @@ foreach (@ARGV) {
 	    }
 	} else {
 	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
 	    exit 1;
 	}
 }
diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in
index f1ac7e7..8b2ce7e 100644
--- a/crypto/openssl/apps/CA.pl.in
+++ b/crypto/openssl/apps/CA.pl.in
@@ -5,7 +5,7 @@
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request 
+# CA -newreq[-nodes] ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
@@ -54,7 +54,7 @@ $RET = 0;
 
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
 	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newreq-nodes$/) {
+	    # create a certificate request
+	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -143,7 +148,7 @@ foreach (@ARGV) {
 	    }
 	} else {
 	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
 	    exit 1;
 	}
 }
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index 0b3208f..c75d0d2 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -5,21 +5,26 @@
 DIR=		apps
 TOP=		..
 CC=		cc
-INCLUDES=	-I../include
+INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
 INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
 OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 PERL=		perl
 RM=		rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
 
 PEX_LIBS=
 EX_LIBS= 
 EXE_EXT= 
 
+SHLIB_TARGET=
+
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile makeapps.com install.com
@@ -39,7 +44,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand
+	pkcs8 spkac smime rand engine ocsp
 
 PROGS= $(PROGRAM).c
 
@@ -55,14 +60,14 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o rsautl.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
 
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
 
 SRC=$(E_SRC)
 
@@ -93,17 +98,20 @@ install:
 	@for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	 done;
 	@for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	 done
-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -117,7 +125,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -128,15 +136,24 @@ clean:
 	rm -f req
 
 $(DLIBSSL):
-	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+	(cd ..; $(MAKE) DIRS=ssl all)
 
 $(DLIBCRYPTO):
-	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+	(cd ..; $(MAKE) DIRS=crypto all)
 
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
-	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
-	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)
 
 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
@@ -144,567 +161,724 @@ progs.h: progs.pl
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
-app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-app_rand.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
-app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h apps.h
-apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-apps.o: ../include/openssl/des.h ../include/openssl/dh.h
-apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
+app_rand.o: apps.h
+apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
 apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
 apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
 apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
-asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
 asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
 asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
 asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509_vfy.h apps.h
-ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: asn1pars.c
+ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
 ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509_vfy.h apps.h
-crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl.o: ../include/openssl/des.h ../include/openssl/dh.h
-crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/engine.h ../include/openssl/err.h
 crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
 crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
 crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
-crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
 crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
 crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
 crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509_vfy.h apps.h
-dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
-dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
 dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
 dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
 dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dgst.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h
-dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
 dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
 dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509_vfy.h apps.h
-dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
-dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
 dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
 dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h
-enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: dsaparam.c
+enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
 enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
 enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
 enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+engine.o: ../include/openssl/md4.h ../include/openssl/md5.h
+engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
 errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509_vfy.h apps.h
-gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
-gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
 gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
 gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
 gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
 gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h apps.h
-genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
 genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
 genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h
-nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
-nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-nseq.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
 nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
 nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
 nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509_vfy.h apps.h
-openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
 openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
-passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
-passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-passwd.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
 passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
 passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
 passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+passwd.o: passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
 pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
 pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
 pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
 pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509_vfy.h apps.h
-pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
 pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
 pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rand.o: ../include/openssl/des.h ../include/openssl/dh.h
-rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
 rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
 rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
 rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/des.h ../include/openssl/dh.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/des.h ../include/openssl/des_old.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
 rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
 rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h apps.h
-rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
-rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
 rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
 rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h
-s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
-s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
@@ -714,21 +888,24 @@ s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h
-s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
@@ -738,22 +915,26 @@ s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h
-s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -761,169 +942,200 @@ s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h
-s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
-sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h
 sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
-sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509_vfy.h apps.h
-smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-smime.o: ../include/openssl/des.h ../include/openssl/dh.h
-smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+smime.o: ../include/openssl/cast.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
 smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
 smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
 smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509_vfy.h apps.h
-speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-speed.o: ../include/openssl/des.h ../include/openssl/dh.h
-speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
 speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
 speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
 speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
 speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
-spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
-spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
 spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
 spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
 spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h apps.h
-verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-verify.o: ../include/openssl/des.h ../include/openssl/dh.h
-verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+verify.o: ../include/openssl/cast.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
 verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
 verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
 verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-version.o: ../include/openssl/des.h ../include/openssl/dh.h
-version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-version.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-version.o: ../include/openssl/md2.h ../include/openssl/md4.h
-version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/cast.h ../include/openssl/conf.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/engine.h ../include/openssl/err.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-x509.o: ../include/openssl/des.h ../include/openssl/dh.h
-x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+version.o: version.c
+x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+x509.o: ../include/openssl/cast.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
 x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
 x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
 x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
-x509.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
index 8a78e12..b7b6128 100644
--- a/crypto/openssl/apps/app_rand.c
+++ b/crypto/openssl/apps/app_rand.c
@@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 	int consider_randfile = (file == NULL);
 	char buffer[200];
 	
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	BIO_printf(bio_e,"Loading 'screen' into random state -");
 	BIO_flush(bio_e);
 	RAND_screen();
@@ -142,18 +142,21 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 		}
 	if (file == NULL || !RAND_load_file(file, -1))
 		{
-		if (RAND_status() == 0 && !dont_warn)
+		if (RAND_status() == 0)
 			{
-			BIO_printf(bio_e,"unable to load 'random state'\n");
-			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
-			BIO_printf(bio_e,"with much random data.\n");
-			if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+			if (!dont_warn)
 				{
-				BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
-				BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+				BIO_printf(bio_e,"unable to load 'random state'\n");
+				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+				BIO_printf(bio_e,"with much random data.\n");
+				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+					{
+					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+					}
 				}
+			return 0;
 			}
-		return 0;
 		}
 	seeded = 1;
 	return 1;
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 618e34c..4a8c926 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -55,25 +55,111 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
+#include <ctype.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include <openssl/ui.h>
 #include <openssl/safestack.h>
+#include <openssl/engine.h>
+
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
+#endif
 
-#ifdef WINDOWS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+#ifdef OPENSSL_SYS_WINDOWS
 #  include "bss_file.c"
 #endif
 
+typedef struct {
+	char *name;
+	unsigned long flag;
+	unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+		const char *key_descrip, int format);
+#endif
+
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -170,11 +256,13 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
+	else if ((*s == 'E') || (*s == 'e'))
+		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
 
-#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 void program_name(char *in, char *out, int size)
 	{
 	int i,n;
@@ -212,7 +300,7 @@ void program_name(char *in, char *out, int size)
 	out[n]='\0';
 	}
 #else
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 void program_name(char *in, char *out, int size)
 	{
 	char *p=in, *q;
@@ -249,28 +337,65 @@ void program_name(char *in, char *out, int size)
 		p++;
 	else
 		p=in;
-	strncpy(out,p,size-1);
-	out[size-1]='\0';
+	BUF_strlcpy(out,p,size);
 	}
 #endif
 #endif
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 int WIN32_rename(char *from, char *to)
 	{
-#ifdef WINNT
-	int ret;
-/* Note: MoveFileEx() doesn't work under Win95, Win98 */
-
-	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
-	return(ret?0:-1);
+#ifndef OPENSSL_SYS_WINCE
+	/* Windows rename gives an error if 'to' exists, so delete it
+	 * first and ignore file not found errror
+	 */
+	if((remove(to) != 0) && (errno != ENOENT))
+		return -1;
+#undef rename
+	return rename(from, to);
 #else
-	unlink(to);
-	return MoveFile(from, to);
+	/* convert strings to UNICODE */
+	{
+	BOOL result = FALSE;
+	WCHAR* wfrom;
+	WCHAR* wto;
+	int i;
+	wfrom = malloc((strlen(from)+1)*2);
+	wto = malloc((strlen(to)+1)*2);
+	if (wfrom != NULL && wto != NULL)
+		{
+		for (i=0; i<(int)strlen(from)+1; i++)
+			wfrom[i] = (short)from[i];
+		for (i=0; i<(int)strlen(to)+1; i++)
+			wto[i] = (short)to[i];
+		result = MoveFile(wfrom, wto);
+		}
+	if (wfrom != NULL)
+		free(wfrom);
+	if (wto != NULL)
+		free(wto);
+	return result;
+	}
 #endif
 	}
 #endif
 
+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+	{
+	while (*str1 && *str2)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		}
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
+	}
+#endif
+
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -346,18 +471,175 @@ int app_init(long mesgwin)
 
 int dump_cert_text (BIO *out, X509 *x)
 {
-	char buf[256];
-	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+	char *p;
+
+	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
 	BIO_puts(out,"subject=");
-	BIO_puts(out,buf);
+	BIO_puts(out,p);
+	OPENSSL_free(p);
 
-	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-	BIO_puts(out,"\nissuer= ");
-	BIO_puts(out,buf);
+	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
+	BIO_puts(out,"\nissuer=");
+	BIO_puts(out,p);
 	BIO_puts(out,"\n");
-        return 0;
+	OPENSSL_free(p);
+
+	return 0;
 }
 
+static int ui_open(UI *ui)
+	{
+	return UI_method_get_opener(UI_OpenSSL())(ui);
+	}
+static int ui_read(UI *ui, UI_STRING *uis)
+	{
+	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+		&& UI_get0_user_data(ui))
+		{
+		switch(UI_get_string_type(uis))
+			{
+		case UIT_PROMPT:
+		case UIT_VERIFY:
+			{
+			const char *password =
+				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+			if (password[0] != '\0')
+				{
+				UI_set_result(ui, uis, password);
+				return 1;
+				}
+			}
+		default:
+			break;
+			}
+		}
+	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+	}
+static int ui_write(UI *ui, UI_STRING *uis)
+	{
+	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+		&& UI_get0_user_data(ui))
+		{
+		switch(UI_get_string_type(uis))
+			{
+		case UIT_PROMPT:
+		case UIT_VERIFY:
+			{
+			const char *password =
+				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+			if (password[0] != '\0')
+				return 1;
+			}
+		default:
+			break;
+			}
+		}
+	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+	}
+static int ui_close(UI *ui)
+	{
+	return UI_method_get_closer(UI_OpenSSL())(ui);
+	}
+int setup_ui_method(void)
+	{
+	ui_method = UI_create_method("OpenSSL application user interface");
+	UI_method_set_opener(ui_method, ui_open);
+	UI_method_set_reader(ui_method, ui_read);
+	UI_method_set_writer(ui_method, ui_write);
+	UI_method_set_closer(ui_method, ui_close);
+	return 0;
+	}
+void destroy_ui_method(void)
+	{
+	if(ui_method)
+		{
+		UI_destroy_method(ui_method);
+		ui_method = NULL;
+		}
+	}
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_tmp)
+	{
+	UI *ui = NULL;
+	int res = 0;
+	const char *prompt_info = NULL;
+	const char *password = NULL;
+	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+	if (cb_data)
+		{
+		if (cb_data->password)
+			password = cb_data->password;
+		if (cb_data->prompt_info)
+			prompt_info = cb_data->prompt_info;
+		}
+
+	if (password)
+		{
+		res = strlen(password);
+		if (res > bufsiz)
+			res = bufsiz;
+		memcpy(buf, password, res);
+		return res;
+		}
+
+	ui = UI_new_method(ui_method);
+	if (ui)
+		{
+		int ok = 0;
+		char *buff = NULL;
+		int ui_flags = 0;
+		char *prompt = NULL;
+
+		prompt = UI_construct_prompt(ui, "pass phrase",
+			cb_data->prompt_info);
+
+		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+		if (ok >= 0)
+			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
+				PW_MIN_LENGTH,BUFSIZ-1);
+		if (ok >= 0 && verify)
+			{
+			buff = (char *)OPENSSL_malloc(bufsiz);
+			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
+				PW_MIN_LENGTH,BUFSIZ-1, buf);
+			}
+		if (ok >= 0)
+			do
+				{
+				ok = UI_process(ui);
+				}
+			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+		if (buff)
+			{
+			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
+			OPENSSL_free(buff);
+			}
+
+		if (ok >= 0)
+			res = strlen(buf);
+		if (ok == -1)
+			{
+			BIO_printf(bio_err, "User interface error\n");
+			ERR_print_errors(bio_err);
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+			res = 0;
+			}
+		if (ok == -2)
+			{
+			BIO_printf(bio_err,"aborted!\n");
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+			res = 0;
+			}
+		UI_free(ui);
+		OPENSSL_free(prompt);
+		}
+	return res;
+	}
+
 static char *app_get_pass(BIO *err, char *arg, int keepbio);
 
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
@@ -433,14 +715,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
 	return BUF_strdup(tpass);
 }
 
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
 {	
 	char *p;
 	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
-	if(!(sktmp = CONF_get_section(conf, p))) {
+	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
+		{
+		ERR_clear_error();
+		return 1;
+		}
+	if(!(sktmp = NCONF_get_section(conf, p))) {
 		BIO_printf(err, "problem loading oid section %s\n", p);
 		return 0;
 	}
@@ -455,7 +741,8 @@ int add_oid_section(BIO *err, LHASH *conf)
 	return 1;
 }
 
-X509 *load_cert(BIO *err, char *file, int format)
+X509 *load_cert(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
 	ASN1_HEADER *ah=NULL;
 	BUF_MEM *buf=NULL;
@@ -469,12 +756,17 @@ X509 *load_cert(BIO *err, char *file, int format)
 		}
 
 	if (file == NULL)
+		{
+		setvbuf(stdin, NULL, _IONBF, 0);
 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+		}
 	else
 		{
 		if (BIO_read_filename(cert,file) <= 0)
 			{
-			perror(file);
+			BIO_printf(err, "Error opening %s %s\n",
+				cert_descrip, file);
+			ERR_print_errors(err);
 			goto end;
 			}
 		}
@@ -525,7 +817,8 @@ X509 *load_cert(BIO *err, char *file, int format)
 		ah->data=NULL;
 		}
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+		x=PEM_read_bio_X509_AUX(cert,NULL,
+			(pem_password_cb *)password_callback, NULL);
 	else if (format == FORMAT_PKCS12)
 		{
 		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
@@ -535,7 +828,8 @@ X509 *load_cert(BIO *err, char *file, int format)
 		p12 = NULL;
 		}
 	else	{
-		BIO_printf(err,"bad input format specified for input cert\n");
+		BIO_printf(err,"bad input format specified for %s\n",
+			cert_descrip);
 		goto end;
 		}
 end:
@@ -550,35 +844,62 @@ end:
 	return(x);
 	}
 
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
+	PW_CB_DATA cb_data;
 
-	if (file == NULL)
+	cb_data.password = pass;
+	cb_data.prompt_info = file;
+
+	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
 		{
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
+	if (format == FORMAT_ENGINE)
+		{
+		if (!e)
+			BIO_printf(bio_err,"no engine specified\n");
+		else
+			pkey = ENGINE_load_private_key(e, file,
+				ui_method, &cb_data);
+		goto end;
+		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
 		ERR_print_errors(err);
 		goto end;
 		}
-	if (BIO_read_filename(key,file) <= 0)
+	if (file == NULL && maybe_stdin)
 		{
-		perror(file);
-		goto end;
+		setvbuf(stdin, NULL, _IONBF, 0);
+		BIO_set_fp(key,stdin,BIO_NOCLOSE);
 		}
+	else
+		if (BIO_read_filename(key,file) <= 0)
+			{
+			BIO_printf(err, "Error opening %s %s\n",
+				key_descrip, file);
+			ERR_print_errors(err);
+			goto end;
+			}
 	if (format == FORMAT_ASN1)
 		{
 		pkey=d2i_PrivateKey_bio(key, NULL);
 		}
 	else if (format == FORMAT_PEM)
 		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
+		pkey=PEM_read_bio_PrivateKey(key,NULL,
+			(pem_password_cb *)password_callback, &cb_data);
 		}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+		pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
 	else if (format == FORMAT_PKCS12)
 		{
 		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
@@ -589,36 +910,58 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 		}
 	else
 		{
-		BIO_printf(err,"bad input format specified for key\n");
+		BIO_printf(err,"bad input format specified for key file\n");
 		goto end;
 		}
  end:
 	if (key != NULL) BIO_free(key);
 	if (pkey == NULL)
-		BIO_printf(err,"unable to load Private Key\n");
+		BIO_printf(err,"unable to load %s\n", key_descrip);
 	return(pkey);
 	}
 
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
+	PW_CB_DATA cb_data;
 
-	if (file == NULL)
+	cb_data.password = pass;
+	cb_data.prompt_info = file;
+
+	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
 		{
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
+	if (format == FORMAT_ENGINE)
+		{
+		if (!e)
+			BIO_printf(bio_err,"no engine specified\n");
+		else
+			pkey = ENGINE_load_public_key(e, file,
+				ui_method, &cb_data);
+		goto end;
+		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
 		ERR_print_errors(err);
 		goto end;
 		}
-	if (BIO_read_filename(key,file) <= 0)
+	if (file == NULL && maybe_stdin)
 		{
-		perror(file);
-		goto end;
+		setvbuf(stdin, NULL, _IONBF, 0);
+		BIO_set_fp(key,stdin,BIO_NOCLOSE);
+		}
+	else
+		if (BIO_read_filename(key,file) <= 0)
+			{
+			BIO_printf(err, "Error opening %s %s\n",
+				key_descrip, file);
+			ERR_print_errors(err);
+			goto end;
 		}
 	if (format == FORMAT_ASN1)
 		{
@@ -626,27 +969,83 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
 		}
 	else if (format == FORMAT_PEM)
 		{
-		pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
+		pkey=PEM_read_bio_PUBKEY(key,NULL,
+			(pem_password_cb *)password_callback, &cb_data);
 		}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+		pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
 	else
 		{
-		BIO_printf(err,"bad input format specified for key\n");
+		BIO_printf(err,"bad input format specified for key file\n");
 		goto end;
 		}
  end:
 	if (key != NULL) BIO_free(key);
 	if (pkey == NULL)
-		BIO_printf(err,"unable to load Public Key\n");
+		BIO_printf(err,"unable to load %s\n", key_descrip);
 	return(pkey);
 	}
 
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+		const char *key_descrip, int format)
+	{
+	EVP_PKEY *pkey;
+	BUF_MEM *buf;
+	RSA	*rsa;
+	const unsigned char *p;
+	int size, i;
+
+	buf=BUF_MEM_new();
+	pkey = EVP_PKEY_new();
+	size = 0;
+	if (buf == NULL || pkey == NULL)
+		goto error;
+	for (;;)
+		{
+		if (!BUF_MEM_grow_clean(buf,size+1024*10))
+			goto error;
+		i = BIO_read(key, &(buf->data[size]), 1024*10);
+		size += i;
+		if (i == 0)
+			break;
+		if (i < 0)
+			{
+				BIO_printf(err, "Error reading %s %s",
+					key_descrip, file);
+				goto error;
+			}
+		}
+	p=(unsigned char *)buf->data;
+	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+		(format == FORMAT_IISSGC ? 1 : 0));
+	if (rsa == NULL)
+		goto error;
+	BUF_MEM_free(buf);
+	EVP_PKEY_set1_RSA(pkey, rsa);
+	return pkey;
+error:
+	BUF_MEM_free(buf);
+	EVP_PKEY_free(pkey);
+	return NULL;
+	}
+#endif /* ndef OPENSSL_NO_RC4 */
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
 	BIO *certs;
 	int i;
 	STACK_OF(X509) *othercerts = NULL;
 	STACK_OF(X509_INFO) *allcerts = NULL;
 	X509_INFO *xi;
+	PW_CB_DATA cb_data;
+
+	cb_data.password = pass;
+	cb_data.prompt_info = file;
 
 	if((certs = BIO_new(BIO_s_file())) == NULL)
 		{
@@ -660,7 +1059,9 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
 		{
 		if (BIO_read_filename(certs,file) <= 0)
 			{
-			perror(file);
+			BIO_printf(err, "Error opening %s %s\n",
+				cert_descrip, file);
+			ERR_print_errors(err);
 			goto end;
 			}
 		}
@@ -674,7 +1075,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
 			othercerts = NULL;
 			goto end;
 			}
-		allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+		allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+				(pem_password_cb *)password_callback, &cb_data);
 		for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
 			{
 			xi = sk_X509_INFO_value (allcerts, i);
@@ -687,7 +1089,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
 		goto end;
 		}
 	else	{
-		BIO_printf(err,"bad input format specified for input cert\n");
+		BIO_printf(err,"bad input format specified for %s\n",
+			cert_descrip);
 		goto end;
 		}
 end:
@@ -701,16 +1104,49 @@ end:
 	return(othercerts);
 	}
 
-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
+
+#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT		0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+	static const NAME_EX_TBL cert_tbl[] = {
+		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
+		{ "no_header", X509_FLAG_NO_HEADER, 0},
+		{ "no_version", X509_FLAG_NO_VERSION, 0},
+		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
+		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
+		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
+		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
+		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
+		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+		{ "no_aux", X509_FLAG_NO_AUX, 0},
+		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ NULL, 0, 0}
+	};
+	return set_multi_opts(flags, arg, cert_tbl);
+}
 
 int set_name_ex(unsigned long *flags, const char *arg)
 {
-	char c;
-	const NAME_EX_TBL *ptbl, ex_tbl[] = {
+	static const NAME_EX_TBL ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -730,15 +1166,95 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
 		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
 		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+		{ "align", XN_FLAG_FN_ALIGN, 0},
 		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
 		{ "space_eq", XN_FLAG_SPC_EQ, 0},
 		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
 		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
 		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
+	return set_multi_opts(flags, arg, ex_tbl);
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+	if (!strcasecmp(arg, "none"))
+		*copy_type = EXT_COPY_NONE;
+	else if (!strcasecmp(arg, "copy"))
+		*copy_type = EXT_COPY_ADD;
+	else if (!strcasecmp(arg, "copyall"))
+		*copy_type = EXT_COPY_ALL;
+	else
+		return 0;
+	return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+	STACK_OF(X509_EXTENSION) *exts = NULL;
+	X509_EXTENSION *ext, *tmpext;
+	ASN1_OBJECT *obj;
+	int i, idx, ret = 0;
+	if (!x || !req || (copy_type == EXT_COPY_NONE))
+		return 1;
+	exts = X509_REQ_get_extensions(req);
+
+	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+		ext = sk_X509_EXTENSION_value(exts, i);
+		obj = X509_EXTENSION_get_object(ext);
+		idx = X509_get_ext_by_OBJ(x, obj, -1);
+		/* Does extension exist? */
+		if (idx != -1) {
+			/* If normal copy don't override existing extension */
+			if (copy_type == EXT_COPY_ADD)
+				continue;
+			/* Delete all extensions of same type */
+			do {
+				tmpext = X509_get_ext(x, idx);
+				X509_delete_ext(x, idx);
+				X509_EXTENSION_free(tmpext);
+				idx = X509_get_ext_by_OBJ(x, obj, -1);
+			} while (idx != -1);
+		}
+		if (!X509_add_ext(x, ext, -1))
+			goto end;
+	}
+
+	ret = 1;
 
+	end:
+
+	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+	return ret;
+}
+		
+		
+			
+
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+	STACK_OF(CONF_VALUE) *vals;
+	CONF_VALUE *val;
+	int i, ret = 1;
+	if(!arg) return 0;
+	vals = X509V3_parse_list(arg);
+	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+		val = sk_CONF_VALUE_value(vals, i);
+		if (!set_table_opts(flags, val->name, in_tbl))
+			ret = 0;
+	}
+	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+	return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+	char c;
+	const NAME_EX_TBL *ptbl;
 	c = arg[0];
 
 	if(c == '-') {
@@ -749,8 +1265,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		arg++;
 	} else c = 1;
 
-	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
-		if(!strcmp(arg, ptbl->name)) {
+	for(ptbl = in_tbl; ptbl->name; ptbl++) {
+		if(!strcasecmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
 			else *flags &= ~ptbl->flag;
@@ -765,6 +1281,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 	char *buf;
 	char mline = 0;
 	int indent = 0;
+
 	if(title) BIO_puts(out, title);
 	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
 		mline = 1;
@@ -782,3 +1299,122 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 	}
 }
 
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+	X509_STORE *store;
+	X509_LOOKUP *lookup;
+	if(!(store = X509_STORE_new())) goto end;
+	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+	if (lookup == NULL) goto end;
+	if (CAfile) {
+		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+			BIO_printf(bp, "Error loading file %s\n", CAfile);
+			goto end;
+		}
+	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+		
+	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+	if (lookup == NULL) goto end;
+	if (CApath) {
+		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+			BIO_printf(bp, "Error loading directory %s\n", CApath);
+			goto end;
+		}
+	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+	ERR_clear_error();
+	return store;
+	end:
+	X509_STORE_free(store);
+	return NULL;
+}
+
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+	{
+	ENGINE *e = ENGINE_by_id("dynamic");
+	if (e)
+		{
+		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+			{
+			ENGINE_free(e);
+			e = NULL;
+			}
+		}
+	return e;
+	}
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+        {
+        ENGINE *e = NULL;
+
+        if (engine)
+                {
+		if(strcmp(engine, "auto") == 0)
+			{
+			BIO_printf(err,"enabling auto ENGINE support\n");
+			ENGINE_register_all_complete();
+			return NULL;
+			}
+		if((e = ENGINE_by_id(engine)) == NULL
+			&& (e = try_load_engine(err, engine, debug)) == NULL)
+			{
+			BIO_printf(err,"invalid engine \"%s\"\n", engine);
+			ERR_print_errors(err);
+			return NULL;
+			}
+		if (debug)
+			{
+			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+				0, err, 0);
+			}
+                ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(err,"can't use that engine\n");
+			ERR_print_errors(err);
+			ENGINE_free(e);
+			return NULL;
+			}
+
+		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
+
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+        return e;
+        }
+
+int load_config(BIO *err, CONF *cnf)
+	{
+	if (!cnf)
+		cnf = config;
+	if (!cnf)
+		return 1;
+
+	OPENSSL_load_builtin_modules();
+
+	if (CONF_modules_load(cnf, NULL, 0) <= 0)
+		{
+		BIO_printf(err, "Error configuring OpenSSL\n");
+		ERR_print_errors(err);
+		return 0;
+		}
+	return 1;
+	}
+
+char *make_config_name()
+	{
+	const char *t=X509_get_default_cert_area();
+	char *p;
+
+	p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+	strcpy(p,t);
+#ifndef OPENSSL_SYS_VMS
+	strcat(p,"/");
+#endif
+	strcat(p,OPENSSL_CONF);
+
+	return p;
+	}
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 82587b9..7b1f8de 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -55,11 +55,64 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
@@ -67,6 +120,9 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
+#include <openssl/txt_db.h>
+#include <openssl/engine.h>
+#include <openssl/ossl_typ.h>
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -78,29 +134,33 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                        * (see e_os.h).  The string is
                                        * destroyed! */
 
-#ifdef NO_STDIO
-BIO_METHOD *BIO_s_file();
-#endif
-
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
 #endif
 
+/* VMS below version 7.0 doesn't have strcasecmp() */
+#ifdef OPENSSL_SYS_VMS
+#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
+int VMS_strcasecmp(const char *str1, const char *str2);
+#endif
+
 #ifndef MONOLITH
 
 #define MAIN(a,v)	main(a,v)
 
 #ifndef NON_MAIN
+CONF *config=NULL;
 BIO *bio_err=NULL;
 #else
+extern CONF *config;
 extern BIO *bio_err;
 #endif
 
 #else
 
 #define MAIN(a,v)	PROG(a,v)
-extern LHASH *config;
+extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 
@@ -115,21 +175,34 @@ extern BIO *bio_err;
 #endif
 
 #if defined(MONOLITH) && !defined(OPENSSL_C)
-#  define apps_startup()	do_pipe_sig()
+#  define apps_startup() \
+		do_pipe_sig()
+#  define apps_shutdown()
 #else
-#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+   defined(OPENSSL_SYS_WIN32)
 #    ifdef _O_BINARY
 #      define apps_startup() \
-		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms()
+		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    else
 #      define apps_startup() \
-		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms()
+		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    endif
 #  else
-#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
+#    define apps_startup() \
+		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+		setup_ui_method(); } while(0)
 #  endif
+#  define apps_shutdown() \
+		do { CONF_modules_unload(1); destroy_ui_method(); \
+		EVP_cleanup(); ENGINE_cleanup(); \
+		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+		ERR_free_strings(); } while(0)
 #endif
 
 typedef struct args_st
@@ -138,6 +211,19 @@ typedef struct args_st
 	int count;
 	} ARGS;
 
+#define PW_MIN_LENGTH 4
+typedef struct pw_cb_data
+	{
+	const void *password;
+	const char *prompt_info;
+	} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
@@ -147,13 +233,32 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
+int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
-X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
+int add_oid_section(BIO *err, CONF *conf);
+X509 *load_cert(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip);
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+
+int load_config(BIO *err, CONF *cnf);
+char *make_config_name(void);
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+			ASN1_GENERALIZEDTIME **pinvtm, char *str);
+int make_serial_index(TXT_DB *db);
+
+X509_NAME *do_subject(char *str, long chtype);
 
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@@ -162,6 +267,13 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
+#define FORMAT_ENGINE   7
+#define FORMAT_IISSGC	8	/* XXX this stupid macro helps us to avoid
+				 * adding yet another param to load_*key() */
+
+#define EXT_COPY_NONE	0
+#define EXT_COPY_ADD	1
+#define EXT_COPY_ALL	2
 
 #define NETSCAPE_CERT_HDR	"certificate"
 
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
index 5339166..8367415 100644
--- a/crypto/openssl/apps/asn1pars.c
+++ b/crypto/openssl/apps/asn1pars.c
@@ -103,6 +103,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
@@ -205,7 +208,7 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
@@ -328,6 +331,7 @@ end:
 	if (at != NULL) ASN1_TYPE_free(at);
 	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 0618bb5..93e61f6 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -61,9 +61,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include "apps.h"
 #include <openssl/conf.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
@@ -73,20 +73,33 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
+#include <openssl/ocsp.h>
 #include <openssl/pem.h>
 
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
+#endif
+
 #ifndef W_OK
-#  ifdef VMS
+#  ifdef OPENSSL_SYS_VMS
 #    if defined(__DECC)
 #      include <unistd.h>
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(VXWORKS)
+#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
 #    include <sys/file.h>
 #  endif
 #endif
 
+#include "apps.h"
+
 #ifndef W_OK
 #  define F_OK 0
 #  define X_OK 1
@@ -118,11 +131,15 @@
 #define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
 #define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
 #define ENV_DEFAULT_MD		"default_md"
+#define ENV_DEFAULT_EMAIL_DN	"email_in_dn"
 #define ENV_PRESERVE		"preserve"
 #define ENV_POLICY      	"policy"
 #define ENV_EXTENSIONS      	"x509_extensions"
 #define ENV_CRLEXT      	"crl_extensions"
 #define ENV_MSIE_HACK		"msie_hack"
+#define ENV_NAMEOPT		"name_opt"
+#define ENV_CERTOPT		"cert_opt"
+#define ENV_EXTCOPY		"copy_extensions"
 
 #define ENV_DATABASE		"database"
 
@@ -138,6 +155,14 @@
 #define DB_TYPE_EXP	'E'
 #define DB_TYPE_VAL	'V'
 
+/* Additional revocation information types */
+
+#define REV_NONE		0	/* No addditional information */
+#define REV_CRL_REASON		1	/* Value is CRL reason code */
+#define REV_HOLD		2	/* Value is hold instruction */
+#define REV_KEY_COMPROMISE	3	/* Value is cert key compromise time */
+#define REV_CA_COMPROMISE	4	/* Value is CA key compromise time */
+
 static char *ca_usage[]={
 "usage: ca args\n",
 "\n",
@@ -152,7 +177,8 @@ static char *ca_usage[]={
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - PEM private key file\n",
+" -keyfile arg    - private key file\n",
+" -keyform arg    - private key file format (PEM or ENGINE)\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
@@ -162,11 +188,17 @@ static char *ca_usage[]={
 " -spkac file     - File contains DN and signed public key and challenge\n",
 " -ss_cert file   - File contains a self signed cert to sign\n",
 " -preserveDN     - Don't re-order the DN\n",
+" -noemailDN      - Don't add the EMAIL field into certificate' subject\n",
 " -batch          - Don't ask questions\n",
 " -msie_hack      - msie modifications to handle all those universal strings\n",
 " -revoke file    - Revoke a certificate (given in file)\n",
+" -subj arg       - Use arg instead of request's subject\n",
 " -extensions ..  - Extension section (override value in config file)\n",
+" -extfile file   - Configuration file with X509v3 extentions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
+" -status serial  - Shows certificate status given the serial number\n",
+" -updatedb       - Updates db for expired certificates\n",
 NULL
 };
 
@@ -177,54 +209,77 @@ extern int EF_ALIGNMENT;
 #endif
 
 static void lookup_fail(char *name,char *tag);
-static unsigned long index_serial_hash(char **a);
-static int index_serial_cmp(char **a, char **b);
-static unsigned long index_name_hash(char **a);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
 static int index_name_qual(char **a);
-static int index_name_cmp(char **a,char **b);
+static int index_name_cmp(const char **a,const char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
-		   BIGNUM *serial, char *startdate,char *enddate, int days,
-		   int batch, char *ext_sect, LHASH *conf,int verbose);
+		   BIGNUM *serial, char *subj, int email_dn, char *startdate,
+		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
+		   int verbose, unsigned long certopt, unsigned long nameopt,
+		   int default_op, int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			TXT_DB *db, BIGNUM *serial,char *startdate,
-			char *enddate, int days, int batch, char *ext_sect,
-			LHASH *conf,int verbose);
+			TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
+			char *startdate, char *enddate, long days, int batch,
+			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
+			unsigned long nameopt, int default_op, int ext_copy,
+			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 TXT_DB *db, BIGNUM *serial,char *startdate,
-			 char *enddate, int days, char *ext_sect,LHASH *conf,
-				int verbose);
+			 TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
+			 char *startdate, char *enddate, long days, char *ext_sect,
+			 CONF *conf, int verbose, unsigned long certopt, 
+			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
-	char *startdate, char *enddate, int days, int batch, int verbose,
-	X509_REQ *req, char *ext_sect, LHASH *conf);
-static int do_revoke(X509 *x509, TXT_DB *db);
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
+	int email_dn, char *startdate, char *enddate, long days, int batch,
+       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
+	unsigned long certopt, unsigned long nameopt, int default_op,
+	int ext_copy);
+static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, TXT_DB *db);
+static int do_updatedb(TXT_DB *db);
 static int check_time_format(char *str);
-static LHASH *conf=NULL;
+char *make_revocation_str(int rev_type, char *rev_arg);
+int make_revoked(X509_REVOKED *rev, char *str);
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
 static char *section=NULL;
 
 static int preserve=0;
 static int msie_hack=0;
 
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
+	int free_key = 0;
 	int total=0;
 	int total_done=0;
 	int badops=0;
 	int ret=1;
+	int email_dn=1;
 	int req=0;
 	int verbose=0;
 	int gencrl=0;
 	int dorevoke=0;
+	int doupdatedb=0;
 	long crldays=0;
 	long crlhours=0;
 	long errorline= -1;
@@ -233,41 +288,53 @@ int MAIN(int argc, char **argv)
 	char *policy=NULL;
 	char *keyfile=NULL;
 	char *certfile=NULL;
+	int keyform=FORMAT_PEM;
 	char *infile=NULL;
 	char *spkac_file=NULL;
 	char *ss_cert_file=NULL;
+	char *ser_status=NULL;
 	EVP_PKEY *pkey=NULL;
 	int output_der = 0;
 	char *outfile=NULL;
 	char *outdir=NULL;
 	char *serialfile=NULL;
 	char *extensions=NULL;
+	char *extfile=NULL;
+	char *subj=NULL;
+	char *tmp_email_dn=NULL;
 	char *crl_ext=NULL;
+	int rev_type = REV_NONE;
+	char *rev_arg = NULL;
 	BIGNUM *serial=NULL;
 	char *startdate=NULL;
 	char *enddate=NULL;
-	int days=0;
+	long days=0;
 	int batch=0;
 	int notext=0;
+	unsigned long nameopt = 0, certopt = 0;
+	int default_op = 1;
+	int ext_copy = EXT_COPY_NONE;
 	X509 *x509=NULL;
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
 	char *dbfile=NULL;
 	TXT_DB *db=NULL;
 	X509_CRL *crl=NULL;
-	X509_CRL_INFO *ci=NULL;
 	X509_REVOKED *r=NULL;
+	ASN1_TIME *tmptm;
+	ASN1_INTEGER *tmpser;
 	char **pp,*p,*f;
 	int i,j;
 	long l;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK_OF(X509) *cert_sk=NULL;
-	BIO *hex=NULL;
 #undef BSIZE
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
+	char *engine = NULL;
+	char *tofree=NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -303,6 +370,12 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			section= *(++argv);
 			}
+		else if (strcmp(*argv,"-subj") == 0)
+			{
+			if (--argc < 1) goto bad;
+			subj= *(++argv);
+			/* preserve=1; */
+			}
 		else if (strcmp(*argv,"-startdate") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -333,6 +406,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyform=str2fmt(*(++argv));
+			}
 		else if (strcmp(*argv,"-passin") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -370,6 +448,8 @@ EF_ALIGNMENT=0;
 			batch=1;
 		else if (strcmp(*argv,"-preserveDN") == 0)
 			preserve=1;
+		else if (strcmp(*argv,"-noemailDN") == 0)
+			email_dn=0;
 		else if (strcmp(*argv,"-gencrl") == 0)
 			gencrl=1;
 		else if (strcmp(*argv,"-msie_hack") == 0)
@@ -414,11 +494,54 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			extensions= *(++argv);
 			}
+		else if (strcmp(*argv,"-extfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-status") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ser_status= *(++argv);
+			}
+		else if (strcmp(*argv,"-updatedb") == 0)
+			{
+			doupdatedb=1;
+			}
 		else if (strcmp(*argv,"-crlexts") == 0)
 			{
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
+		else if (strcmp(*argv,"-crl_reason") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_CRL_REASON;
+			}
+		else if (strcmp(*argv,"-crl_hold") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_HOLD;
+			}
+		else if (strcmp(*argv,"-crl_compromise") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_KEY_COMPROMISE;
+			}
+		else if (strcmp(*argv,"-crl_CA_compromise") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_CA_COMPROMISE;
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 bad:
@@ -433,32 +556,37 @@ bad:
 	if (badops)
 		{
 		for (pp=ca_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto err;
 		}
 
 	ERR_load_crypto_strings();
 
+	e = setup_engine(bio_err, engine, 0);
+
 	/*****************************************************************/
+	tofree=NULL;
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 	if (configfile == NULL)
 		{
-		/* We will just use 'buf[0]' as a temporary buffer.  */
-#ifdef VMS
-		strncpy(buf[0],X509_get_default_cert_area(),
-			sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+		const char *s=X509_get_default_cert_area();
+
+#ifdef OPENSSL_SYS_VMS
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+		strcpy(tofree,s);
 #else
-		strncpy(buf[0],X509_get_default_cert_area(),
-			sizeof(buf[0])-2-sizeof(CONFIG_FILE));
-		strcat(buf[0],"/");
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+		strcpy(tofree,s);
+		strcat(tofree,"/");
 #endif
-		strcat(buf[0],CONFIG_FILE);
-		configfile=buf[0];
+		strcat(tofree,CONFIG_FILE);
+		configfile=tofree;
 		}
 
 	BIO_printf(bio_err,"Using configuration from %s\n",configfile);
-	if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+	conf = NCONF_new(NULL);
+	if (NCONF_load(conf,configfile,&errorline) <= 0)
 		{
 		if (errorline <= 0)
 			BIO_printf(bio_err,"error loading the config file '%s'\n",
@@ -468,11 +596,16 @@ bad:
 				,errorline,configfile);
 		goto err;
 		}
+	if(tofree)
+		OPENSSL_free(tofree);
+
+	if (!load_config(bio_err, conf))
+		goto err;
 
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
-		section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+		section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
 		if (section == NULL)
 			{
 			lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@@ -482,7 +615,9 @@ bad:
 
 	if (conf != NULL)
 		{
-		p=CONF_get_string(conf,NULL,"oid_file");
+		p=NCONF_get_string(conf,NULL,"oid_file");
+		if (p == NULL)
+			ERR_clear_error();
 		if (p != NULL)
 			{
 			BIO *oid_bio;
@@ -502,14 +637,16 @@ bad:
 				BIO_free(oid_bio);
 				}
 			}
-		if(!add_oid_section(bio_err,conf)) 
+		if (!add_oid_section(bio_err,conf)) 
 			{
 			ERR_print_errors(bio_err);
 			goto err;
 			}
 		}
 
-	randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+	if (randfile == NULL)
+		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
 	
 	in=BIO_new(BIO_s_file());
@@ -523,53 +660,71 @@ bad:
 		}
 
 	/*****************************************************************/
-	/* we definitely need an public key, so lets get it */
+	/* report status of cert with serial number given on command line */
+	if (ser_status)
+	{
+		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+			{
+			lookup_fail(section,ENV_DATABASE);
+			goto err;
+			}
+		if (BIO_read_filename(in,dbfile) <= 0)
+			{
+			perror(dbfile);
+			BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+			goto err;
+			}
+		db=TXT_DB_read(in,DB_NUMBER);
+		if (db == NULL) goto err;
+
+		if (!make_serial_index(db))
+			goto err;
+
+		if (get_certificate_status(ser_status,db) != 1)
+			BIO_printf(bio_err,"Error verifying serial %s!\n",
+				 ser_status);
+		goto err;
+	}
+
+	/*****************************************************************/
+	/* we definitely need a public key, so let's get it */
 
-	if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+	if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
 		section,ENV_PRIVATE_KEY)) == NULL))
 		{
 		lookup_fail(section,ENV_PRIVATE_KEY);
 		goto err;
 		}
-	if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL))
+	if (!key)
 		{
-		BIO_printf(bio_err,"Error getting password\n");
-		goto err;
-		}
-	if (BIO_read_filename(in,keyfile) <= 0)
-		{
-		perror(keyfile);
-		BIO_printf(bio_err,"trying to load CA private key\n");
-		goto err;
+		free_key = 1;
+		if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
+			{
+			BIO_printf(bio_err,"Error getting password\n");
+			goto err;
+			}
 		}
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-		if(key) memset(key,0,strlen(key));
+	pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
+		"CA private key");
+	if (key) OPENSSL_cleanse(key,strlen(key));
 	if (pkey == NULL)
 		{
-		BIO_printf(bio_err,"unable to load CA private key\n");
+		/* load_key() has already printed an appropriate message */
 		goto err;
 		}
 
 	/*****************************************************************/
 	/* we need a certificate */
-	if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+	if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
 		section,ENV_CERTIFICATE)) == NULL))
 		{
 		lookup_fail(section,ENV_CERTIFICATE);
 		goto err;
 		}
-        if (BIO_read_filename(in,certfile) <= 0)
-		{
-		perror(certfile);
-		BIO_printf(bio_err,"trying to load CA certificate\n");
-		goto err;
-		}
-	x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+	x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+		"CA certificate");
 	if (x509 == NULL)
-		{
-		BIO_printf(bio_err,"unable to load CA certificate\n");
 		goto err;
-		}
 
 	if (!X509_check_private_key(x509,pkey))
 		{
@@ -577,26 +732,72 @@ bad:
 		goto err;
 		}
 
-	f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+	f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+	if (f == NULL)
+		ERR_clear_error();
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		preserve=1;
-	f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+	f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+	if (f == NULL)
+		ERR_clear_error();
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		msie_hack=1;
 
+	f=NCONF_get_string(conf,section,ENV_NAMEOPT);
+
+	if (f)
+		{
+		if (!set_name_ex(&nameopt, f))
+			{
+			BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+			goto err;
+			}
+		default_op = 0;
+		}
+	else
+		ERR_clear_error();
+
+	f=NCONF_get_string(conf,section,ENV_CERTOPT);
+
+	if (f)
+		{
+		if (!set_cert_ex(&certopt, f))
+			{
+			BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+			goto err;
+			}
+		default_op = 0;
+		}
+	else
+		ERR_clear_error();
+
+	f=NCONF_get_string(conf,section,ENV_EXTCOPY);
+
+	if (f)
+		{
+		if (!set_ext_copy(&ext_copy, f))
+			{
+			BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+			goto err;
+			}
+		}
+	else
+		ERR_clear_error();
+
 	/*****************************************************************/
 	/* lookup where to write new certificates */
 	if ((outdir == NULL) && (req))
 		{
 		struct stat sb;
 
-		if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+		if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
 			== NULL)
 			{
 			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
 			goto err;
 			}
-#ifndef VMS /* outdir is a directory spec, but access() for VMS demands a
+#ifndef OPENSSL_SYS_VMS
+	    /* outdir is a directory spec, but access() for VMS demands a
 	       filename.  In any case, stat(), below, will catch the problem
 	       if outdir is not a directory spec, and the fopen() or open()
 	       will catch an error if there is no write access.
@@ -605,7 +806,7 @@ bad:
 	       C routines to convert the directory syntax to Unixly, and give
 	       that to access().  However, time's too short to do that just
 	       now.
-            */
+	    */
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
 			{
 			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
@@ -632,7 +833,7 @@ bad:
 
 	/*****************************************************************/
 	/* we need to load the database file */
-	if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+	if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
 		{
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
@@ -657,10 +858,9 @@ bad:
 			goto err;
 			}
 		if ((pp[DB_type][0] == DB_TYPE_REV) &&
-			!check_time_format(pp[DB_rev_date]))
+			!make_revoked(NULL, pp[DB_rev_date]))
 			{
-			BIO_printf(bio_err,"entry %d: invalid revocation date\n",
-				i+1);
+			BIO_printf(bio_err," in entry %d\n", i+1);
 			goto err;
 			}
 		if (!check_time_format(pp[DB_exp_date]))
@@ -670,6 +870,11 @@ bad:
 			}
 		p=pp[DB_serial];
 		j=strlen(p);
+		if (*p == '-')
+			{
+			p++;
+			j--;
+			}
 		if ((j&1) || (j < 2))
 			{
 			BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
@@ -690,7 +895,7 @@ bad:
 	if (verbose)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -702,15 +907,12 @@ bad:
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
-	if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
-		index_serial_cmp))
-		{
-		BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
+	if (!make_serial_index(db))
 		goto err;
-		}
 
-	if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
-		index_name_cmp))
+	if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+			LHASH_HASH_FN(index_name_hash),
+			LHASH_COMP_FN(index_name_cmp)))
 		{
 		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
 			db->error,db->arg1,db->arg2);
@@ -718,11 +920,119 @@ bad:
 		}
 
 	/*****************************************************************/
+	/* Update the db file for expired certificates */
+	if (doupdatedb)
+		{
+		if (verbose)
+			BIO_printf(bio_err, "Updating %s ...\n",
+							dbfile);
+
+		i = do_updatedb(db);
+		if (i == -1)
+			{
+			BIO_printf(bio_err,"Malloc failure\n");
+			goto err;
+			}
+		else if (i == 0)
+			{
+			if (verbose) BIO_printf(bio_err,
+					"No entries found to mark expired\n"); 
+			}
+	    	else
+			{
+			out = BIO_new(BIO_s_file());
+			if (out == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[0])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (BIO_write_filename(out,buf[0]) <= 0)
+		  		{
+		    		perror(dbfile);
+		    		BIO_printf(bio_err,"unable to open '%s'\n",
+									dbfile);
+		    		goto err;
+		  		}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			
+			BIO_free(out);
+			out = NULL;
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[1])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (rename(dbfile,buf[1]) < 0)
+		  		{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						dbfile, buf[1]);
+		    		perror("reason");
+		    		goto err;
+		  		}
+			if (rename(buf[0],dbfile) < 0)
+				{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						buf[0],dbfile);
+		    		perror("reason");
+		    		rename(buf[1],dbfile);
+		    		goto err;
+		  		}
+				
+			if (verbose) BIO_printf(bio_err,
+				"Done. %d entries marked as expired\n",i); 
+	      		}
+			goto err;
+	  	}
+
+ 	/*****************************************************************/
+	/* Read extentions config file                                   */
+	if (extfile)
+		{
+		extconf = NCONF_new(NULL);
+		if (NCONF_load(extconf,extfile,&errorline) <= 0)
+			{
+			if (errorline <= 0)
+				BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
+					extfile);
+			else
+				BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
+					errorline,extfile);
+			ret = 1;
+			goto err;
+			}
+
+		if (verbose)
+			BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
+
+		/* We can have sections in the ext file */
+		if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
+			extensions = "default";
+		}
+
+	/*****************************************************************/
 	if (req || gencrl)
 		{
 		if (outfile != NULL)
 			{
-
 			if (BIO_write_filename(Sout,outfile) <= 0)
 				{
 				perror(outfile);
@@ -732,7 +1042,7 @@ bad:
 		else
 			{
 			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			Sout = BIO_push(tmpbio, Sout);
@@ -743,12 +1053,18 @@ bad:
 
 	if (req)
 		{
-		if ((md == NULL) && ((md=CONF_get_string(conf,
+		if ((md == NULL) && ((md=NCONF_get_string(conf,
 			section,ENV_DEFAULT_MD)) == NULL))
 			{
 			lookup_fail(section,ENV_DEFAULT_MD);
 			goto err;
 			}
+		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
+			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
+			{
+			if(strcmp(tmp_email_dn,"no") == 0)
+				email_dn=0;
+			}
 		if ((dgst=EVP_get_digestbyname(md)) == NULL)
 			{
 			BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
@@ -757,7 +1073,7 @@ bad:
 		if (verbose)
 			BIO_printf(bio_err,"message digest is %s\n",
 				OBJ_nid2ln(dgst->type));
-		if ((policy == NULL) && ((policy=CONF_get_string(conf,
+		if ((policy == NULL) && ((policy=NCONF_get_string(conf,
 			section,ENV_POLICY)) == NULL))
 			{
 			lookup_fail(section,ENV_POLICY);
@@ -766,32 +1082,48 @@ bad:
 		if (verbose)
 			BIO_printf(bio_err,"policy is %s\n",policy);
 
-		if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+		if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
 			== NULL)
 			{
 			lookup_fail(section,ENV_SERIAL);
 			goto err;
 			}
-		if(!extensions)
-			extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
-		if(extensions) {
-			/* Check syntax of file */
-			X509V3_CTX ctx;
-			X509V3_set_ctx_test(&ctx);
-			X509V3_set_conf_lhash(&ctx, conf);
-			if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
-				BIO_printf(bio_err,
-				 "Error Loading extension section %s\n",
+
+		if (!extconf)
+			{
+			/* no '-extfile' option, so we look for extensions
+			 * in the main configuration file */
+			if (!extensions)
+				{
+				extensions=NCONF_get_string(conf,section,
+								ENV_EXTENSIONS);
+				if (!extensions)
+					ERR_clear_error();
+				}
+			if (extensions)
+				{
+				/* Check syntax of file */
+				X509V3_CTX ctx;
+				X509V3_set_ctx_test(&ctx);
+				X509V3_set_nconf(&ctx, conf);
+				if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
+								NULL))
+					{
+					BIO_printf(bio_err,
+				 	"Error Loading extension section %s\n",
 								 extensions);
-				ret = 1;
-				goto err;
+					ret = 1;
+					goto err;
+					}
+				}
 			}
-		}
 
 		if (startdate == NULL)
 			{
-			startdate=CONF_get_string(conf,section,
+			startdate=NCONF_get_string(conf,section,
 				ENV_DEFAULT_STARTDATE);
+			if (startdate == NULL)
+				ERR_clear_error();
 			}
 		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
 			{
@@ -802,8 +1134,10 @@ bad:
 
 		if (enddate == NULL)
 			{
-			enddate=CONF_get_string(conf,section,
+			enddate=NCONF_get_string(conf,section,
 				ENV_DEFAULT_ENDDATE);
+			if (enddate == NULL)
+				ERR_clear_error();
 			}
 		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
 			{
@@ -813,8 +1147,8 @@ bad:
 
 		if (days == 0)
 			{
-			days=(int)CONF_get_number(conf,section,
-				ENV_DEFAULT_DAYS);
+			if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+				days = 0;
 			}
 		if (!enddate && (days == 0))
 			{
@@ -829,12 +1163,17 @@ bad:
 			}
 		if (verbose)
 			{
-			if ((f=BN_bn2hex(serial)) == NULL) goto err;
-			BIO_printf(bio_err,"next serial number is %s\n",f);
-			OPENSSL_free(f);
+			if (BN_is_zero(serial))
+				BIO_printf(bio_err,"next serial number is 00\n");
+			else
+				{
+				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+				BIO_printf(bio_err,"next serial number is %s\n",f);
+				OPENSSL_free(f);
+				}
 			}
 
-		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
 			{
 			BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
 			goto err;
@@ -849,8 +1188,8 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,startdate,enddate, days,extensions,conf,
-				verbose);
+				serial,subj,email_dn,startdate,enddate,days,extensions,
+				conf,verbose,certopt,nameopt,default_op,ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -873,8 +1212,9 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,startdate,enddate,days,batch,
-				extensions,conf,verbose);
+				db,serial,subj,email_dn,startdate,enddate,days,batch,
+				extensions,conf,verbose, certopt, nameopt,
+				default_op, ext_copy, e);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -892,8 +1232,9 @@ bad:
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
-				serial,startdate,enddate,days,batch,
-				extensions,conf,verbose);
+				serial,subj,email_dn,startdate,enddate,days,batch,
+				extensions,conf,verbose, certopt, nameopt,
+				default_op, ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -911,8 +1252,9 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
-				serial,startdate,enddate,days,batch,
-				extensions,conf,verbose);
+				serial,subj,email_dn,startdate,enddate,days,batch,
+				extensions,conf,verbose, certopt, nameopt,
+				default_op, ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -948,9 +1290,15 @@ bad:
 
 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
 
-			strncpy(buf[0],serialfile,BSIZE-4);
+			if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"file name too long\n");
+				goto err;
+				}
+
+			strcpy(buf[0],serialfile);
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			strcat(buf[0],"-new");
 #else
 			strcat(buf[0],".new");
@@ -958,9 +1306,9 @@ bad:
 
 			if (!save_serial(buf[0],serial)) goto err;
 
-			strncpy(buf[1],dbfile,BSIZE-4);
+			strcpy(buf[1],dbfile);
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			strcat(buf[1],"-new");
 #else
 			strcat(buf[1],".new");
@@ -988,9 +1336,15 @@ bad:
 			j=x->cert_info->serialNumber->length;
 			p=(char *)x->cert_info->serialNumber->data;
 			
-			strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
+				{
+				BIO_printf(bio_err,"certificate file name too long\n");
+				goto err;
+				}
+
+			strcpy(buf[2],outdir);
 
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
 			strcat(buf[2],"/");
 #endif
 
@@ -1026,8 +1380,9 @@ bad:
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			strcat(buf[2],"-old");
 #else
 			strcat(buf[2],".old");
@@ -1054,8 +1409,9 @@ bad:
 				}
 
 			strncpy(buf[2],dbfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			strcat(buf[2],"-old");
 #else
 			strcat(buf[2],".old");
@@ -1083,28 +1439,37 @@ bad:
 	/*****************************************************************/
 	if (gencrl)
 		{
-		if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
-		if(crl_ext) {
+		int crl_v2 = 0;
+		if (!crl_ext)
+			{
+			crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
+			if (!crl_ext)
+				ERR_clear_error();
+			}
+		if (crl_ext)
+			{
 			/* Check syntax of file */
 			X509V3_CTX ctx;
 			X509V3_set_ctx_test(&ctx);
-			X509V3_set_conf_lhash(&ctx, conf);
-			if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
+			X509V3_set_nconf(&ctx, conf);
+			if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
+				{
 				BIO_printf(bio_err,
 				 "Error Loading CRL extension section %s\n",
 								 crl_ext);
 				ret = 1;
 				goto err;
+				}
 			}
-		}
-		if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
 
 		if (!crldays && !crlhours)
 			{
-			crldays=CONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_DAYS);
-			crlhours=CONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_HOURS);
+			if (!NCONF_get_number(conf,section,
+				ENV_DEFAULT_CRL_DAYS, &crldays))
+				crldays = 0;
+			if (!NCONF_get_number(conf,section,
+				ENV_DEFAULT_CRL_HOURS, &crlhours))
+				crlhours = 0;
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
@@ -1114,15 +1479,16 @@ bad:
 
 		if (verbose) BIO_printf(bio_err,"making CRL\n");
 		if ((crl=X509_CRL_new()) == NULL) goto err;
-		ci=crl->crl;
-		X509_NAME_free(ci->issuer);
-		ci->issuer=X509_NAME_dup(x509->cert_info->subject);
-		if (ci->issuer == NULL) goto err;
+		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
+
+		tmptm = ASN1_TIME_new();
+		if (!tmptm) goto err;
+		X509_gmtime_adj(tmptm,0);
+		X509_CRL_set_lastUpdate(crl, tmptm);	
+		X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
+		X509_CRL_set_nextUpdate(crl, tmptm);	
 
-		X509_gmtime_adj(ci->lastUpdate,0);
-		if (ci->nextUpdate == NULL)
-			ci->nextUpdate=ASN1_UTCTIME_new();
-		X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
+		ASN1_TIME_free(tmptm);
 
 		for (i=0; i<sk_num(db->data); i++)
 			{
@@ -1130,29 +1496,25 @@ bad:
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
-				ASN1_STRING_set((ASN1_STRING *)
-					r->revocationDate,
-					(unsigned char *)pp[DB_rev_date],
-					strlen(pp[DB_rev_date]));
-				/* strcpy(r->revocationDate,pp[DB_rev_date]);*/
-
-				(void)BIO_reset(hex);
-				if (!BIO_puts(hex,pp[DB_serial]))
+				j = make_revoked(r, pp[DB_rev_date]);
+				if (!j) goto err;
+				if (j == 2) crl_v2 = 1;
+				if (!BN_hex2bn(&serial, pp[DB_serial]))
 					goto err;
-				if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
-					buf[0],BSIZE)) goto err;
-
-				sk_X509_REVOKED_push(ci->revoked,r);
+				tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+				BN_free(serial);
+				serial = NULL;
+				if (!tmpser)
+					goto err;
+				X509_REVOKED_set_serialNumber(r, tmpser);
+				ASN1_INTEGER_free(tmpser);
+				X509_CRL_add0_revoked(crl,r);
 				}
 			}
+
 		/* sort the data so it will be written in serial
 		 * number order */
-		sk_X509_REVOKED_sort(ci->revoked);
-		for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
-			{
-			r=sk_X509_REVOKED_value(ci->revoked,i);
-			r->sequence=i;
-			}
+		X509_CRL_sort(crl);
 
 		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
@@ -1165,28 +1527,31 @@ bad:
 				}
 			}
 		else
-		    {
-#ifndef NO_DSA
-		    if (pkey->type == EVP_PKEY_DSA) 
-			dgst=EVP_dss1();
-		    else
+			{
+#ifndef OPENSSL_NO_DSA
+			if (pkey->type == EVP_PKEY_DSA) 
+				dgst=EVP_dss1();
+			else
 #endif
-			dgst=EVP_md5();
-		    }
+				dgst=EVP_md5();
+			}
 
 		/* Add any extensions asked for */
 
-		if(crl_ext) {
-		    X509V3_CTX crlctx;
-		    if (ci->version == NULL)
-		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
-		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
-		    X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
-		    X509V3_set_conf_lhash(&crlctx, conf);
+		if (crl_ext)
+			{
+			X509V3_CTX crlctx;
+			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+			X509V3_set_nconf(&crlctx, conf);
 
-		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
-						 crl_ext, crl)) goto err;
-		}
+			if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+				crl_ext, crl)) goto err;
+			}
+		if (crl_ext || crl_v2)
+			{
+			if (!X509_CRL_set_version(crl, 1))
+				goto err; /* version 2 CRL */
+			}
 
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
@@ -1203,24 +1568,22 @@ bad:
 		else
 			{
 			X509 *revcert;
-			if (BIO_read_filename(in,infile) <= 0)
-				{
-				perror(infile);
-				BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
-				goto err;
-				}
-			revcert=PEM_read_bio_X509(in,NULL,NULL,NULL);
+			revcert=load_cert(bio_err, infile, FORMAT_PEM,
+				NULL, e, infile);
 			if (revcert == NULL)
-				{
-				BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
 				goto err;
-				}
-			j=do_revoke(revcert,db);
+			j=do_revoke(revcert,db, rev_type, rev_arg);
 			if (j <= 0) goto err;
 			X509_free(revcert);
 
-			strncpy(buf[0],dbfile,BSIZE-4);
-#ifndef VMS
+			if(strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"filename too long\n");
+				goto err;
+				}
+
+			strcpy(buf[0],dbfile);
+#ifndef OPENSSL_SYS_VMS
 			strcat(buf[0],".new");
 #else
 			strcat(buf[0],"-new");
@@ -1233,8 +1596,13 @@ bad:
 				}
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
 			strncpy(buf[1],dbfile,BSIZE-4);
-#ifndef VMS
+			buf[1][BSIZE-4]='\0';
+#ifndef OPENSSL_SYS_VMS
 			strcat(buf[1],".old");
 #else
 			strcat(buf[1],"-old");
@@ -1258,24 +1626,28 @@ bad:
 	/*****************************************************************/
 	ret=0;
 err:
-	BIO_free(hex);
+	if(tofree)
+		OPENSSL_free(tofree);
 	BIO_free_all(Cout);
 	BIO_free_all(Sout);
 	BIO_free_all(out);
-	BIO_free(in);
+	BIO_free_all(in);
 
 	sk_X509_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
 	app_RAND_write_file(randfile, bio_err);
+	if (free_key)
+		OPENSSL_free(key);
 	BN_free(serial);
 	TXT_DB_free(db);
 	EVP_PKEY_free(pkey);
 	X509_free(x509);
 	X509_CRL_free(crl);
-	CONF_free(conf);
+	NCONF_free(conf);
 	OBJ_cleanup();
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static void lookup_fail(char *name, char *tag)
@@ -1283,31 +1655,31 @@ static void lookup_fail(char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
-static unsigned long index_serial_hash(char **a)
+static unsigned long index_serial_hash(const char **a)
 	{
-	char *n;
+	const char *n;
 
 	n=a[DB_serial];
 	while (*n == '0') n++;
 	return(lh_strhash(n));
 	}
 
-static int index_serial_cmp(char **a, char **b)
+static int index_serial_cmp(const char **a, const char **b)
 	{
-	char *aa,*bb;
+	const char *aa,*bb;
 
 	for (aa=a[DB_serial]; *aa == '0'; aa++);
 	for (bb=b[DB_serial]; *bb == '0'; bb++);
 	return(strcmp(aa,bb));
 	}
 
-static unsigned long index_name_hash(char **a)
+static unsigned long index_name_hash(const char **a)
 	{ return(lh_strhash(a[DB_name])); }
 
 static int index_name_qual(char **a)
 	{ return(a[0][0] == 'V'); }
 
-static int index_name_cmp(char **a, char **b)
+static int index_name_cmp(const char **a, const char **b)
 	{ return(strcmp(a[DB_name],
 	     b[DB_name])); }
 
@@ -1340,7 +1712,7 @@ static BIGNUM *load_serial(char *serialfile)
 	ret=ASN1_INTEGER_to_BN(ai,NULL);
 	if (ret == NULL)
 		{
-		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
 		goto err;
 		}
 err:
@@ -1383,8 +1755,10 @@ err:
 
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     BIGNUM *serial, char *startdate, char *enddate, int days,
-	     int batch, char *ext_sect, LHASH *lconf, int verbose)
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+	     unsigned long certopt, unsigned long nameopt, int default_op,
+	     int ext_copy)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1431,8 +1805,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	else
 		BIO_printf(bio_err,"Signature ok\n");
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate,
-		days,batch,verbose,req,ext_sect,lconf);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn,
+		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
+		certopt, nameopt, default_op, ext_copy);
 
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -1442,27 +1817,18 @@ err:
 
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     BIGNUM *serial, char *startdate, char *enddate, int days,
-	     int batch, char *ext_sect, LHASH *lconf, int verbose)
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+	     unsigned long certopt, unsigned long nameopt, int default_op,
+	     int ext_copy, ENGINE *e)
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
-	BIO *in=NULL;
 	EVP_PKEY *pktmp=NULL;
 	int ok= -1,i;
 
-	in=BIO_new(BIO_s_file());
-
-	if (BIO_read_filename(in,infile) <= 0)
-		{
-		perror(infile);
-		goto err;
-		}
-	if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+	if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
 		goto err;
-		}
 	if (verbose)
 		X509_print(bio_err,req);
 
@@ -1493,22 +1859,24 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days,
-		batch,verbose,rreq,ext_sect,lconf);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
+		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
+		ext_copy);
 
 err:
 	if (rreq != NULL) X509_REQ_free(rreq);
 	if (req != NULL) X509_free(req);
-	if (in != NULL) BIO_free(in);
 	return(ok);
 	}
 
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
-	     char *startdate, char *enddate, int days, int batch, int verbose,
-	     X509_REQ *req, char *ext_sect, LHASH *lconf)
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
+	     int email_dn, char *startdate, char *enddate, long days, int batch,
+	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
+	     unsigned long certopt, unsigned long nameopt, int default_op,
+	     int ext_copy)
 	{
-	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
+	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
 	ASN1_STRING *str,*str2;
 	ASN1_OBJECT *obj;
@@ -1521,7 +1889,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	char *p;
 	CONF_VALUE *cv;
 	char *row[DB_NUMBER],**rrow,**irow=NULL;
-	char buf[25],*pbuf;
+	char buf[25];
 
 	tmptm=ASN1_UTCTIME_new();
 	if (tmptm == NULL)
@@ -1533,20 +1901,29 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	for (i=0; i<DB_NUMBER; i++)
 		row[i]=NULL;
 
-	BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n");
+	if (subj)
+		{
+		X509_NAME *n = do_subject(subj, MBSTRING_ASC);
+
+		if (!n)
+			{
+			ERR_print_errors(bio_err);
+			goto err;
+			}
+		X509_REQ_set_subject_name(req,n);
+		req->req_info->enc.modified = 1;
+		X509_NAME_free(n);
+		}
+
+	if (default_op)
+		BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
+
 	name=X509_REQ_get_subject_name(req);
 	for (i=0; i<X509_NAME_entry_count(name); i++)
 		{
-		ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i);
-		obj=X509_NAME_ENTRY_get_object(ne);
-		j=i2a_ASN1_OBJECT(bio_err,obj);
+		ne= X509_NAME_get_entry(name,i);
 		str=X509_NAME_ENTRY_get_data(ne);
-		pbuf=buf;
-		for (j=22-j; j>0; j--)
-			*(pbuf++)=' ';
-		*(pbuf++)=':';
-		*(pbuf++)='\0';
-		BIO_puts(bio_err,buf);
+		obj=X509_NAME_ENTRY_get_object(ne);
 
 		if (msie_hack)
 			{
@@ -1565,16 +1942,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 				str->type=V_ASN1_IA5STRING;
 			}
 
-		if (str->type == V_ASN1_PRINTABLESTRING)
-			BIO_printf(bio_err,"PRINTABLE:'");
-		else if (str->type == V_ASN1_T61STRING)
-			BIO_printf(bio_err,"T61STRING:'");
-		else if (str->type == V_ASN1_IA5STRING)
-			BIO_printf(bio_err,"IA5STRING:'");
-		else if (str->type == V_ASN1_UNIVERSALSTRING)
-			BIO_printf(bio_err,"UNIVERSALSTRING:'");
-		else
-			BIO_printf(bio_err,"ASN.1 %2d:'",str->type);
+		/* If no EMAIL is wanted in the subject */
+		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+			continue;
 
 		/* check some things */
 		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
@@ -1583,29 +1953,21 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 			BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
 			goto err;
 			}
-		j=ASN1_PRINTABLE_type(str->data,str->length);
-		if (	((j == V_ASN1_T61STRING) &&
-			 (str->type != V_ASN1_T61STRING)) ||
-			((j == V_ASN1_IA5STRING) &&
-			 (str->type == V_ASN1_PRINTABLESTRING)))
+		if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
 			{
-			BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
-			goto err;
-			}
-			
-		p=(char *)str->data;
-		for (j=str->length; j>0; j--)
-			{
-			if ((*p >= ' ') && (*p <= '~'))
-				BIO_printf(bio_err,"%c",*p);
-			else if (*p & 0x80)
-				BIO_printf(bio_err,"\\0x%02X",*p);
-			else if ((unsigned char)*p == 0xf7)
-				BIO_printf(bio_err,"^?");
-			else	BIO_printf(bio_err,"^%c",*p+'@');
-			p++;
+			j=ASN1_PRINTABLE_type(str->data,str->length);
+			if (	((j == V_ASN1_T61STRING) &&
+				 (str->type != V_ASN1_T61STRING)) ||
+				((j == V_ASN1_IA5STRING) &&
+				 (str->type == V_ASN1_PRINTABLESTRING)))
+				{
+				BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+				goto err;
+				}
 			}
-		BIO_printf(bio_err,"'\n");
+
+		if (default_op)
+			old_entry_print(bio_err, obj, str);
 		}
 
 	/* Ok, now we check the 'policy' stuff. */
@@ -1720,16 +2082,44 @@ again2:
 	if (preserve)
 		{
 		X509_NAME_free(subject);
-		subject=X509_NAME_dup(X509_REQ_get_subject_name(req));
+		/* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+		subject=X509_NAME_dup(name);
 		if (subject == NULL) goto err;
 		}
 
 	if (verbose)
 		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
 
-	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-	row[DB_serial]=BN_bn2hex(serial);
-	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+	/* Build the correct Subject if no e-mail is wanted in the subject */
+	/* and add it later on because of the method extensions are added (altName) */
+	 
+	if (email_dn)
+		dn_subject = subject;
+	else
+		{
+		X509_NAME_ENTRY *tmpne;
+		/* Its best to dup the subject DN and then delete any email
+		 * addresses because this retains its structure.
+		 */
+		if (!(dn_subject = X509_NAME_dup(subject)))
+			{
+			BIO_printf(bio_err,"Memory allocation failure\n");
+			goto err;
+			}
+		while((i = X509_NAME_get_index_by_NID(dn_subject,
+					NID_pkcs9_emailAddress, -1)) >= 0)
+			{
+			tmpne = X509_NAME_get_entry(dn_subject, i);
+			X509_NAME_delete_entry(dn_subject, i);
+			X509_NAME_ENTRY_free(tmpne);
+			}
+		}
+
+	if (BN_is_zero(serial))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(serial);
+	if (row[DB_serial] == NULL)
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
@@ -1799,7 +2189,6 @@ again2:
 	if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
 		goto err;
 
-	BIO_printf(bio_err,"Certificate is to be certified until ");
 	if (strcmp(startdate,"today") == 0)
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
 	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
@@ -1808,10 +2197,6 @@ again2:
 		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
 	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
 
-	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
-	if(days) BIO_printf(bio_err," (%d days)",days);
-	BIO_printf(bio_err, "\n");
-
 	if (!X509_set_subject_name(ret,subject)) goto err;
 
 	pktmp=X509_REQ_get_pubkey(req);
@@ -1836,16 +2221,80 @@ again2:
 
 		ci->extensions = NULL;
 
+		/* Initialize the context structure */
 		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
-		X509V3_set_conf_lhash(&ctx, lconf);
 
-		if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
+		if (extconf)
+			{
+			if (verbose)
+				BIO_printf(bio_err, "Extra configuration file found\n");
+ 
+			/* Use the extconf configuration db LHASH */
+			X509V3_set_nconf(&ctx, extconf);
+ 
+			/* Test the structure (needed?) */
+			/* X509V3_set_ctx_test(&ctx); */
+
+			/* Adds exts contained in the configuration file */
+			if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
+				{
+				BIO_printf(bio_err,
+				    "ERROR: adding extensions in section %s\n",
+								ext_sect);
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+			if (verbose)
+				BIO_printf(bio_err, "Successfully added extensions from file.\n");
+			}
+		else if (ext_sect)
+			{
+			/* We found extensions to be set from config file */
+			X509V3_set_nconf(&ctx, lconf);
+
+			if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
+				{
+				BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+			if (verbose) 
+				BIO_printf(bio_err, "Successfully added extensions from config\n");
+			}
+		}
+
+	/* Copy extensions from request (if any) */
 
+	if (!copy_extensions(ret, req, ext_copy))
+		{
+		BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	/* Set the right value for the noemailDN option */
+	if( email_dn == 0 )
+		{
+		if (!X509_set_subject_name(ret,dn_subject)) goto err;
+		}
+
+	if (!default_op)
+		{
+		BIO_printf(bio_err, "Certificate Details:\n");
+		/* Never print signature details because signature not present */
+		certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+		X509_print_ex(bio_err, ret, nameopt, certopt); 
 		}
 
+	BIO_printf(bio_err,"Certificate is to be certified until ");
+	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+	if (days) BIO_printf(bio_err," (%d days)",days);
+	BIO_printf(bio_err, "\n");
 
 	if (!batch)
 		{
+
 		BIO_printf(bio_err,"Sign the certificate? [y/n]:");
 		(void)BIO_flush(bio_err);
 		buf[0]='\0';
@@ -1859,7 +2308,7 @@ again2:
 		}
 
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
 	pktmp=X509_get_pubkey(ret);
 	if (EVP_PKEY_missing_parameters(pktmp) &&
@@ -1883,10 +2332,10 @@ again2:
 
 	/* row[DB_serial] done already */
 	row[DB_file]=(char *)OPENSSL_malloc(8);
-	/* row[DB_name] done already */
+	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
 
 	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-		(row[DB_file] == NULL))
+		(row[DB_file] == NULL) || (row[DB_name] == NULL))
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
@@ -1923,6 +2372,8 @@ err:
 		X509_NAME_free(CAname);
 	if (subject != NULL)
 		X509_NAME_free(subject);
+	if ((dn_subject != NULL) && !email_dn)
+		X509_NAME_free(dn_subject);
 	if (tmptm != NULL)
 		ASN1_UTCTIME_free(tmptm);
 	if (ok <= 0)
@@ -1955,14 +2406,15 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 	i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
 	BIO_puts(bp,"\n\n");
 #endif
-	if(!notext)X509_print(bp,x);
+	if (!notext)X509_print(bp,x);
 	PEM_write_bio_X509(bp,x);
 	}
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     BIGNUM *serial, char *startdate, char *enddate, int days,
-	     char *ext_sect, LHASH *lconf, int verbose)
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
+	     unsigned long nameopt, int default_op, int ext_copy)
 	{
 	STACK_OF(CONF_VALUE) *sk=NULL;
 	LHASH *parms=NULL;
@@ -2028,12 +2480,13 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 		/* Skip past any leading X. X: X, etc to allow for
 		 * multiple instances
 		 */
-		for(buf = cv->name; *buf ; buf++)
-			if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
-					buf++;
-					if(*buf) type = buf;
-					break;
-		}
+		for (buf = cv->name; *buf ; buf++)
+			if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
+				{
+				buf++;
+				if (*buf) type = buf;
+				break;
+				}
 
 		buf=cv->value;
 		if ((nid=OBJ_txt2nid(type)) == NID_undef)
@@ -2051,6 +2504,11 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 			continue;
 			}
 
+		/*
+		if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
+			continue;
+		*/
+		
 		j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
 		if (fix_data(nid, &j) == 0)
 			{
@@ -2095,8 +2553,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 
 	X509_REQ_set_pubkey(req,pktmp);
 	EVP_PKEY_free(pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,
-		   days,1,verbose,req,ext_sect,lconf);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
+		   days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
+			ext_copy);
 err:
 	if (req != NULL) X509_REQ_free(req);
 	if (parms != NULL) CONF_free(parms);
@@ -2131,10 +2590,11 @@ static int check_time_format(char *str)
 	return(ASN1_UTCTIME_check(&tm));
 	}
 
-static int do_revoke(X509 *x509, TXT_DB *db)
-{
-	ASN1_UTCTIME *tm=NULL, *revtm=NULL;
+static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
+	{
+	ASN1_UTCTIME *tm=NULL;
 	char *row[DB_NUMBER],**rrow,**irow;
+	char *rev_str = NULL;
 	BIGNUM *bn = NULL;
 	int ok=-1,i;
 
@@ -2142,7 +2602,10 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 		row[i]=NULL;
 	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
 	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	row[DB_serial]=BN_bn2hex(bn);
+	if (BN_is_zero(bn))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(bn);
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
@@ -2203,12 +2666,12 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 			}
 
 		/* Revoke Certificate */
-		ok = do_revoke(x509,db);
+		ok = do_revoke(x509,db, type, value);
 
 		goto err;
 
 		}
-	else if (index_name_cmp(row,rrow))
+	else if (index_name_cmp((const char **)row,(const char **)rrow))
 		{
 		BIO_printf(bio_err,"ERROR:name does not match %s\n",
 			   row[DB_name]);
@@ -2223,14 +2686,15 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 	else
 		{
 		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
-		revtm = ASN1_UTCTIME_new();
-		revtm=X509_gmtime_adj(revtm,0);
+		rev_str = make_revocation_str(type, value);
+		if (!rev_str)
+			{
+			BIO_printf(bio_err, "Error in revocation arguments\n");
+			goto err;
+			}
 		rrow[DB_type][0]='R';
 		rrow[DB_type][1]='\0';
-		rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1);
-		memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
-		rrow[DB_rev_date][revtm->length]='\0';
-		ASN1_UTCTIME_free(revtm);
+		rrow[DB_rev_date] = rev_str;
 		}
 	ok=1;
 err:
@@ -2240,5 +2704,622 @@ err:
 			OPENSSL_free(row[i]);
 		}
 	return(ok);
+	}
+
+static int get_certificate_status(const char *serial, TXT_DB *db)
+	{
+	char *row[DB_NUMBER],**rrow;
+	int ok=-1,i;
+
+	/* Free Resources */
+	for (i=0; i<DB_NUMBER; i++)
+		row[i]=NULL;
+
+	/* Malloc needed char spaces */
+	row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
+	if (row[DB_serial] == NULL)
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto err;
+		}
+
+	if (strlen(serial) % 2)
+		{
+		/* Set the first char to 0 */;
+		row[DB_serial][0]='0';
+
+		/* Copy String from serial to row[DB_serial] */
+		memcpy(row[DB_serial]+1, serial, strlen(serial));
+		row[DB_serial][strlen(serial)+1]='\0';
+		}
+	else
+		{
+		/* Copy String from serial to row[DB_serial] */
+		memcpy(row[DB_serial], serial, strlen(serial));
+		row[DB_serial][strlen(serial)]='\0';
+		}
+			
+	/* Make it Upper Case */
+	for (i=0; row[DB_serial][i] != '\0'; i++)
+		row[DB_serial][i] = toupper(row[DB_serial][i]);
+	
+
+	ok=1;
+
+	/* Search for the certificate */
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
+	if (rrow == NULL)
+		{
+		BIO_printf(bio_err,"Serial %s not present in db.\n",
+				 row[DB_serial]);
+		ok=-1;
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='V')
+		{
+		BIO_printf(bio_err,"%s=Valid (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='R')
+		{
+		BIO_printf(bio_err,"%s=Revoked (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='E')
+		{
+		BIO_printf(bio_err,"%s=Expired (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='S')
+		{
+		BIO_printf(bio_err,"%s=Suspended (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else
+		{
+		BIO_printf(bio_err,"%s=Unknown (%c).\n",
+			row[DB_serial], rrow[DB_type][0]);
+		ok=-1;
+		}
+err:
+	for (i=0; i<DB_NUMBER; i++)
+		{
+		if (row[i] != NULL)
+			OPENSSL_free(row[i]);
+		}
+	return(ok);
+	}
+
+static int do_updatedb (TXT_DB *db)
+	{
+	ASN1_UTCTIME	*a_tm = NULL;
+	int i, cnt = 0;
+	int db_y2k, a_y2k;  /* flags = 1 if y >= 2000 */ 
+	char **rrow, *a_tm_s;
+
+	a_tm = ASN1_UTCTIME_new();
+
+	/* get actual time and make a string */
+	a_tm = X509_gmtime_adj(a_tm, 0);
+	a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
+	if (a_tm_s == NULL)
+		{
+		cnt = -1;
+		goto err;
+		}
+
+	memcpy(a_tm_s, a_tm->data, a_tm->length);
+	a_tm_s[a_tm->length] = '\0';
+
+	if (strncmp(a_tm_s, "49", 2) <= 0)
+		a_y2k = 1;
+	else
+		a_y2k = 0;
+
+	for (i = 0; i < sk_num(db->data); i++)
+		{
+		rrow = (char **) sk_value(db->data, i);
+
+		if (rrow[DB_type][0] == 'V')
+		 	{
+			/* ignore entries that are not valid */
+			if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+				db_y2k = 1;
+			else
+				db_y2k = 0;
+
+			if (db_y2k == a_y2k)
+				{
+				/* all on the same y2k side */
+				if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
+				       	{
+				       	rrow[DB_type][0]  = 'E';
+				       	rrow[DB_type][1]  = '\0';
+	  				cnt++;
+
+					BIO_printf(bio_err, "%s=Expired\n",
+							rrow[DB_serial]);
+					}
+				}
+			else if (db_y2k < a_y2k)
+				{
+		  		rrow[DB_type][0]  = 'E';
+		  		rrow[DB_type][1]  = '\0';
+	  			cnt++;
+
+				BIO_printf(bio_err, "%s=Expired\n",
+							rrow[DB_serial]);
+				}
+
+			}
+    		}
+
+err:
+
+	ASN1_UTCTIME_free(a_tm);
+	OPENSSL_free(a_tm_s);
+
+	return (cnt);
+	}
+
+static char *crl_reasons[] = {
+	/* CRL reason strings */
+	"unspecified",
+	"keyCompromise",
+	"CACompromise",
+	"affiliationChanged",
+	"superseded", 
+	"cessationOfOperation",
+	"certificateHold",
+	"removeFromCRL",
+	/* Additional pseudo reasons */
+	"holdInstruction",
+	"keyTime",
+	"CAkeyTime"
+};
+
+#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
+
+/* Given revocation information convert to a DB string.
+ * The format of the string is:
+ * revtime[,reason,extra]. Where 'revtime' is the
+ * revocation time (the current time). 'reason' is the
+ * optional CRL reason and 'extra' is any additional
+ * argument
+ */
+
+char *make_revocation_str(int rev_type, char *rev_arg)
+	{
+	char *reason = NULL, *other = NULL, *str;
+	ASN1_OBJECT *otmp;
+	ASN1_UTCTIME *revtm = NULL;
+	int i;
+	switch (rev_type)
+		{
+	case REV_NONE:
+		break;
+
+	case REV_CRL_REASON:
+		for (i = 0; i < 8; i++)
+			{
+			if (!strcasecmp(rev_arg, crl_reasons[i]))
+				{
+				reason = crl_reasons[i];
+				break;
+				}
+			}
+		if (reason == NULL)
+			{
+			BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+			return NULL;
+			}
+		break;
+
+	case REV_HOLD:
+		/* Argument is an OID */
+
+		otmp = OBJ_txt2obj(rev_arg, 0);
+		ASN1_OBJECT_free(otmp);
+
+		if (otmp == NULL)
+			{
+			BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+			return NULL;
+			}
+
+		reason = "holdInstruction";
+		other = rev_arg;
+		break;
+		
+	case REV_KEY_COMPROMISE:
+	case REV_CA_COMPROMISE:
+
+		/* Argument is the key compromise time  */
+		if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
+			{	
+			BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
+			return NULL;
+			}
+		other = rev_arg;
+		if (rev_type == REV_KEY_COMPROMISE)
+			reason = "keyTime";
+		else 
+			reason = "CAkeyTime";
+
+		break;
+
+		}
+
+	revtm = X509_gmtime_adj(NULL, 0);
+
+	i = revtm->length + 1;
+
+	if (reason) i += strlen(reason) + 1;
+	if (other) i += strlen(other) + 1;
+
+	str = OPENSSL_malloc(i);
+
+	if (!str) return NULL;
+
+	strcpy(str, (char *)revtm->data);
+	if (reason)
+		{
+		strcat(str, ",");
+		strcat(str, reason);
+		}
+	if (other)
+		{
+		strcat(str, ",");
+		strcat(str, other);
+		}
+	ASN1_UTCTIME_free(revtm);
+	return str;
+	}
+
+/* Convert revocation field to X509_REVOKED entry 
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+
+int make_revoked(X509_REVOKED *rev, char *str)
+	{
+	char *tmp = NULL;
+	int reason_code = -1;
+	int i, ret = 0;
+	ASN1_OBJECT *hold = NULL;
+	ASN1_GENERALIZEDTIME *comp_time = NULL;
+	ASN1_ENUMERATED *rtmp = NULL;
+
+	ASN1_TIME *revDate = NULL;
+
+	i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+	if (i == 0)
+		goto err;
+
+	if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+		goto err;
+
+	if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
+		{
+		rtmp = ASN1_ENUMERATED_new();
+		if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+			goto err;
+		if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+			goto err;
+		}
+
+	if (rev && comp_time)
+		{
+		if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
+			goto err;
+		}
+	if (rev && hold)
+		{
+		if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
+			goto err;
+		}
+
+	if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+		ret = 2;
+	else ret = 1;
+
+	err:
+
+	if (tmp) OPENSSL_free(tmp);
+	ASN1_OBJECT_free(hold);
+	ASN1_GENERALIZEDTIME_free(comp_time);
+	ASN1_ENUMERATED_free(rtmp);
+	ASN1_TIME_free(revDate);
+
+	return ret;
+	}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *do_subject(char *subject, long chtype)
+	{
+	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+	char *buf = OPENSSL_malloc(buflen);
+	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
+
+	char *sp = subject, *bp = buf;
+	int i, ne_num = 0;
+
+	X509_NAME *n = NULL;
+	int nid;
+
+	if (!buf || !ne_types || !ne_values)
+	{
+		BIO_printf(bio_err, "malloc error\n");
+		goto error;
+	}
+
+	if (*subject != '/')
+	{
+		BIO_printf(bio_err, "Subject does not start with '/'.\n");
+		goto error;
+	}
+	sp++; /* skip leading / */
+
+	while (*sp)
+		{
+		/* collect type */
+		ne_types[ne_num] = bp;
+		while (*sp)
+			{
+			if (*sp == '\\') /* is there anything to escape in the type...? */
+				{
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+					{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+					}
+				}
+			else if (*sp == '=')
+				{
+				sp++;
+				*bp++ = '\0';
+				break;
+				}
+			else
+				*bp++ = *sp++;
+			}
+		if (!*sp)
+			{
+			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
+			goto error;
+			}
+		ne_values[ne_num] = bp;
+		while (*sp)
+			{
+			if (*sp == '\\')
+				{
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+					{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+					}
+				}
+			else if (*sp == '/')
+				{
+				sp++;
+				break;
+				}
+			else
+				*bp++ = *sp++;
+			}
+		*bp++ = '\0';
+		ne_num++;
+		}
+
+	if (!(n = X509_NAME_new()))
+		goto error;
+
+	for (i = 0; i < ne_num; i++)
+		{
+		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
+			{
+			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
+			continue;
+			}
+
+		if (!*ne_values[i])
+			{
+			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
+			continue;
+			}
+
+		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
+			goto error;
+		}
+
+	OPENSSL_free(ne_values);
+	OPENSSL_free(ne_types);
+	OPENSSL_free(buf);
+	return n;
+
+error:
+	X509_NAME_free(n);
+	if (ne_values)
+		OPENSSL_free(ne_values);
+	if (ne_types)
+		OPENSSL_free(ne_types);
+	if (buf)
+		OPENSSL_free(buf);
+	return NULL;
 }
 
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+	{
+	char buf[25],*pbuf, *p;
+	int j;
+	j=i2a_ASN1_OBJECT(bp,obj);
+	pbuf=buf;
+	for (j=22-j; j>0; j--)
+		*(pbuf++)=' ';
+	*(pbuf++)=':';
+	*(pbuf++)='\0';
+	BIO_puts(bp,buf);
+
+	if (str->type == V_ASN1_PRINTABLESTRING)
+		BIO_printf(bp,"PRINTABLE:'");
+	else if (str->type == V_ASN1_T61STRING)
+		BIO_printf(bp,"T61STRING:'");
+	else if (str->type == V_ASN1_IA5STRING)
+		BIO_printf(bp,"IA5STRING:'");
+	else if (str->type == V_ASN1_UNIVERSALSTRING)
+		BIO_printf(bp,"UNIVERSALSTRING:'");
+	else
+		BIO_printf(bp,"ASN.1 %2d:'",str->type);
+			
+	p=(char *)str->data;
+	for (j=str->length; j>0; j--)
+		{
+		if ((*p >= ' ') && (*p <= '~'))
+			BIO_printf(bp,"%c",*p);
+		else if (*p & 0x80)
+			BIO_printf(bp,"\\0x%02X",*p);
+		else if ((unsigned char)*p == 0xf7)
+			BIO_printf(bp,"^?");
+		else	BIO_printf(bp,"^%c",*p+'@');
+		p++;
+		}
+	BIO_printf(bp,"'\n");
+	return 1;
+	}
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str)
+	{
+	char *tmp = NULL;
+	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+	int reason_code = -1;
+	int i, ret = 0;
+	ASN1_OBJECT *hold = NULL;
+	ASN1_GENERALIZEDTIME *comp_time = NULL;
+	tmp = BUF_strdup(str);
+
+	p = strchr(tmp, ',');
+
+	rtime_str = tmp;
+
+	if (p)
+		{
+		*p = '\0';
+		p++;
+		reason_str = p;
+		p = strchr(p, ',');
+		if (p)
+			{
+			*p = '\0';
+			arg_str = p + 1;
+			}
+		}
+
+	if (prevtm)
+		{
+		*prevtm = ASN1_UTCTIME_new();
+		if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
+			{
+			BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+			goto err;
+			}
+		}
+	if (reason_str)
+		{
+		for (i = 0; i < NUM_REASONS; i++)
+			{
+			if(!strcasecmp(reason_str, crl_reasons[i]))
+				{
+				reason_code = i;
+				break;
+				}
+			}
+		if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
+			{
+			BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+			goto err;
+			}
+
+		if (reason_code == 7)
+			reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+		else if (reason_code == 8)		/* Hold instruction */
+			{
+			if (!arg_str)
+				{	
+				BIO_printf(bio_err, "missing hold instruction\n");
+				goto err;
+				}
+			reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+			hold = OBJ_txt2obj(arg_str, 0);
+
+			if (!hold)
+				{
+				BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
+				goto err;
+				}
+			if (phold) *phold = hold;
+			}
+		else if ((reason_code == 9) || (reason_code == 10))
+			{
+			if (!arg_str)
+				{	
+				BIO_printf(bio_err, "missing compromised time\n");
+				goto err;
+				}
+			comp_time = ASN1_GENERALIZEDTIME_new();
+			if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
+				{	
+				BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+				goto err;
+				}
+			if (reason_code == 9)
+				reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+			else
+				reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+			}
+		}
+
+	if (preason) *preason = reason_code;
+	if (pinvtm) *pinvtm = comp_time;
+	else ASN1_GENERALIZEDTIME_free(comp_time);
+
+	ret = 1;
+
+	err:
+
+	if (tmp) OPENSSL_free(tmp);
+	if (!phold) ASN1_OBJECT_free(hold);
+	if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
+
+	return ret;
+	}
+
+int make_serial_index(TXT_DB *db)
+	{
+	if (!TXT_DB_create_index(db, DB_serial, NULL,
+				LHASH_HASH_FN(index_serial_hash),
+				LHASH_COMP_FN(index_serial_cmp)))
+		{
+		BIO_printf(bio_err,
+		  "error creating serial number index:(%ld,%ld,%ld)\n",
+		  			db->error,db->arg1,db->arg2);
+			return 0;
+		}
+	return 1;
+	}
diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c
index b6e2f96..7c62fc5 100644
--- a/crypto/openssl/apps/ciphers.c
+++ b/crypto/openssl/apps/ciphers.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -95,11 +95,11 @@ int MAIN(int argc, char **argv)
 	char buf[512];
 	BIO *STDout=NULL;
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
 
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
@@ -121,15 +121,15 @@ int MAIN(int argc, char **argv)
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 		else if (strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
 	if (badops)
 		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
@@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
 				sk_SSL_CIPHER_value(sk,i),
-				buf,512));
+				buf,sizeof buf));
 			}
 		}
 
@@ -202,6 +202,7 @@ end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
 	if (STDout != NULL) BIO_free_all(STDout);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c
index 3b5725f..c6089ac 100644
--- a/crypto/openssl/apps/crl.c
+++ b/crypto/openssl/apps/crl.c
@@ -87,6 +87,7 @@ static char *crl_usage[]={
 " -noout          - no CRL output\n",
 " -CAfile  name   - verify CRL using certificates in file \"name\"\n",
 " -CApath  dir    - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg    - various certificate name options\n",
 NULL
 };
 
@@ -97,6 +98,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	unsigned long nmflag = 0;
 	X509_CRL *x=NULL;
 	char *CAfile = NULL, *CApath = NULL;
 	int ret=1,i,num,badops=0;
@@ -105,7 +107,7 @@ int MAIN(int argc, char **argv)
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	int fingerprint = 0;
-	char **pp,buf[256];
+	char **pp;
 	X509_STORE *store = NULL;
 	X509_STORE_CTX ctx;
 	X509_LOOKUP *lookup = NULL;
@@ -120,11 +122,14 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			bio_out = BIO_push(tmpbio, bio_out);
@@ -185,6 +190,11 @@ int MAIN(int argc, char **argv)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
 		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
@@ -214,7 +224,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
@@ -235,7 +245,11 @@ bad:
 			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 		ERR_clear_error();
 
-		X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+			BIO_printf(bio_err,
+				"Error initialising X509 store\n");
+			goto end;
+		}
 
 		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
 					X509_CRL_get_issuer(x), &xobj);
@@ -264,9 +278,7 @@ bad:
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(X509_CRL_get_issuer(x),
-								buf,256);
-				BIO_printf(bio_out,"issuer= %s\n",buf);
+				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
 				}
 
 			if (hash == i)
@@ -324,7 +336,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -364,7 +376,8 @@ end:
 		X509_STORE_CTX_cleanup(&ctx);
 		X509_STORE_free(store);
 	}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static X509_CRL *load_crl(char *infile, int format)
diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c
index 7f853b6..b2f2d12 100644
--- a/crypto/openssl/apps/crl2p7.c
+++ b/crypto/openssl/apps/crl2p7.c
@@ -166,7 +166,8 @@ bad:
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
 		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
-		EXIT(1);
+		ret = 1;
+		goto end;
 		}
 
 	ERR_load_crypto_strings();
@@ -241,7 +242,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -278,7 +279,8 @@ end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);
 
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 /*
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 482b023..280f79b 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -73,13 +73,15 @@
 #undef PROG
 #define PROG	dgst_main
 
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-		EVP_PKEY *key, unsigned char *sigin, int siglen);
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -91,12 +93,14 @@ int MAIN(int argc, char **argv)
 	char pname[PROG_NAME_SIZE+1];
 	int separator=0;
 	int debug=0;
+	int keyform=FORMAT_PEM;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
 	int out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -109,8 +113,11 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
-	program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,sizeof pname);
 
 	md=EVP_get_digestbyname(pname);
 
@@ -154,6 +161,16 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) break;
+			keyform=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) break;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -188,8 +205,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
+		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -209,6 +228,8 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -238,7 +259,7 @@ int MAIN(int argc, char **argv)
 		else    out = BIO_new_file(outfile, "w");
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -253,27 +274,21 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
-	if(keyfile) {
-		BIO *keybio;
-		keybio = BIO_new_file(keyfile, "r");
-		if(!keybio) {
-			BIO_printf(bio_err, "Error opening key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		
-		if(want_pub) 
-			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
-		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
-		BIO_free(keybio);
-		if(!sigkey) {
-			BIO_printf(bio_err, "Error reading key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
+	if(keyfile)
+		{
+		if (want_pub)
+			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
+				e, "key file");
+		else
+			sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
+				e, "key file");
+		if (!sigkey)
+			{
+			/* load_[pub]key() has already printed an appropriate
+			   message */
 			goto end;
+			}
 		}
-	}
 
 	if(sigfile && sigkey) {
 		BIO *sigbio;
@@ -305,29 +320,43 @@ int MAIN(int argc, char **argv)
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
+		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
+			  siglen,"","(stdin)");
 		}
 	else
 		{
 		name=OBJ_nid2sn(md->type);
 		for (i=0; i<argc; i++)
 			{
+			char *tmp,*tofree=NULL;
+			int r;
+
 			if (BIO_read_filename(in,argv[i]) <= 0)
 				{
 				perror(argv[i]);
 				err++;
 				continue;
 				}
-			if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
-			do_fp(out, buf,inp,separator, out_bin, sigkey, 
-								sigbuf, siglen);
+			if(!out_bin)
+				{
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
+				}
+			else
+				tmp="";
+			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
+				siglen,tmp,argv[i]);
+			if(r)
+			    err=r;
+			if(tofree)
+				OPENSSL_free(tofree);
 			(void)BIO_reset(bmd);
 			}
 		}
 end:
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZE);
+		OPENSSL_cleanse(buf,BUFSIZE);
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
@@ -335,11 +364,13 @@ end:
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
-	EXIT(err);
+	apps_shutdown();
+	OPENSSL_EXIT(err);
 	}
 
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-			EVP_PKEY *key, unsigned char *sigin, int siglen)
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file)
 	{
 	int len;
 	int i;
@@ -347,21 +378,33 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
-		if (i <= 0) break;
+		if(i < 0)
+			{
+			BIO_printf(bio_err, "Read Error in %s\n",file);
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		if (i == 0) break;
 		}
 	if(sigin)
 		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
-		if(i > 0) BIO_printf(out, "Verified OK\n");
-		else if(i == 0) BIO_printf(out, "Verification Failure\n");
+		if(i > 0)
+			BIO_printf(out, "Verified OK\n");
+		else if(i == 0)
+			{
+			BIO_printf(out, "Verification Failure\n");
+			return 1;
+			}
 		else
 			{
 			BIO_printf(bio_err, "Error Verifying Data\n");
 			ERR_print_errors(bio_err);
+			return 1;
 			}
-		return;
+		return 0;
 		}
 	if(key)
 		{
@@ -371,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			{
 			BIO_printf(bio_err, "Error Signing Data\n");
 			ERR_print_errors(bio_err);
-			return;
+			return 1;
 			}
 		}
 	else
@@ -380,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	if(binout) BIO_write(out, buf, len);
 	else 
 		{
+		BIO_write(out,title,strlen(title));
 		for (i=0; i<len; i++)
 			{
 			if (sep && (i != 0))
@@ -388,5 +432,6 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
+	return 0;
 	}
 
diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c
index 7465442..c10ea96 100644
--- a/crypto/openssl/apps/dh.c
+++ b/crypto/openssl/apps/dh.c
@@ -57,7 +57,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -87,11 +87,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 
 	apps_startup();
 
@@ -99,6 +100,10 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -129,6 +134,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +170,14 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -186,7 +199,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -319,6 +332,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 #endif
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
index 5f9b601..cbc65bc 100644
--- a/crypto/openssl/apps/dhparam.c
+++ b/crypto/openssl/apps/dhparam.c
@@ -109,7 +109,7 @@
  *
  */
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -122,7 +122,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
@@ -148,15 +148,16 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	int dsaparam=0;
 #endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL;
+	char *inrand=NULL,*engine=NULL;
 	int num = 0, g = 0;
 
 	apps_startup();
@@ -165,6 +166,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -195,11 +199,16 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		else if (strcmp(*argv,"-dsaparam") == 0)
 			dsaparam=1;
 #endif
@@ -231,7 +240,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
 #endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
@@ -240,6 +249,7 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -249,10 +259,12 @@ bad:
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (g && !num)
 		num = DEFBITS;
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (dsaparam)
 		{
 		if (g)
@@ -279,7 +291,7 @@ bad:
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (dsaparam)
 			{
 			DSA *dsa;
@@ -340,7 +352,7 @@ bad:
 			goto end;
 			}
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (dsaparam)
 			{
 			DSA *dsa;
@@ -393,7 +405,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -478,7 +490,7 @@ bad:
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
 		printf("\t\t{ DH_free(dh); return(NULL); }\n");
 		if (dh->length)
-			printf("\tdh->length = %d;\n", dh->length);
+			printf("\tdh->length = %ld;\n", dh->length);
 		printf("\treturn(dh);\n\t}\n");
 		OPENSSL_free(data);
 		}
@@ -506,7 +518,8 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c
index 7c4a46f..6598871 100644
--- a/crypto/openssl/apps/dsa.c
+++ b/crypto/openssl/apps/dsa.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -79,6 +79,9 @@
  * -des		- encrypt output if PEM format with DES in cbc mode
  * -des3	- encrypt output if PEM format
  * -idea	- encrypt output if PEM format
+ * -aes128	- encrypt output if PEM format
+ * -aes192	- encrypt output if PEM format
+ * -aes256	- encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the DSA public key
  */
@@ -87,6 +90,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -94,7 +98,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -105,6 +109,10 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -145,6 +153,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -176,11 +189,16 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
 		BIO_printf(bio_err," -modulus        print the DSA public value\n");
@@ -189,6 +207,8 @@ bad:
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -235,7 +255,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -293,6 +313,7 @@ end:
 	if(dsa != NULL) DSA_free(dsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 #endif
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index 0c2529e..320d76f 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -90,6 +90,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -104,6 +106,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -134,6 +139,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine = *(++argv);
+			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -179,7 +189,9 @@ bad:
 		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -genkey       generate a DSA key\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -207,7 +219,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -223,6 +235,8 @@ bad:
 			}
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (need_rand)
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@@ -357,7 +371,8 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index e375363..42ddfd2 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -66,10 +66,8 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef NO_MD5
-#include <openssl/md5.h>
-#endif
 #include <openssl/pem.h>
+#include <ctype.h>
 
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -80,17 +78,37 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
+	{
+	BIO *bio=bio_;
+	static int n;
+
+	if(!islower((unsigned char)*name->name))
+		return;
+
+	BIO_printf(bio,"-%-25s",name->name);
+	if(++n == 3)
+		{
+		BIO_printf(bio,"\n");
+		n=0;
+		}
+	else
+		BIO_printf(bio," ");
+	}
+
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
-	char mbuf[8];	/* should be 1 smaller than magic */
+	char mbuf[sizeof magic-1];
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+	int nopad = 0;
+	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
@@ -101,6 +119,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
+	char *engine = NULL;
 
 	apps_startup();
 
@@ -108,8 +127,11 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
-	program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,sizeof pname);
 	if (strcmp(pname,"base64") == 0)
 		base64=1;
 
@@ -141,12 +163,19 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
 			printkey=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
+		else if	(strcmp(*argv,"-nopad") == 0)
+			nopad=1;
 		else if	(strcmp(*argv,"-salt") == 0)
 			nosalt=0;
 		else if	(strcmp(*argv,"-nosalt") == 0)
@@ -187,7 +216,7 @@ int MAIN(int argc, char **argv)
 				goto bad;
 				}
 			buf[0]='\0';
-			fgets(buf,128,infile);
+			fgets(buf,sizeof buf,infile);
 			fclose(infile);
 			i=strlen(buf);
 			if ((i > 0) &&
@@ -241,79 +270,22 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
 			BIO_printf(bio_err,"Cipher Types\n");
-			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
-			BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
-			BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
-#ifndef NO_IDEA
-			BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
-#endif
-#ifndef NO_RC4
-			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
-#endif
-#ifndef NO_BF
-			BIO_printf(bio_err,"bf      :128 bit key Blowfish encryption\n");
-#endif
-#ifndef NO_RC4
-			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
-				LN_rc4);
-#endif
+			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+					       show_ciphers,
+					       bio_err);
+			BIO_printf(bio_err,"\n");
 
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_des_ecb,LN_des_cbc,
-				LN_des_cfb64,LN_des_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n",
-				"des", LN_des_cbc);
-
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_des_ede,LN_des_ede_cbc,
-				LN_des_ede_cfb64,LN_des_ede_ofb64);
-			BIO_printf(bio_err," -desx -none\n");
-
-
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_des_ede3,LN_des_ede3_cbc,
-				LN_des_ede3_cfb64,LN_des_ede3_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n",
-				"des3", LN_des_ede3_cbc);
-
-#ifndef NO_IDEA
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_idea_ecb, LN_idea_cbc,
-				LN_idea_cfb64, LN_idea_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
-#endif
-#ifndef NO_RC2
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_rc2_ecb, LN_rc2_cbc,
-				LN_rc2_cfb64, LN_rc2_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
-#endif
-#ifndef NO_BF
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_bf_ecb, LN_bf_cbc,
-				LN_bf_cfb64, LN_bf_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
-#endif
-#ifndef NO_CAST
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_cast5_ecb, LN_cast5_cbc,
-				LN_cast5_cfb64, LN_cast5_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
-#endif
-#ifndef NO_RC5
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_rc5_ecb, LN_rc5_cbc,
-				LN_rc5_cfb64, LN_rc5_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
-#endif
 			goto end;
 			}
 		argc--;
 		argv++;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -418,7 +390,7 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -456,6 +428,9 @@ bad:
 
 	if (cipher != NULL)
 		{
+		/* Note that str is NULL if a key was passed on the command
+		 * line, so we get no salt in that case. Is this a bug?
+		 */
 		if (str != NULL)
 			{
 			/* Salt handling: if encrypting generate a salt and
@@ -467,12 +442,12 @@ bad:
 			else {
 				if(enc) {
 					if(hsalt) {
-						if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
+						if(!set_hex(hsalt,salt,sizeof salt)) {
 							BIO_printf(bio_err,
 								"invalid hex salt value\n");
 							goto end;
 						}
-					} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
+					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
 						goto end;
 					/* If -P option then don't bother writing */
 					if((printkey != 2)
@@ -480,14 +455,14 @@ bad:
 							 sizeof magic-1) != sizeof magic-1
 					       || BIO_write(wbio,
 							    (char *)salt,
-							    PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
+							    sizeof salt) != sizeof salt)) {
 						BIO_printf(bio_err,"error writing output file\n");
 						goto end;
 					}
 				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
 					  || BIO_read(rbio,
 						      (unsigned char *)salt,
-				    PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
+				    sizeof salt) != sizeof salt) {
 					BIO_printf(bio_err,"error reading input file\n");
 					goto end;
 				} else if(memcmp(mbuf,magic,sizeof magic-1)) {
@@ -506,11 +481,11 @@ bad:
 			 * bug picked up by
 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
-				memset(str,0,SIZE);
+				OPENSSL_cleanse(str,SIZE);
 			else
-				memset(str,0,strlen(str));
+				OPENSSL_cleanse(str,strlen(str));
 			}
-		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
 			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
@@ -523,7 +498,7 @@ bad:
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
-		if ((hkey != NULL) && !set_hex(hkey,key,24))
+		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
@@ -532,6 +507,12 @@ bad:
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
 		BIO_set_cipher(benc,cipher,key,iv,enc);
+		if (nopad)
+			{
+			EVP_CIPHER_CTX *ctx;
+			BIO_get_cipher_ctx(benc, &ctx);
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
+			}
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
@@ -543,7 +524,7 @@ bad:
 			if (!nosalt)
 				{
 				printf("salt=");
-				for (i=0; i<PKCS5_SALT_LEN; i++)
+				for (i=0; i<sizeof salt; i++)
 					printf("%02X",salt[i]);
 				printf("\n");
 				}
@@ -604,7 +585,8 @@ end:
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
 	if(pass) OPENSSL_free(pass);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 int set_hex(char *in, unsigned char *out, int size)
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
new file mode 100644
index 0000000..b718ae1
--- /dev/null
+++ b/crypto/openssl/apps/engine.c
@@ -0,0 +1,520 @@
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG	engine_main
+
+static char *engine_usage[]={
+"usage: engine opts [engine ...]\n",
+" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+"               -vv will additionally display each command's description\n",
+"               -vvv will also add the input flags for each command\n",
+"               -vvvv will also show internal input flags\n",
+" -c          - for each engine, also list the capabilities\n",
+" -t          - for each engine, check that they are really available\n",
+" -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",
+"               to load it (if -t is used)\n",
+" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+"               (only used if -t is also provided)\n",
+" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+" line, or all supported ENGINEs if none are specified.\n",
+" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+" argument \"/lib/libdriver.so\".\n",
+NULL
+};
+
+static void identity(void *ptr)
+	{
+	return;
+	}
+
+static int append_buf(char **buf, const char *s, int *size, int step)
+	{
+	int l = strlen(s);
+
+	if (*buf == NULL)
+		{
+		*size = step;
+		*buf = OPENSSL_malloc(*size);
+		if (*buf == NULL)
+			return 0;
+		**buf = '\0';
+		}
+
+	if (**buf != '\0')
+		l += 2;		/* ", " */
+
+	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
+		{
+		*size += step;
+		*buf = OPENSSL_realloc(*buf, *size);
+		}
+
+	if (*buf == NULL)
+		return 0;
+
+	if (**buf != '\0')
+		strcat(*buf, ", ");
+	strcat(*buf, s);
+
+	return 1;
+	}
+
+static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
+	{
+	int started = 0, err = 0;
+	/* Indent before displaying input flags */
+	BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
+	if(flags == 0)
+		{
+		BIO_printf(bio_out, "<no flags>\n");
+		return 1;
+		}
+        /* If the object is internal, mark it in a way that shows instead of
+         * having it part of all the other flags, even if it really is. */
+	if(flags & ENGINE_CMD_FLAG_INTERNAL)
+		{
+		BIO_printf(bio_out, "[Internal] ");
+		}
+
+	if(flags & ENGINE_CMD_FLAG_NUMERIC)
+		{
+		if(started)
+			{
+			BIO_printf(bio_out, "|");
+			err = 1;
+			}
+		BIO_printf(bio_out, "NUMERIC");
+		started = 1;
+		}
+	/* Now we check that no combinations of the mutually exclusive NUMERIC,
+	 * STRING, and NO_INPUT flags have been used. Future flags that can be
+	 * OR'd together with these would need to added after these to preserve
+	 * the testing logic. */
+	if(flags & ENGINE_CMD_FLAG_STRING)
+		{
+		if(started)
+			{
+			BIO_printf(bio_out, "|");
+			err = 1;
+			}
+		BIO_printf(bio_out, "STRING");
+		started = 1;
+		}
+	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+		{
+		if(started)
+			{
+			BIO_printf(bio_out, "|");
+			err = 1;
+			}
+		BIO_printf(bio_out, "NO_INPUT");
+		started = 1;
+		}
+	/* Check for unknown flags */
+	flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+			~ENGINE_CMD_FLAG_STRING &
+			~ENGINE_CMD_FLAG_NO_INPUT &
+			~ENGINE_CMD_FLAG_INTERNAL;
+	if(flags)
+		{
+		if(started) BIO_printf(bio_out, "|");
+		BIO_printf(bio_out, "<0x%04X>", flags);
+		}
+	if(err)
+		BIO_printf(bio_out, "  <illegal flags!>");
+	BIO_printf(bio_out, "\n");
+	return 1;
+	}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
+	{
+	static const int line_wrap = 78;
+	int num;
+	int ret = 0;
+	char *name = NULL;
+	char *desc = NULL;
+	int flags;
+	int xpos = 0;
+	STACK *cmds = NULL;
+	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+					0, NULL, NULL)) <= 0))
+		{
+#if 0
+		BIO_printf(bio_out, "%s<no control commands>\n", indent);
+#endif
+		return 1;
+		}
+
+	cmds = sk_new_null();
+
+	if(!cmds)
+		goto err;
+	do {
+		int len;
+		/* Get the command input flags */
+		if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+					NULL, NULL)) < 0)
+			goto err;
+                if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
+                        {
+                        /* Get the command name */
+                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+                                NULL, NULL)) <= 0)
+                                goto err;
+                        if((name = OPENSSL_malloc(len + 1)) == NULL)
+                                goto err;
+                        if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+                                NULL) <= 0)
+                                goto err;
+                        /* Get the command description */
+                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+                                NULL, NULL)) < 0)
+                                goto err;
+                        if(len > 0)
+                                {
+                                if((desc = OPENSSL_malloc(len + 1)) == NULL)
+                                        goto err;
+                                if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+                                        NULL) <= 0)
+                                        goto err;
+                                }
+                        /* Now decide on the output */
+                        if(xpos == 0)
+                                /* Do an indent */
+                                xpos = BIO_printf(bio_out, indent);
+                        else
+                                /* Otherwise prepend a ", " */
+                                xpos += BIO_printf(bio_out, ", ");
+                        if(verbose == 1)
+                                {
+                                /* We're just listing names, comma-delimited */
+                                if((xpos > (int)strlen(indent)) &&
+					(xpos + (int)strlen(name) > line_wrap))
+                                        {
+                                        BIO_printf(bio_out, "\n");
+                                        xpos = BIO_printf(bio_out, indent);
+                                        }
+                                xpos += BIO_printf(bio_out, "%s", name);
+                                }
+                        else
+                                {
+                                /* We're listing names plus descriptions */
+                                BIO_printf(bio_out, "%s: %s\n", name,
+                                        (desc == NULL) ? "<no description>" : desc);
+                                /* ... and sometimes input flags */
+                                if((verbose >= 3) && !util_flags(bio_out, flags,
+                                        indent))
+                                        goto err;
+                                xpos = 0;
+                                }
+                        }
+		OPENSSL_free(name); name = NULL;
+		if(desc) { OPENSSL_free(desc); desc = NULL; }
+		/* Move to the next command */
+		num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
+					num, NULL, NULL);
+		} while(num > 0);
+	if(xpos > 0)
+		BIO_printf(bio_out, "\n");
+	ret = 1;
+err:
+	if(cmds) sk_pop_free(cmds, identity);
+	if(name) OPENSSL_free(name);
+	if(desc) OPENSSL_free(desc);
+	return ret;
+	}
+
+static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+	{
+	int loop, res, num = sk_num(cmds);
+	if(num < 0)
+		{
+		BIO_printf(bio_out, "[Error]: internal stack error\n");
+		return;
+		}
+	for(loop = 0; loop < num; loop++)
+		{
+		char buf[256];
+		const char *cmd, *arg;
+		cmd = sk_value(cmds, loop);
+		res = 1; /* assume success */
+		/* Check if this command has no ":arg" */
+		if((arg = strstr(cmd, ":")) == NULL)
+			{
+			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+				res = 0;
+			}
+		else
+			{
+			if((int)(arg - cmd) > 254)
+				{
+				BIO_printf(bio_out,"[Error]: command name too long\n");
+				return;
+				}
+			memcpy(buf, cmd, (int)(arg - cmd));
+			buf[arg-cmd] = '\0';
+			arg++; /* Move past the ":" */
+			/* Call the command with the argument */
+			if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+				res = 0;
+			}
+		if(res)
+			BIO_printf(bio_out, "[Success]: %s\n", cmd);
+		else
+			{
+			BIO_printf(bio_out, "[Failure]: %s\n", cmd);
+			ERR_print_errors(bio_out);
+			}
+		}
+	}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	int ret=1,i;
+	char **pp;
+	int verbose=0, list_cap=0, test_avail=0;
+	ENGINE *e;
+	STACK *engines = sk_new_null();
+	STACK *pre_cmds = sk_new_null();
+	STACK *post_cmds = sk_new_null();
+	int badops=1;
+	BIO *bio_out=NULL;
+	const char *indent = "     ";
+
+	apps_startup();
+	SSL_load_error_strings();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	bio_out = BIO_push(tmpbio, bio_out);
+	}
+#endif
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strncmp(*argv,"-v",2) == 0)
+			{
+			if(strspn(*argv + 1, "v") < strlen(*argv + 1))
+				goto skip_arg_loop;
+			if((verbose=strlen(*argv + 1)) > 4)
+				goto skip_arg_loop;
+			}
+		else if (strcmp(*argv,"-c") == 0)
+			list_cap=1;
+		else if (strcmp(*argv,"-t") == 0)
+			test_avail=1;
+		else if (strcmp(*argv,"-pre") == 0)
+			{
+			argc--; argv++;
+			sk_push(pre_cmds,*argv);
+			}
+		else if (strcmp(*argv,"-post") == 0)
+			{
+			argc--; argv++;
+			sk_push(post_cmds,*argv);
+			}
+		else if ((strncmp(*argv,"-h",2) == 0) ||
+				(strcmp(*argv,"-?") == 0))
+			goto skip_arg_loop;
+		else
+			sk_push(engines,*argv);
+		argc--;
+		argv++;
+		}
+	/* Looks like everything went OK */
+	badops = 0;
+skip_arg_loop:
+
+	if (badops)
+		{
+		for (pp=engine_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,"%s",*pp);
+		goto end;
+		}
+
+	if (sk_num(engines) == 0)
+		{
+		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+			{
+			sk_push(engines,(char *)ENGINE_get_id(e));
+			}
+		}
+
+	for (i=0; i<sk_num(engines); i++)
+		{
+		const char *id = sk_value(engines,i);
+		if ((e = ENGINE_by_id(id)) != NULL)
+			{
+			const char *name = ENGINE_get_name(e);
+			/* Do "id" first, then "name". Easier to auto-parse. */
+			BIO_printf(bio_out, "(%s) %s\n", id, name);
+			util_do_cmds(e, pre_cmds, bio_out, indent);
+			if (strcmp(ENGINE_get_id(e), id) != 0)
+				{
+				BIO_printf(bio_out, "Loaded: (%s) %s\n",
+					ENGINE_get_id(e), ENGINE_get_name(e));
+				}
+			if (list_cap)
+				{
+				int cap_size = 256;
+				char *cap_buf = NULL;
+				int k,n;
+				const int *nids;
+				ENGINE_CIPHERS_PTR fn_c;
+				ENGINE_DIGESTS_PTR fn_d;
+
+				if (ENGINE_get_RSA(e) != NULL
+					&& !append_buf(&cap_buf, "RSA",
+						&cap_size, 256))
+					goto end;
+				if (ENGINE_get_DSA(e) != NULL
+					&& !append_buf(&cap_buf, "DSA",
+						&cap_size, 256))
+					goto end;
+				if (ENGINE_get_DH(e) != NULL
+					&& !append_buf(&cap_buf, "DH",
+						&cap_size, 256))
+					goto end;
+				if (ENGINE_get_RAND(e) != NULL
+					&& !append_buf(&cap_buf, "RAND",
+						&cap_size, 256))
+					goto end;
+
+				fn_c = ENGINE_get_ciphers(e);
+				if(!fn_c) goto skip_ciphers;
+				n = fn_c(e, NULL, &nids, 0);
+				for(k=0 ; k < n ; ++k)
+					if(!append_buf(&cap_buf,
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
+						goto end;
+
+skip_ciphers:
+				fn_d = ENGINE_get_digests(e);
+				if(!fn_d) goto skip_digests;
+				n = fn_d(e, NULL, &nids, 0);
+				for(k=0 ; k < n ; ++k)
+					if(!append_buf(&cap_buf,
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
+						goto end;
+
+skip_digests:
+				if (cap_buf && (*cap_buf != '\0'))
+					BIO_printf(bio_out, " [%s]\n", cap_buf);
+
+				OPENSSL_free(cap_buf);
+				}
+			if(test_avail)
+				{
+				BIO_printf(bio_out, "%s", indent);
+				if (ENGINE_init(e))
+					{
+					BIO_printf(bio_out, "[ available ]\n");
+					util_do_cmds(e, post_cmds, bio_out, indent);
+					ENGINE_finish(e);
+					}
+				else
+					{
+					BIO_printf(bio_out, "[ unavailable ]\n");
+					ERR_print_errors_fp(stdout);
+					ERR_clear_error();
+					}
+				}
+			if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+				goto end;
+			ENGINE_free(e);
+			}
+		else
+			ERR_print_errors(bio_err);
+		}
+
+	ret=0;
+end:
+	ERR_print_errors(bio_err);
+	sk_pop_free(engines, identity);
+	sk_pop_free(pre_cmds, identity);
+	sk_pop_free(post_cmds, identity);
+	if (bio_out != NULL) BIO_free_all(bio_out);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+	}
diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c
index e392328..19489b0 100644
--- a/crypto/openssl/apps/errstr.c
+++ b/crypto/openssl/apps/errstr.c
@@ -91,7 +91,7 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -121,5 +121,6 @@ int MAIN(int argc, char **argv)
 			ret++;
 			}
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c
index e0c7889..98ee413 100644
--- a/crypto/openssl/apps/gendh.c
+++ b/crypto/openssl/apps/gendh.c
@@ -57,7 +57,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -81,11 +81,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
+	char *engine=NULL;
 	BIO *out=NULL;
 
 	apps_startup();
@@ -94,6 +96,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
@@ -110,6 +115,11 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -125,15 +135,18 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
+        e = setup_engine(bio_err, engine, 0);
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -144,7 +157,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -184,7 +197,8 @@ end:
 		ERR_print_errors(bio_err);
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
index 6022d8f..4600711 100644
--- a/crypto/openssl/apps/gendsa.c
+++ b/crypto/openssl/apps/gendsa.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -77,13 +77,15 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
 	char *inrand=NULL,*dsaparams=NULL;
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -91,6 +93,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
@@ -106,6 +111,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -113,16 +123,24 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
+#ifndef OPENSSL_NO_AES
+		else if (strcmp(*argv,"-aes128") == 0)
+			enc=EVP_aes_128_cbc();
+		else if (strcmp(*argv,"-aes192") == 0)
+			enc=EVP_aes_192_cbc();
+		else if (strcmp(*argv,"-aes256") == 0)
+			enc=EVP_aes_256_cbc();
+#endif
 		else if (**argv != '-' && dsaparams == NULL)
 			{
 			dsaparams = *argv;
@@ -138,13 +156,18 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
 		BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -153,6 +176,8 @@ bad:
 		goto end;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -180,7 +205,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -220,6 +245,7 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
 	if(passout) OPENSSL_free(passout);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 #endif
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
index ac0b709..dbc23e4 100644
--- a/crypto/openssl/apps/genrsa.c
+++ b/crypto/openssl/apps/genrsa.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -80,14 +81,16 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
+	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
 
@@ -96,6 +99,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to create BIO for output\n");
@@ -116,21 +122,34 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
+#ifndef OPENSSL_NO_AES
+		else if (strcmp(*argv,"-aes128") == 0)
+			enc=EVP_aes_128_cbc();
+		else if (strcmp(*argv,"-aes192") == 0)
+			enc=EVP_aes_192_cbc();
+		else if (strcmp(*argv,"-aes256") == 0)
+			enc=EVP_aes_256_cbc();
+#endif
 		else if (strcmp(*argv,"-passout") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -147,13 +166,18 @@ bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
 		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -167,10 +191,12 @@ bad:
 		goto err;
 	}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -186,7 +212,8 @@ bad:
 			}
 		}
 
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
@@ -214,8 +241,14 @@ bad:
 		l+=rsa->e->d[i];
 		}
 	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
+	{
+	PW_CB_DATA cb_data;
+	cb_data.password = passout;
+	cb_data.prompt_info = outfile;
+	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
+		(pem_password_cb *)password_callback,&cb_data))
 		goto err;
+	}
 
 	ret=0;
 err:
@@ -224,7 +257,8 @@ err:
 	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
@@ -241,7 +275,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	p=n;
 #endif
 	}
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c
index 1d73d1a..dc71d45 100644
--- a/crypto/openssl/apps/nseq.c
+++ b/crypto/openssl/apps/nseq.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include <string.h>
+#include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
-#include "apps.h"
 
 #undef PROG
 #define PROG nseq_main
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-in file  input file\n");
 		BIO_printf (bio_err, "-out file output file\n");
 		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
-		EXIT(1);
+		OPENSSL_EXIT(1);
 	}
 
 	if (infile) {
@@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -162,6 +162,6 @@ end:
 	BIO_free_all(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);
 
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 }
 
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
new file mode 100644
index 0000000..92922bc
--- /dev/null
+++ b/crypto/openssl/apps/ocsp.c
@@ -0,0 +1,1228 @@
+/* ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD	(5 * 60)
+
+/* CA index.txt definitions */
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids);
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+				STACK *names, STACK_OF(OCSP_CERTID) *ids,
+				long nsec, long maxage);
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+			STACK_OF(X509) *rother, unsigned long flags,
+			int nmin, int ndays);
+
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+
+#undef PROG
+#define PROG ocsp_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	ENGINE *e = NULL;
+	char **args;
+	char *host = NULL, *port = NULL, *path = "/";
+	char *reqin = NULL, *respin = NULL;
+	char *reqout = NULL, *respout = NULL;
+	char *signfile = NULL, *keyfile = NULL;
+	char *rsignfile = NULL, *rkeyfile = NULL;
+	char *outfile = NULL;
+	int add_nonce = 1, noverify = 0, use_ssl = -1;
+	OCSP_REQUEST *req = NULL;
+	OCSP_RESPONSE *resp = NULL;
+	OCSP_BASICRESP *bs = NULL;
+	X509 *issuer = NULL, *cert = NULL;
+	X509 *signer = NULL, *rsigner = NULL;
+	EVP_PKEY *key = NULL, *rkey = NULL;
+	BIO *acbio = NULL, *cbio = NULL;
+	BIO *derbio = NULL;
+	BIO *out = NULL;
+	int req_text = 0, resp_text = 0;
+	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+	char *CAfile = NULL, *CApath = NULL;
+	X509_STORE *store = NULL;
+	SSL_CTX *ctx = NULL;
+	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+	int ret = 1;
+	int accept_count = -1;
+	int badarg = 0;
+	int i;
+	STACK *reqnames = NULL;
+	STACK_OF(OCSP_CERTID) *ids = NULL;
+
+	X509 *rca_cert = NULL;
+	char *ridx_filename = NULL;
+	char *rca_filename = NULL;
+	TXT_DB *rdb = NULL;
+	int nmin = 0, ndays = -1;
+
+	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+	SSL_load_error_strings();
+	args = argv + 1;
+	reqnames = sk_new_null();
+	ids = sk_OCSP_CERTID_new_null();
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args, "-out"))
+			{
+			if (args[1])
+				{
+				args++;
+				outfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-url"))
+			{
+			if (args[1])
+				{
+				args++;
+				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
+					{
+					BIO_printf(bio_err, "Error parsing URL\n");
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-host"))
+			{
+			if (args[1])
+				{
+				args++;
+				host = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-port"))
+			{
+			if (args[1])
+				{
+				args++;
+				port = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-noverify"))
+			noverify = 1;
+		else if (!strcmp(*args, "-nonce"))
+			add_nonce = 2;
+		else if (!strcmp(*args, "-no_nonce"))
+			add_nonce = 0;
+		else if (!strcmp(*args, "-resp_no_certs"))
+			rflags |= OCSP_NOCERTS;
+		else if (!strcmp(*args, "-resp_key_id"))
+			rflags |= OCSP_RESPID_KEY;
+		else if (!strcmp(*args, "-no_certs"))
+			sign_flags |= OCSP_NOCERTS;
+		else if (!strcmp(*args, "-no_signature_verify"))
+			verify_flags |= OCSP_NOSIGS;
+		else if (!strcmp(*args, "-no_cert_verify"))
+			verify_flags |= OCSP_NOVERIFY;
+		else if (!strcmp(*args, "-no_chain"))
+			verify_flags |= OCSP_NOCHAIN;
+		else if (!strcmp(*args, "-no_cert_checks"))
+			verify_flags |= OCSP_NOCHECKS;
+		else if (!strcmp(*args, "-no_explicit"))
+			verify_flags |= OCSP_NOEXPLICIT;
+		else if (!strcmp(*args, "-trust_other"))
+			verify_flags |= OCSP_TRUSTOTHER;
+		else if (!strcmp(*args, "-no_intern"))
+			verify_flags |= OCSP_NOINTERN;
+		else if (!strcmp(*args, "-text"))
+			{
+			req_text = 1;
+			resp_text = 1;
+			}
+		else if (!strcmp(*args, "-req_text"))
+			req_text = 1;
+		else if (!strcmp(*args, "-resp_text"))
+			resp_text = 1;
+		else if (!strcmp(*args, "-reqin"))
+			{
+			if (args[1])
+				{
+				args++;
+				reqin = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-respin"))
+			{
+			if (args[1])
+				{
+				args++;
+				respin = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-signer"))
+			{
+			if (args[1])
+				{
+				args++;
+				signfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-VAfile"))
+			{
+			if (args[1])
+				{
+				args++;
+				verify_certfile = *args;
+				verify_flags |= OCSP_TRUSTOTHER;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-sign_other"))
+			{
+			if (args[1])
+				{
+				args++;
+				sign_certfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-verify_other"))
+			{
+			if (args[1])
+				{
+				args++;
+				verify_certfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-CAfile"))
+			{
+			if (args[1])
+				{
+				args++;
+				CAfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-CApath"))
+			{
+			if (args[1])
+				{
+				args++;
+				CApath = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-validity_period"))
+			{
+			if (args[1])
+				{
+				args++;
+				nsec = atol(*args);
+				if (nsec < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal validity period %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-status_age"))
+			{
+			if (args[1])
+				{
+				args++;
+				maxage = atol(*args);
+				if (maxage < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal validity age %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		 else if (!strcmp(*args, "-signkey"))
+			{
+			if (args[1])
+				{
+				args++;
+				keyfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-reqout"))
+			{
+			if (args[1])
+				{
+				args++;
+				reqout = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-respout"))
+			{
+			if (args[1])
+				{
+				args++;
+				respout = *args;
+				}
+			else badarg = 1;
+			}
+		 else if (!strcmp(*args, "-path"))
+			{
+			if (args[1])
+				{
+				args++;
+				path = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-issuer"))
+			{
+			if (args[1])
+				{
+				args++;
+				X509_free(issuer);
+				issuer = load_cert(bio_err, *args, FORMAT_PEM,
+					NULL, e, "issuer certificate");
+				if(!issuer) goto end;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-cert"))
+			{
+			if (args[1])
+				{
+				args++;
+				X509_free(cert);
+				cert = load_cert(bio_err, *args, FORMAT_PEM,
+					NULL, e, "certificate");
+				if(!cert) goto end;
+				if(!add_ocsp_cert(&req, cert, issuer, ids))
+					goto end;
+				if(!sk_push(reqnames, *args))
+					goto end;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-serial"))
+			{
+			if (args[1])
+				{
+				args++;
+				if(!add_ocsp_serial(&req, *args, issuer, ids))
+					goto end;
+				if(!sk_push(reqnames, *args))
+					goto end;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-index"))
+			{
+			if (args[1])
+				{
+				args++;
+				ridx_filename = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-CA"))
+			{
+			if (args[1])
+				{
+				args++;
+				rca_filename = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-nmin"))
+			{
+			if (args[1])
+				{
+				args++;
+				nmin = atol(*args);
+				if (nmin < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal update period %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+				if (ndays == -1)
+					ndays = 0;
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-nrequest"))
+			{
+			if (args[1])
+				{
+				args++;
+				accept_count = atol(*args);
+				if (accept_count < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal accept count %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-ndays"))
+			{
+			if (args[1])
+				{
+				args++;
+				ndays = atol(*args);
+				if (ndays < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal update period %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-rsigner"))
+			{
+			if (args[1])
+				{
+				args++;
+				rsignfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-rkey"))
+			{
+			if (args[1])
+				{
+				args++;
+				rkeyfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-rother"))
+			{
+			if (args[1])
+				{
+				args++;
+				rcertfile = *args;
+				}
+			else badarg = 1;
+			}
+		else badarg = 1;
+		args++;
+		}
+
+	/* Have we anything to do? */
+	if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
+
+	if (badarg)
+		{
+		BIO_printf (bio_err, "OCSP utility\n");
+		BIO_printf (bio_err, "Usage ocsp [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-out file          output filename\n");
+		BIO_printf (bio_err, "-issuer file       issuer certificate\n");
+		BIO_printf (bio_err, "-cert file         certificate to check\n");
+		BIO_printf (bio_err, "-serial n          serial number to check\n");
+		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
+		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
+		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
+		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
+		BIO_printf (bio_err, "-req_text          print text form of request\n");
+		BIO_printf (bio_err, "-resp_text         print text form of response\n");
+		BIO_printf (bio_err, "-text              print text form of request and response\n");
+		BIO_printf (bio_err, "-reqout file       write DER encoded OCSP request to \"file\"\n");
+		BIO_printf (bio_err, "-respout file      write DER encoded OCSP reponse to \"file\"\n");
+		BIO_printf (bio_err, "-reqin file        read DER encoded OCSP request from \"file\"\n");
+		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");
+		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");
+		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");
+		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");
+		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");
+		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
+		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
+		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
+		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
+		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
+		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
+		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
+		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
+		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
+		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
+		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
+		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
+		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
+		BIO_printf (bio_err, "-port num		 port to run responder on\n");
+		BIO_printf (bio_err, "-index file	 certificate status index file\n");
+		BIO_printf (bio_err, "-CA file		 CA certificate\n");
+		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign responses with\n");
+		BIO_printf (bio_err, "-rkey file	 responder key to sign responses with\n");
+		BIO_printf (bio_err, "-rother file	 other certificates to include in response\n");
+		BIO_printf (bio_err, "-resp_no_certs     don't include any certificates in response\n");
+		BIO_printf (bio_err, "-nmin n	 	 number of minutes before next update\n");
+		BIO_printf (bio_err, "-ndays n	 	 number of days before next update\n");
+		BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
+		BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
+		goto end;
+		}
+
+	if(outfile) out = BIO_new_file(outfile, "w");
+	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	if(!out)
+		{
+		BIO_printf(bio_err, "Error opening output file\n");
+		goto end;
+		}
+
+	if (!req && (add_nonce != 2)) add_nonce = 0;
+
+	if (!req && reqin)
+		{
+		derbio = BIO_new_file(reqin, "rb");
+		if (!derbio)
+			{
+			BIO_printf(bio_err, "Error Opening OCSP request file\n");
+			goto end;
+			}
+		req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+		BIO_free(derbio);
+		if(!req)
+			{
+			BIO_printf(bio_err, "Error reading OCSP request\n");
+			goto end;
+			}
+		}
+
+	if (!req && port)
+		{
+		acbio = init_responder(port);
+		if (!acbio)
+			goto end;
+		}
+
+	if (rsignfile && !rdb)
+		{
+		if (!rkeyfile) rkeyfile = rsignfile;
+		rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+			NULL, e, "responder certificate");
+		if (!rsigner)
+			{
+			BIO_printf(bio_err, "Error loading responder certificate\n");
+			goto end;
+			}
+		rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+			NULL, e, "CA certificate");
+		if (rcertfile)
+			{
+			rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
+				NULL, e, "responder other certificates");
+			if (!rother) goto end;
+			}
+		rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+			"responder private key");
+		if (!rkey)
+			goto end;
+		}
+	if(acbio)
+		BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+	redo_accept:
+
+	if (acbio)
+		{
+		if (!do_responder(&req, &cbio, acbio, port))
+			goto end;
+		if (!req)
+			{
+			resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+			send_ocsp_response(cbio, resp);
+			goto done_resp;
+			}
+		}
+
+	if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
+		{
+		BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+		goto end;
+		}
+
+	if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
+
+	if (signfile)
+		{
+		if (!keyfile) keyfile = signfile;
+		signer = load_cert(bio_err, signfile, FORMAT_PEM,
+			NULL, e, "signer certificate");
+		if (!signer)
+			{
+			BIO_printf(bio_err, "Error loading signer certificate\n");
+			goto end;
+			}
+		if (sign_certfile)
+			{
+			sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+				NULL, e, "signer certificates");
+			if (!sign_other) goto end;
+			}
+		key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
+			"signer private key");
+		if (!key)
+			goto end;
+		if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
+			{
+			BIO_printf(bio_err, "Error signing OCSP request\n");
+			goto end;
+			}
+		}
+
+	if (req_text && req) OCSP_REQUEST_print(out, req, 0);
+
+	if (reqout)
+		{
+		derbio = BIO_new_file(reqout, "wb");
+		if(!derbio)
+			{
+			BIO_printf(bio_err, "Error opening file %s\n", reqout);
+			goto end;
+			}
+		i2d_OCSP_REQUEST_bio(derbio, req);
+		BIO_free(derbio);
+		}
+
+	if (ridx_filename && (!rkey || !rsigner || !rca_cert))
+		{
+		BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
+		goto end;
+		}
+
+	if (ridx_filename && !rdb)
+		{
+		BIO *db_bio = NULL;
+		db_bio = BIO_new_file(ridx_filename, "r");
+		if (!db_bio)
+			{
+			BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
+			goto end;
+			}
+		rdb = TXT_DB_read(db_bio, DB_NUMBER);
+		BIO_free(db_bio);
+		if (!rdb)
+			{
+			BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
+			goto end;
+			}
+		if (!make_serial_index(rdb))
+			goto end;
+		}
+
+	if (rdb)
+		{
+		i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
+		if (cbio)
+			send_ocsp_response(cbio, resp);
+		}
+	else if (host)
+		{
+		cbio = BIO_new_connect(host);
+		if (!cbio)
+			{
+			BIO_printf(bio_err, "Error creating connect BIO\n");
+			goto end;
+			}
+		if (port) BIO_set_conn_port(cbio, port);
+		if (use_ssl == 1)
+			{
+			BIO *sbio;
+			ctx = SSL_CTX_new(SSLv23_client_method());
+			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+			sbio = BIO_new_ssl(ctx, 1);
+			cbio = BIO_push(sbio, cbio);
+			}
+		if (BIO_do_connect(cbio) <= 0)
+			{
+			BIO_printf(bio_err, "Error connecting BIO\n");
+			goto end;
+			}
+		resp = OCSP_sendreq_bio(cbio, path, req);
+		BIO_free_all(cbio);
+		cbio = NULL;
+		if (!resp)
+			{
+			BIO_printf(bio_err, "Error querying OCSP responsder\n");
+			goto end;
+			}
+		}
+	else if (respin)
+		{
+		derbio = BIO_new_file(respin, "rb");
+		if (!derbio)
+			{
+			BIO_printf(bio_err, "Error Opening OCSP response file\n");
+			goto end;
+			}
+		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+		BIO_free(derbio);
+		if(!resp)
+			{
+			BIO_printf(bio_err, "Error reading OCSP response\n");
+			goto end;
+			}
+	
+		}
+	else
+		{
+		ret = 0;
+		goto end;
+		}
+
+	done_resp:
+
+	if (respout)
+		{
+		derbio = BIO_new_file(respout, "wb");
+		if(!derbio)
+			{
+			BIO_printf(bio_err, "Error opening file %s\n", respout);
+			goto end;
+			}
+		i2d_OCSP_RESPONSE_bio(derbio, resp);
+		BIO_free(derbio);
+		}
+
+	i = OCSP_response_status(resp);
+
+	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+		{
+		BIO_printf(out, "Responder Error: %s (%ld)\n",
+				OCSP_response_status_str(i), i);
+		ret = 0;
+		goto end;
+		}
+
+	if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
+
+	/* If running as responder don't verify our own response */
+	if (cbio)
+		{
+		if (accept_count > 0)
+			accept_count--;
+		/* Redo if more connections needed */
+		if (accept_count)
+			{
+			BIO_free_all(cbio);
+			cbio = NULL;
+			OCSP_REQUEST_free(req);
+			req = NULL;
+			OCSP_RESPONSE_free(resp);
+			resp = NULL;
+			goto redo_accept;
+			}
+		goto end;
+		}
+
+	if (!store)
+		store = setup_verify(bio_err, CAfile, CApath);
+	if (!store)
+		goto end;
+	if (verify_certfile)
+		{
+		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+			NULL, e, "validator certificate");
+		if (!verify_other) goto end;
+		}
+
+	bs = OCSP_response_get1_basic(resp);
+
+	if (!bs)
+		{
+		BIO_printf(bio_err, "Error parsing response\n");
+		goto end;
+		}
+
+	if (!noverify)
+		{
+		if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
+			{
+			if (i == -1)
+				BIO_printf(bio_err, "WARNING: no nonce in response\n");
+			else
+				{
+				BIO_printf(bio_err, "Nonce Verify error\n");
+				goto end;
+				}
+			}
+
+		i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+                if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
+
+		if(i <= 0)
+			{
+			BIO_printf(bio_err, "Response Verify Failure\n", i);
+			ERR_print_errors(bio_err);
+			}
+		else
+			BIO_printf(bio_err, "Response verify OK\n");
+
+		}
+
+	if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+		goto end;
+
+	ret = 0;
+
+end:
+	ERR_print_errors(bio_err);
+	X509_free(signer);
+	X509_STORE_free(store);
+	EVP_PKEY_free(key);
+	EVP_PKEY_free(rkey);
+	X509_free(issuer);
+	X509_free(cert);
+	X509_free(rsigner);
+	X509_free(rca_cert);
+	TXT_DB_free(rdb);
+	BIO_free_all(cbio);
+	BIO_free_all(acbio);
+	BIO_free(out);
+	OCSP_REQUEST_free(req);
+	OCSP_RESPONSE_free(resp);
+	OCSP_BASICRESP_free(bs);
+	sk_free(reqnames);
+	sk_OCSP_CERTID_free(ids);
+	sk_X509_pop_free(sign_other, X509_free);
+	sk_X509_pop_free(verify_other, X509_free);
+
+	if (use_ssl != -1)
+		{
+		OPENSSL_free(host);
+		OPENSSL_free(port);
+		OPENSSL_free(path);
+		SSL_CTX_free(ctx);
+		}
+
+	OPENSSL_EXIT(ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids)
+	{
+	OCSP_CERTID *id;
+	if(!issuer)
+		{
+		BIO_printf(bio_err, "No issuer certificate specified\n");
+		return 0;
+		}
+	if(!*req) *req = OCSP_REQUEST_new();
+	if(!*req) goto err;
+	id = OCSP_cert_to_id(NULL, cert, issuer);
+	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+	if(!OCSP_request_add0_id(*req, id)) goto err;
+	return 1;
+
+	err:
+	BIO_printf(bio_err, "Error Creating OCSP request\n");
+	return 0;
+	}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids)
+	{
+	OCSP_CERTID *id;
+	X509_NAME *iname;
+	ASN1_BIT_STRING *ikey;
+	ASN1_INTEGER *sno;
+	if(!issuer)
+		{
+		BIO_printf(bio_err, "No issuer certificate specified\n");
+		return 0;
+		}
+	if(!*req) *req = OCSP_REQUEST_new();
+	if(!*req) goto err;
+	iname = X509_get_subject_name(issuer);
+	ikey = X509_get0_pubkey_bitstr(issuer);
+	sno = s2i_ASN1_INTEGER(NULL, serial);
+	if(!sno)
+		{
+		BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+		return 0;
+		}
+	id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
+	ASN1_INTEGER_free(sno);
+	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+	if(!OCSP_request_add0_id(*req, id)) goto err;
+	return 1;
+
+	err:
+	BIO_printf(bio_err, "Error Creating OCSP request\n");
+	return 0;
+	}
+
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+					STACK *names, STACK_OF(OCSP_CERTID) *ids,
+					long nsec, long maxage)
+	{
+	OCSP_CERTID *id;
+	char *name;
+	int i;
+
+	int status, reason;
+
+	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+		return 1;
+
+	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
+		{
+		id = sk_OCSP_CERTID_value(ids, i);
+		name = sk_value(names, i);
+		BIO_printf(out, "%s: ", name);
+
+		if(!OCSP_resp_find_status(bs, id, &status, &reason,
+					&rev, &thisupd, &nextupd))
+			{
+			BIO_puts(out, "ERROR: No Status found.\n");
+			continue;
+			}
+
+		/* Check validity: if invalid write to output BIO so we
+		 * know which response this refers to.
+		 */
+		if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
+			{
+			BIO_puts(out, "WARNING: Status times invalid.\n");
+			ERR_print_errors(out);
+			}
+		BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+		BIO_puts(out, "\tThis Update: ");
+		ASN1_GENERALIZEDTIME_print(out, thisupd);
+		BIO_puts(out, "\n");
+
+		if(nextupd)
+			{
+			BIO_puts(out, "\tNext Update: ");
+			ASN1_GENERALIZEDTIME_print(out, nextupd);
+			BIO_puts(out, "\n");
+			}
+
+		if (status != V_OCSP_CERTSTATUS_REVOKED)
+			continue;
+
+		if (reason != -1)
+			BIO_printf(out, "\tReason: %s\n",
+				OCSP_crl_reason_str(reason));
+
+		BIO_puts(out, "\tRevocation Time: ");
+		ASN1_GENERALIZEDTIME_print(out, rev);
+		BIO_puts(out, "\n");
+		}
+
+	return 1;
+	}
+
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+			STACK_OF(X509) *rother, unsigned long flags,
+			int nmin, int ndays)
+	{
+	ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+	OCSP_CERTID *cid, *ca_id = NULL;
+	OCSP_BASICRESP *bs = NULL;
+	int i, id_count, ret = 1;
+
+
+	id_count = OCSP_request_onereq_count(req);
+
+	if (id_count <= 0)
+		{
+		*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+		goto end;
+		}
+
+	ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
+
+	bs = OCSP_BASICRESP_new();
+	thisupd = X509_gmtime_adj(NULL, 0);
+	if (ndays != -1)
+		nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
+
+	/* Examine each certificate id in the request */
+	for (i = 0; i < id_count; i++)
+		{
+		OCSP_ONEREQ *one;
+		ASN1_INTEGER *serial;
+		char **inf;
+		one = OCSP_request_onereq_get0(req, i);
+		cid = OCSP_onereq_get0_id(one);
+		/* Is this request about our CA? */
+		if (OCSP_id_issuer_cmp(ca_id, cid))
+			{
+			OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_UNKNOWN,
+						0, NULL,
+						thisupd, nextupd);
+			continue;
+			}
+		OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+		inf = lookup_serial(db, serial);
+		if (!inf)
+			OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_UNKNOWN,
+						0, NULL,
+						thisupd, nextupd);
+		else if (inf[DB_type][0] == DB_TYPE_VAL)
+			OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_GOOD,
+						0, NULL,
+						thisupd, nextupd);
+		else if (inf[DB_type][0] == DB_TYPE_REV)
+			{
+			ASN1_OBJECT *inst = NULL;
+			ASN1_TIME *revtm = NULL;
+			ASN1_GENERALIZEDTIME *invtm = NULL;
+			OCSP_SINGLERESP *single;
+			int reason = -1;
+			unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+			single = OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_REVOKED,
+						reason, revtm,
+						thisupd, nextupd);
+			if (invtm)
+				OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
+			else if (inst)
+				OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
+			ASN1_OBJECT_free(inst);
+			ASN1_TIME_free(revtm);
+			ASN1_GENERALIZEDTIME_free(invtm);
+			}
+		}
+
+	OCSP_copy_nonce(bs, req);
+		
+	OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+
+	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+	end:
+	ASN1_TIME_free(thisupd);
+	ASN1_TIME_free(nextupd);
+	OCSP_CERTID_free(ca_id);
+	OCSP_BASICRESP_free(bs);
+	return ret;
+
+	}
+
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
+	{
+	int i;
+	BIGNUM *bn = NULL;
+	char *itmp, *row[DB_NUMBER],**rrow;
+	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
+	bn = ASN1_INTEGER_to_BN(ser,NULL);
+	if (BN_is_zero(bn))
+		itmp = BUF_strdup("00");
+	else
+		itmp = BN_bn2hex(bn);
+	row[DB_serial] = itmp;
+	BN_free(bn);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
+	OPENSSL_free(itmp);
+	return rrow;
+	}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(char *port)
+	{
+	BIO *acbio = NULL, *bufbio = NULL;
+	bufbio = BIO_new(BIO_f_buffer());
+	if (!bufbio) 
+		goto err;
+	acbio = BIO_new_accept(port);
+	if (!acbio)
+		goto err;
+	BIO_set_accept_bios(acbio, bufbio);
+	bufbio = NULL;
+
+	if (BIO_do_accept(acbio) <= 0)
+		{
+			BIO_printf(bio_err, "Error setting up accept BIO\n");
+			ERR_print_errors(bio_err);
+			goto err;
+		}
+
+	return acbio;
+
+	err:
+	BIO_free_all(acbio);
+	BIO_free(bufbio);
+	return NULL;
+	}
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+	{
+	int have_post = 0, len;
+	OCSP_REQUEST *req = NULL;
+	char inbuf[1024];
+	BIO *cbio = NULL;
+
+	if (BIO_do_accept(acbio) <= 0)
+		{
+			BIO_printf(bio_err, "Error accepting connection\n");
+			ERR_print_errors(bio_err);
+			return 0;
+		}
+
+	cbio = BIO_pop(acbio);
+	*pcbio = cbio;
+
+	for(;;)
+		{
+		len = BIO_gets(cbio, inbuf, sizeof inbuf);
+		if (len <= 0)
+			return 1;
+		/* Look for "POST" signalling start of query */
+		if (!have_post)
+			{
+			if(strncmp(inbuf, "POST", 4))
+				{
+				BIO_printf(bio_err, "Invalid request\n");
+				return 1;
+				}
+			have_post = 1;
+			}
+		/* Look for end of headers */
+		if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+			break;
+		}
+
+	/* Try to read OCSP request */
+
+	req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+	if (!req)
+		{
+		BIO_printf(bio_err, "Error parsing OCSP request\n");
+		ERR_print_errors(bio_err);
+		}
+
+	*preq = req;
+
+	return 1;
+
+	}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+	{
+	char http_resp[] = 
+		"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+		"Content-Length: %d\r\n\r\n";
+	if (!cbio)
+		return 0;
+	BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+	i2d_OCSP_RESPONSE_bio(cbio, resp);
+	BIO_flush(cbio);
+	return 1;
+	}
+
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 24450dd..4789647 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -55,11 +55,66 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #define OPENSSL_C /* tells apps.h to use complete apps_startup() */
+#include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
@@ -67,31 +122,104 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#include "apps.h"
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
 
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+ * base prototypes (we cast each variable inside the function to the required
+ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+ * functions. */
+
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
+static unsigned long MS_CALLBACK hash(const void *a_void);
+/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
+static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
 char *default_config_file=NULL;
 
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
+CONF *config=NULL;
 BIO *bio_err=NULL;
 #endif
 
+
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+	{
+	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+	const char *errstr = NULL;
+	int rw;
+	
+	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+	if (type < 0 || type > CRYPTO_NUM_LOCKS)
+		{
+		errstr = "type out of bounds";
+		goto err;
+		}
+
+	if (mode & CRYPTO_LOCK)
+		{
+		if (modes[type])
+			{
+			errstr = "already locked";
+			/* must not happen in a single-threaded program
+			 * (would deadlock) */
+			goto err;
+			}
+
+		modes[type] = rw;
+		}
+	else if (mode & CRYPTO_UNLOCK)
+		{
+		if (!modes[type])
+			{
+			errstr = "not locked";
+			goto err;
+			}
+		
+		if (modes[type] != rw)
+			{
+			errstr = (rw == CRYPTO_READ) ?
+				"CRYPTO_r_unlock on write lock" :
+				"CRYPTO_w_unlock on read lock";
+			}
+
+		modes[type] = 0;
+		}
+	else
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+ err:
+	if (errstr)
+		{
+		/* we cannot use bio_err here */
+		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+			errstr, mode, type, file, line);
+		}
+	}
+
+
 int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	39
 	char pname[PROG_NAME_SIZE+1];
 	FUNCTION f,*fp;
-	MS_STATIC char *prompt,buf[1024],config_name[256];
+	MS_STATIC char *prompt,buf[1024];
+	char *to_free=NULL;
 	int n,i,ret=0;
 	int argc;
 	char **argv,*p;
@@ -101,41 +229,56 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;
 
-	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-		CRYPTO_malloc_debug_init();
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	apps_startup();
-
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-	ERR_load_crypto_strings();
+	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
+		{
+		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
+			{
+			CRYPTO_malloc_debug_init();
+			CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+			}
+		else
+			{
+			/* OPENSSL_DEBUG_MEMORY=off */
+			CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+			}
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#if 0
+	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+#endif
+		{
+		CRYPTO_set_locking_callback(lock_dbg_cb);
+		}
+
+	apps_startup();
 
 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
 	if (p == NULL)
 		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
-		strcat(config_name,"/");
-#endif
-		strcat(config_name,OPENSSL_CONF);
-		p=config_name;
-		}
+		p=to_free=make_config_name();
 
 	default_config_file=p;
 
-	config=CONF_load(config,p,&errline);
-	if (config == NULL) ERR_clear_error();
+	config=NCONF_new(NULL);
+	i=NCONF_load(config,p,&errline);
+	if (i == 0)
+		{
+		NCONF_free(config);
+		config = NULL;
+		ERR_clear_error();
+		}
 
 	prog=prog_init();
 
 	/* first check the program name */
-	program_name(Argv[0],pname,PROG_NAME_SIZE);
+	program_name(Argv[0],pname,sizeof pname);
 
 	f.name=pname;
 	fp=(FUNCTION *)lh_retrieve(prog,&f);
@@ -163,7 +306,7 @@ int main(int Argc, char *Argv[])
 		{
 		ret=0;
 		p=buf;
-		n=1024;
+		n=sizeof buf;
 		i=0;
 		for (;;)
 			{
@@ -197,25 +340,25 @@ int main(int Argc, char *Argv[])
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
 end:
+	if (to_free)
+		OPENSSL_free(to_free);
 	if (config != NULL)
 		{
-		CONF_free(config);
+		NCONF_free(config);
 		config=NULL;
 		}
 	if (prog != NULL) lh_free(prog);
 	if (arg.data != NULL) OPENSSL_free(arg.data);
-	ERR_remove_state(0);
 
-	EVP_cleanup();
-	ERR_free_strings();
-	
+	apps_shutdown();
+
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 #define LIST_STANDARD_COMMANDS "list-standard-commands"
@@ -238,7 +381,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 	else if ((strncmp(argv[0],"no-",3)) == 0)
 		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -275,7 +418,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
 			list_type = FUNC_TYPE_CIPHER;
 		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -350,19 +493,23 @@ static LHASH *prog_init(void)
 	    ;
 	qsort(functions,i,sizeof *functions,SortFnByName);
 
-	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
+	if ((ret=lh_new(hash, cmp)) == NULL)
+		return(NULL);
 
 	for (f=functions; f->name != NULL; f++)
 		lh_insert(ret,f);
 	return(ret);
 	}
 
-static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
+/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
+static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
 	{
-	return(strncmp(a->name,b->name,8));
+	return(strncmp(((FUNCTION *)a_void)->name,
+			((FUNCTION *)b_void)->name,8));
 	}
 
-static unsigned long MS_CALLBACK hash(FUNCTION *a)
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
+static unsigned long MS_CALLBACK hash(const void *a_void)
 	{
-	return(lh_strhash(a->name));
+	return(lh_strhash(((FUNCTION *)a_void)->name));
 	}
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index dbe8cbe..eca51c3 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf
@@ -48,6 +48,14 @@ RANDFILE	= $dir/private/.rand	# private random number file
 
 x509_extensions	= usr_cert		# The extentions to add to the cert
 
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
@@ -132,7 +140,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64
 
 emailAddress			= Email Address
-emailAddress_max		= 40
+emailAddress_max		= 64
 
 # SET-ex3			= SET extension number 3
 
@@ -180,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
 
 # Copy subject details
 # issuerAltName=issuer:copy
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index ea2b089..3ad91d8 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -1,10 +1,10 @@
 /* apps/passwd.c */
 
-#if defined NO_MD5 || defined CHARSET_EBCDIC
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
 # define NO_MD5CRYPT_1
 #endif
 
-#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
 
 #include <assert.h>
 #include <string.h>
@@ -15,8 +15,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
-
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 # include <openssl/des.h>
 #endif
 #ifndef NO_MD5CRYPT_1
@@ -50,6 +49,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
  * -salt string  - salt
  * -in file      - read passwords from file
  * -stdin        - read passwords from stdin
+ * -noverify     - never verify when reading password from terminal
  * -quiet        - no warnings
  * -table        - format output as table
  * -reverse      - switch table columns
@@ -62,6 +62,7 @@ int MAIN(int argc, char **argv)
 	int ret = 1;
 	char *infile = NULL;
 	int in_stdin = 0;
+	int in_noverify = 0;
 	char *salt = NULL, *passwd = NULL, **passwds = NULL;
 	char *salt_malloc = NULL, *passwd_malloc = NULL;
 	size_t passwd_malloc_size = 0;
@@ -77,11 +78,14 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	out = BIO_new(BIO_s_file());
 	if (out == NULL)
 		goto err;
 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
@@ -128,6 +132,8 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+		else if (strcmp(argv[i], "-noverify") == 0)
+			in_noverify = 1;
 		else if (strcmp(argv[i], "-quiet") == 0)
 			quiet = 1;
 		else if (strcmp(argv[i], "-table") == 0)
@@ -153,7 +159,7 @@ int MAIN(int argc, char **argv)
 		badopt = 1;
 
 	/* reject unsupported algorithms */
-#ifdef NO_DES
+#ifdef OPENSSL_NO_DES
 	if (usecrypt) badopt = 1;
 #endif
 #ifdef NO_MD5CRYPT_1
@@ -164,7 +170,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
 		BIO_printf(bio_err, "where options are\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
 #ifndef NO_MD5CRYPT_1
@@ -174,6 +180,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-salt string       use provided salt\n");
 		BIO_printf(bio_err, "-in file           read passwords from file\n");
 		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
+		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
 		BIO_printf(bio_err, "-quiet             no warnings\n");
 		BIO_printf(bio_err, "-table             format output as table\n");
 		BIO_printf(bio_err, "-reverse           switch table columns\n");
@@ -222,7 +229,7 @@ int MAIN(int argc, char **argv)
 		
 		passwds = passwds_static;
 		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}
@@ -284,7 +291,8 @@ err:
 		BIO_free(in);
 	if (out)
 		BIO_free_all(out);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 
@@ -305,7 +313,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n, i;
-	MD5_CTX md;
+	EVP_MD_CTX md,md2;
 	size_t passwd_len, salt_len;
 
 	passwd_len = strlen(passwd);
@@ -320,49 +328,47 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	
-	MD5_Init(&md);
-	MD5_Update(&md, passwd, passwd_len);
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, magic, strlen(magic));
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, salt_out, salt_len);
+	EVP_MD_CTX_init(&md);
+	EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+	EVP_DigestUpdate(&md, passwd, passwd_len);
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, magic, strlen(magic));
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, salt_out, salt_len);
 	
-	 {
-		MD5_CTX md2;
+	EVP_MD_CTX_init(&md2);
+	EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+	EVP_DigestUpdate(&md2, passwd, passwd_len);
+	EVP_DigestUpdate(&md2, salt_out, salt_len);
+	EVP_DigestUpdate(&md2, passwd, passwd_len);
+	EVP_DigestFinal_ex(&md2, buf, NULL);
 
-		MD5_Init(&md2);
-		MD5_Update(&md2, passwd, passwd_len);
-		MD5_Update(&md2, salt_out, salt_len);
-		MD5_Update(&md2, passwd, passwd_len);
-		MD5_Final(buf, &md2);
-	 }
 	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-		MD5_Update(&md, buf, sizeof buf);
-	MD5_Update(&md, buf, i);
+		EVP_DigestUpdate(&md, buf, sizeof buf);
+	EVP_DigestUpdate(&md, buf, i);
 	
 	n = passwd_len;
 	while (n)
 		{
-		MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
 		n >>= 1;
 		}
-	MD5_Final(buf, &md);
+	EVP_DigestFinal_ex(&md, buf, NULL);
 
 	for (i = 0; i < 1000; i++)
 		{
-		MD5_CTX md2;
-
-		MD5_Init(&md2);
-		MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
-		                 (i & 1) ? passwd_len : sizeof buf);
+		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+		                       (i & 1) ? passwd_len : sizeof buf);
 		if (i % 3)
-			MD5_Update(&md2, salt_out, salt_len);
+			EVP_DigestUpdate(&md2, salt_out, salt_len);
 		if (i % 7)
-			MD5_Update(&md2, passwd, passwd_len);
-		MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
-		                 (i & 1) ? sizeof buf : passwd_len);
-		MD5_Final(buf, &md2);
+			EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+		                       (i & 1) ? sizeof buf : passwd_len);
+		EVP_DigestFinal_ex(&md2, buf, NULL);
 		}
+	EVP_MD_CTX_cleanup(&md2);
 	
 	 {
 		/* transform buf into output string */
@@ -400,6 +406,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 		*output = 0;
 		assert(strlen(out_buf) < sizeof(out_buf));
 	 }
+	EVP_MD_CTX_cleanup(&md);
 
 	return out_buf;
 	}
@@ -418,7 +425,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	/* first make sure we have a salt */
 	if (!passed_salt)
 		{
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		if (usecrypt)
 			{
 			if (*salt_malloc_p == NULL)
@@ -437,7 +444,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			                                    * back to ASCII */
 #endif
 			}
-#endif /* !NO_DES */
+#endif /* !OPENSSL_NO_DES */
 
 #ifndef NO_MD5CRYPT_1
 		if (use1 || useapr1)
@@ -472,9 +479,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(strlen(passwd) <= pw_maxlen);
 	
 	/* now compute password hash */
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	if (usecrypt)
-		hash = des_crypt(passwd, *salt_p);
+		hash = DES_crypt(passwd, *salt_p);
 #endif
 #ifndef NO_MD5CRYPT_1
 	if (use1 || useapr1)
@@ -498,6 +505,6 @@ err:
 int MAIN(int argc, char **argv)
 	{
 	fputs("Program not available.\n", stderr)
-	EXIT(1);
+	OPENSSL_EXIT(1);
 	}
 #endif
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index aeba62e..8d1babe 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -1,5 +1,5 @@
 /* pkcs12.c */
-#if !defined(NO_DES) && !defined(NO_SHA1)
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project 1999.
@@ -69,7 +69,7 @@
 
 #define PROG pkcs12_main
 
-EVP_CIPHER *enc;
+const EVP_CIPHER *enc;
 
 
 #define NOKEYS		0x1
@@ -92,11 +92,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+    ENGINE *e = NULL;
     char *infile=NULL, *outfile=NULL, *keyname = NULL;	
     char *certfile=NULL;
-    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
+    BIO *in=NULL, *out = NULL;
     char **args;
     char *name = NULL;
+    char *csp_name = NULL;
     PKCS12 *p12 = NULL;
     char pass[50], macpass[50];
     int export_cert = 0;
@@ -118,12 +120,16 @@ int MAIN(int argc, char **argv)
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
     char *CApath = NULL, *CAfile = NULL;
+    char *engine=NULL;
 
     apps_startup();
 
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
     args = argv + 1;
 
 
@@ -144,10 +150,15 @@ int MAIN(int argc, char **argv)
     			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 		else if (!strcmp (*args, "-export")) export_cert = 1;
 		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
 		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_AES
+		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
 		else if (!strcmp (*args, "-noiter")) iter = 1;
 		else if (!strcmp (*args, "-maciter"))
 					 maciter = PKCS12_DEFAULT_ITER;
@@ -194,6 +205,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			name = *args;
 		    } else badarg = 1;
+		} else if (!strcmp (*args, "-CSP")) {
+		    if (args[1]) {
+			args++;	
+			csp_name = *args;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
@@ -236,6 +252,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
+		} else if (!strcmp(*args,"-engine")) {
+		    if (args[1]) {
+			args++;	
+			engine = *args;
+		    } else badarg = 1;
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -264,9 +285,13 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
 	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
 	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
+#ifndef OPENSSL_NO_AES
+	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
+#endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
 	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
 	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
@@ -279,12 +304,15 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
     }
 
+    e = setup_engine(bio_err, engine, 0);
+
     if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -329,6 +357,7 @@ int MAIN(int argc, char **argv)
 	    goto end;
    }
 
+#if 0
    if (certfile) {
     	if(!(certsin = BIO_new_file(certfile, "r"))) {
 	    BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
@@ -344,6 +373,7 @@ int MAIN(int argc, char **argv)
 	    goto end;
 	}
      }
+#endif
 
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
@@ -352,7 +382,7 @@ int MAIN(int argc, char **argv)
 
     if (!outfile) {
 	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	{
 	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	    out = BIO_push(tmpbio, out);
@@ -369,7 +399,7 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("read MAC password");
 #endif
-	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
+	if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
 	{
     	    BIO_printf (bio_err, "Can't read Password\n");
     	    goto end;
@@ -397,12 +427,9 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("process -export_cert");
 	CRYPTO_push_info("reading private key");
 #endif
-	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
-	if (!inkey) (void) BIO_reset(in);
-	else BIO_free(inkey);
+	key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
+		passin, e, "private key");
 	if (!key) {
-		BIO_printf (bio_err, "Error loading private key\n");
-		ERR_print_errors(bio_err);
 		goto export_end;
 	}
 
@@ -411,12 +438,9 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("reading certs from input");
 #endif
 
-	certs = sk_X509_new_null();
-
 	/* Load in all certs in input file */
-	if(!cert_load(in, certs)) {
-		BIO_printf(bio_err, "Error loading certificates from input\n");
-		ERR_print_errors(bio_err);
+	if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+		"certificates"))) {
 		goto export_end;
 	}
 
@@ -446,13 +470,17 @@ int MAIN(int argc, char **argv)
 	bags = sk_PKCS12_SAFEBAG_new_null ();
 
 	/* Add any more certificates asked for */
-	if (certsin) {
-		if(!cert_load(certsin, certs)) {
-			BIO_printf(bio_err, "Error loading certificates from certfile\n");
-			ERR_print_errors(bio_err);
+	if (certfile) {
+		STACK_OF(X509) *morecerts=NULL;
+		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+					    NULL, e,
+					    "certificates from certfile"))) {
 			goto export_end;
 		}
-	    	BIO_free(certsin);
+		while(sk_X509_num(morecerts) > 0) {
+			sk_X509_push(certs, sk_X509_shift(morecerts));
+		}
+		sk_X509_free(morecerts);
  	}
 
 #ifdef CRYPTO_MDEBUG
@@ -480,9 +508,10 @@ int MAIN(int argc, char **argv)
 		    /* Exclude verified certificate */
 		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
 			sk_X509_push(certs, sk_X509_value (chain2, i));
-		}
-		sk_X509_free(chain2);
-		if (vret) {
+		    /* Free first certificate */
+		    X509_free(sk_X509_value(chain2, 0));
+		    sk_X509_free(chain2);
+		} else {
 			BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			goto export_end;
@@ -498,7 +527,7 @@ int MAIN(int argc, char **argv)
 	for(i = 0; i < sk_X509_num(certs); i++) {
 		X509 *cert = NULL;
 		cert = sk_X509_value(certs, i);
-		bag = M_PKCS12_x5092certbag(cert);
+		bag = PKCS12_x5092certbag(cert);
 		/* If it matches private key set id */
 		if(cert == ucert) {
 			if(name) PKCS12_add_friendlyname(bag, name, -1);
@@ -509,8 +538,6 @@ int MAIN(int argc, char **argv)
 	}
 	sk_X509_pop_free(certs, X509_free);
 	certs = NULL;
-	/* ucert is part of certs so it is already freed */
-	ucert = NULL;
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -518,7 +545,7 @@ int MAIN(int argc, char **argv)
 #endif
 
 	if(!noprompt &&
-		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
+		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto export_end;
         }
@@ -549,6 +576,7 @@ int MAIN(int argc, char **argv)
 	PKCS8_PRIV_KEY_INFO_free(p8);
 	p8 = NULL;
         if (name) PKCS12_add_friendlyname (bag, name, -1);
+	if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
 	PKCS12_add_localkeyid (bag, keyid, keyidlen);
 	bags = sk_PKCS12_SAFEBAG_new_null();
 	sk_PKCS12_SAFEBAG_push (bags, bag);
@@ -569,9 +597,9 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("building pkcs12");
 #endif
 
-	p12 = PKCS12_init (NID_pkcs7_data);
+	p12 = PKCS12_init(NID_pkcs7_data);
 
-	M_PKCS12_pack_authsafes (p12, safes);
+	PKCS12_pack_authsafes(p12, safes);
 
 	sk_PKCS7_pop_free(safes, PKCS7_free);
 	safes = NULL;
@@ -598,7 +626,6 @@ int MAIN(int argc, char **argv)
 	if (certs) sk_X509_pop_free(certs, X509_free);
 	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
 	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	if (ucert) X509_free(ucert);
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -615,7 +642,7 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("read import password");
 #endif
-    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
+    if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
 	BIO_printf (bio_err, "Can't read Password\n");
 	goto end;
     }
@@ -668,7 +695,8 @@ int MAIN(int argc, char **argv)
     if (canames) sk_free(canames);
     if(passin) OPENSSL_free(passin);
     if(passout) OPENSSL_free(passout);
-    EXIT(ret);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
 }
 
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
@@ -679,20 +707,20 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	int i, bagnid;
 	PKCS7 *p7;
 
-	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
-			bags = M_PKCS12_unpack_p7data (p7);
+			bags = PKCS12_unpack_p7data(p7);
 			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
 		} else if (bagnid == NID_pkcs7_encrypted) {
 			if (options & INFO) {
-				BIO_printf (bio_err, "PKCS7 Encrypted data: ");
-				alg_print (bio_err, 
+				BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+				alg_print(bio_err, 
 					p7->d.encrypted->enc_data->algorithm);
 			}
-			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
 		} else continue;
 		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
@@ -747,7 +775,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		}
 		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
-		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
 				return 0;
 		if (!(pkey = EVP_PKCS82PKEY (p8))) {
 			PKCS8_PRIV_KEY_INFO_free(p8);
@@ -768,7 +796,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
-		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
 		dump_cert_text (out, x509);
 		PEM_write_bio_X509 (out, x509);
 		X509_free(x509);
@@ -800,6 +828,9 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 	STACK_OF(X509) *chn;
 	int i;
 
+	/* FIXME: Should really check the return status of X509_STORE_CTX_init
+	 * for an error, but how that fits into the return value of this
+	 * function is less obvious. */
 	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
 	if (X509_verify_cert(&store_ctx) <= 0) {
 		i = X509_STORE_CTX_get_error (&store_ctx);
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
index a9fff11..738dd85 100644
--- a/crypto/openssl/apps/pkcs7.c
+++ b/crypto/openssl/apps/pkcs7.c
@@ -82,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -89,6 +90,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=1;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -132,6 +134,11 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +161,15 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
-		EXIT(1);
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+		ret = 1;
+		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -198,7 +209,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -289,5 +300,6 @@ end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
index 7b588e4..1debccb 100644
--- a/crypto/openssl/apps/pkcs8.c
+++ b/crypto/openssl/apps/pkcs8.c
@@ -63,13 +63,13 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 
-#include "apps.h"
 #define PROG pkcs8_main
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -82,12 +82,19 @@ int MAIN(int argc, char **argv)
 	int nocrypt = 0;
 	X509_SIG *p8;
 	PKCS8_PRIV_KEY_INFO *p8inf;
-	EVP_PKEY *pkey;
+	EVP_PKEY *pkey=NULL;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
+	char *engine=NULL;
+
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
+
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -138,6 +145,11 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
+			engine= *(++args);
+			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -170,9 +182,12 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
@@ -196,28 +211,21 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
-	if (topk8) {
-		if(informat == FORMAT_PEM)
-			pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
-		else if(informat == FORMAT_ASN1)
-			pkey = d2i_PrivateKey_bio(in, NULL);
-		else {
-			BIO_printf(bio_err, "Bad format specified for key\n");
-			return (1);
-		}
+	if (topk8)
+		{
+		BIO_free(in); /* Not needed in this section */
+		pkey = load_key(bio_err, infile, informat, 1,
+			passin, e, "key");
 		if (!pkey) {
-			BIO_printf(bio_err, "Error reading key\n", outfile);
-			ERR_print_errors(bio_err);
 			return (1);
 		}
-		BIO_free(in);
 		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			BIO_printf(bio_err, "Error converting key\n", outfile);
 			ERR_print_errors(bio_err);
@@ -236,7 +244,8 @@ int MAIN(int argc, char **argv)
 			if(passout) p8pass = passout;
 			else {
 				p8pass = pass;
-				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
+					return (1);
 			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
@@ -293,9 +302,9 @@ int MAIN(int argc, char **argv)
 		if(passin) p8pass = passin;
 		else {
 			p8pass = pass;
-			EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
 		}
-		p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
 	}
 
@@ -342,6 +351,7 @@ int MAIN(int argc, char **argv)
 			return (1);
 	}
 
+	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h
index fbc65de..752385d 100644
--- a/crypto/openssl/apps/progs.h
+++ b/crypto/openssl/apps/progs.h
@@ -35,6 +35,8 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
+extern int engine_main(int argc,char *argv[]);
+extern int ocsp_main(int argc,char *argv[]);
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -51,205 +53,239 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
 	{FUNC_TYPE_GENERAL,"req",req_main},
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
 	{FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(NO_DES) && !defined(NO_SHA1)
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
 #endif
 	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
+	{FUNC_TYPE_GENERAL,"engine",engine_main},
+	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+#ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
 	{FUNC_TYPE_MD,"md4",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD5
 	{FUNC_TYPE_MD,"md5",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA
 	{FUNC_TYPE_MD,"sha",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA1
 	{FUNC_TYPE_MD,"sha1",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MDC2
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
 	{FUNC_TYPE_MD,"rmd160",dgst_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
+#endif
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des3",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"desx",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl
index 214025c..d6a40ed 100644
--- a/crypto/openssl/apps/progs.pl
+++ b/crypto/openssl/apps/progs.pl
@@ -28,15 +28,15 @@ foreach (@ARGV)
 	push(@files,$_);
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; } 
+		{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
-		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
+		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
+		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
-		{ print "#ifndef NO_DH\n${str}#endif\n"; }
+		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))
-		{ print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; }
+		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
 	else
 		{ print $str; }
 	}
@@ -44,10 +44,13 @@ foreach (@ARGV)
 foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
-	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
+	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
 	}
 
 foreach (
+	"aes-128-cbc", "aes-128-ecb",
+	"aes-192-cbc", "aes-192-ecb",
+	"aes-256-cbc", "aes-256-ecb",
 	"base64",
 	"des", "des3", "desx", "idea", "rc4", "rc4-40",
 	"rc2", "bf", "cast", "rc5",
@@ -64,13 +67,14 @@ foreach (
 	push(@files,$_);
 
 	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BF\n${t}#endif\n"; }
-	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
-	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
+	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
+	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
+	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
+	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
+	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
+	elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
+	elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
+	elsif ($_ =~ /rc5/)  { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
index 04764d7..eaaa6e3 100644
--- a/crypto/openssl/apps/rand.c
+++ b/crypto/openssl/apps/rand.c
@@ -1,4 +1,57 @@
 /* apps/rand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include "apps.h"
 
@@ -23,6 +76,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -30,6 +84,7 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -37,6 +92,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto err;
+
 	badopt = 0;
 	i = 0;
 	while (!badopt && argv[++i] != NULL)
@@ -48,6 +106,13 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+		else if (strcmp(argv[i], "-engine") == 0)
+			{
+			if ((argv[i+1] != NULL) && (engine == NULL))
+				engine = argv[++i];
+			else
+				badopt = 1;
+			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +149,15 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file            - write to file\n");
-		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64              - encode output\n");
+		BIO_printf(bio_err, "-out file             - write to file\n");
+		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -103,7 +171,7 @@ int MAIN(int argc, char **argv)
 	else
 		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -144,5 +212,6 @@ err:
 	ERR_print_errors(bio_err);
 	if (out)
 		BIO_free_all(out);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index 11c4e5f..cffdcd1 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include "../crypto/cryptlib.h"
 
 #define SECTION		"req"
 
@@ -84,6 +85,7 @@
 #define V3_EXTENSIONS	"x509_extensions"
 #define REQ_EXTENSIONS	"req_extensions"
 #define STRING_MASK	"string_mask"
+#define UTF8_IN		"utf8"
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
@@ -101,36 +103,41 @@
  * -nodes	- no des encryption
  * -config file	- Load configuration file.
  * -key file	- make a request using key in file (or use it for verification).
- * -keyform	- key file format.
+ * -keyform arg	- key file format.
  * -rand file(s) - load the file(s) into the PRNG.
  * -newkey	- make a key and a request.
  * -modulus	- print RSA modulus.
+ * -pubkey	- output Public Key.
  * -x509	- output a self signed X509 structure instead.
  * -asn1-kludge	- output new certificate request in a format that some CA's
  *		  require.  This format is wrong
  */
 
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs,
+		unsigned long chtype);
+static int build_subject(X509_REQ *req, char *subj, unsigned long chtype);
 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
-		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
+		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+		unsigned long chtype);
 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
-				STACK_OF(CONF_VALUE) *attr, int attribs);
+				STACK_OF(CONF_VALUE) *attr, int attribs,
+				unsigned long chtype);
 static int add_attribute_object(X509_REQ *req, char *text,
-				char *def, char *value, int nid, int min,
-				int max);
+				char *def, char *value, int nid, int n_min,
+				int n_max, unsigned long chtype);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	int nid,int min,int max);
-#ifndef NO_RSA
+	int nid,int n_min,int n_max, unsigned long chtype);
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
-static int req_check_len(int len,int min,int max);
+static int req_check_len(int len,int n_min,int n_max);
 static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
-static LHASH *config=NULL;
 #endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
+static int batch=0;
 
 #define TYPE_RSA	1
 #define TYPE_DSA	2
@@ -140,33 +147,41 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef NO_DSA
+	ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
 #endif
+	unsigned long nmflag = 0, reqflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
 	EVP_PKEY *pkey=NULL;
-	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+	int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+	long newkey = -1;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0;
+	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
-	EVP_CIPHER *cipher=NULL;
+	const EVP_CIPHER *cipher=NULL;
+	ASN1_INTEGER *serial = NULL;
 	int modulus=0;
 	char *inrand=NULL;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *p;
+	char *subj = NULL;
 	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
-	MS_STATIC char config_name[256];
+	char *to_free;
+	long errline;
 #endif
 
 	req_conf = NULL;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	cipher=EVP_des_ede3_cbc();
 #endif
 	apps_startup();
@@ -195,14 +210,22 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-pubkey") == 0)
+			{
+			pubkey=1;
+			}
 		else if (strcmp(*argv,"-new") == 0)
 			{
-			pkey_type=TYPE_RSA;
 			newreq=1;
 			}
 		else if (strcmp(*argv,"-config") == 0)
@@ -260,7 +283,7 @@ int MAIN(int argc, char **argv)
 				newkey= atoi(p);
 				}
 			else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
@@ -300,7 +323,7 @@ int MAIN(int argc, char **argv)
 				}
 			else 
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
@@ -312,6 +335,8 @@ int MAIN(int argc, char **argv)
 
 			newreq=1;
 			}
+		else if (strcmp(*argv,"-batch") == 0)
+			batch=1;
 		else if (strcmp(*argv,"-newhdr") == 0)
 			newhdr=1;
 		else if (strcmp(*argv,"-modulus") == 0)
@@ -322,6 +347,22 @@ int MAIN(int argc, char **argv)
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
+		else if (strcmp(*argv,"-verbose") == 0)
+			verbose=1;
+		else if (strcmp(*argv,"-utf8") == 0)
+			chtype = MBSTRING_UTF8;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-reqopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-subject") == 0)
+			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -330,12 +371,23 @@ int MAIN(int argc, char **argv)
 			kludge=1;
 		else if (strcmp(*argv,"-no-asn1-kludge") == 0)
 			kludge=0;
+		else if (strcmp(*argv,"-subj") == 0)
+			{
+			if (--argc < 1) goto bad;
+			subj= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
 			days= atoi(*(++argv));
 			if (days == 0) days=30;
 			}
+		else if (strcmp(*argv,"-set_serial") == 0)
+			{
+			if (--argc < 1) goto bad;
+			serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+			if (!serial) goto bad;
+			}
 		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			{
 			/* ok */
@@ -371,11 +423,15 @@ bad:
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");
+		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -noout         do not output REQ\n");
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-		BIO_printf(bio_err," -key file	use the private key contained in file\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+		BIO_printf(bio_err," -subject       output the request's subject\n");
+		BIO_printf(bio_err," -passin        private key password source\n");
+		BIO_printf(bio_err," -key file      use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
@@ -385,14 +441,20 @@ bad:
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
+		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
 		BIO_printf(bio_err," -new           new request.\n");
+		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
+		BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
+		BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
 		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
 		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
 		BIO_printf(bio_err,"                have been reported as requiring\n");
 		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
 		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
+		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+		BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
+		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
 		goto end;
 		}
 
@@ -408,25 +470,21 @@ bad:
 	if (p == NULL)
 		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
-		strcat(config_name,"/");
-#endif
-		strcat(config_name,OPENSSL_CONF);
-		p=config_name;
-		}
+		p=to_free=make_config_name();
 	default_config_file=p;
-	config=CONF_load(config,p,NULL);
+	config=NCONF_new(NULL);
+	i=NCONF_load(config, p, &errline);
 #endif
 
 	if (template != NULL)
 		{
-		long errline;
+		long errline = -1;
 
-		BIO_printf(bio_err,"Using configuration from %s\n",template);
-		req_conf=CONF_load(NULL,template,&errline);
-		if (req_conf == NULL)
+		if( verbose )
+			BIO_printf(bio_err,"Using configuration from %s\n",template);
+		req_conf=NCONF_new(NULL);
+		i=NCONF_load(req_conf,template,&errline);
+		if (i == 0)
 			{
 			BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
 			goto end;
@@ -435,7 +493,8 @@ bad:
 	else
 		{
 		req_conf=config;
-		BIO_printf(bio_err,"Using configuration from %s\n",
+		if( verbose )
+			BIO_printf(bio_err,"Using configuration from %s\n",
 			default_config_file);
 		if (req_conf == NULL)
 			{
@@ -445,7 +504,11 @@ bad:
 
 	if (req_conf != NULL)
 		{
-		p=CONF_get_string(req_conf,NULL,"oid_file");
+		if (!load_config(bio_err, req_conf))
+			goto end;
+		p=NCONF_get_string(req_conf,NULL,"oid_file");
+		if (p == NULL)
+			ERR_clear_error();
 		if (p != NULL)
 			{
 			BIO *oid_bio;
@@ -465,23 +528,32 @@ bad:
 				}
 			}
 		}
-		if(!add_oid_section(bio_err, req_conf)) goto end;
+	if(!add_oid_section(bio_err, req_conf)) goto end;
 
-	if ((md_alg == NULL) &&
-		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+	if (md_alg == NULL)
 		{
-		if ((md_alg=EVP_get_digestbyname(p)) != NULL)
-			digest=md_alg;
+		p=NCONF_get_string(req_conf,SECTION,"default_md");
+		if (p == NULL)
+			ERR_clear_error();
+		if (p != NULL)
+			{
+			if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+				digest=md_alg;
+			}
 		}
 
-	if(!extensions)
-		extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-	if(extensions) {
+	if (!extensions)
+		{
+		extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+		if (!extensions)
+			ERR_clear_error();
+		}
+	if (extensions) {
 		/* Check syntax of file */
 		X509V3_CTX ctx;
 		X509V3_set_ctx_test(&ctx);
-		X509V3_set_conf_lhash(&ctx, req_conf);
-		if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+		X509V3_set_nconf(&ctx, req_conf);
+		if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
 			BIO_printf(bio_err,
 			 "Error Loading extension section %s\n", extensions);
 			goto end;
@@ -489,26 +561,50 @@ bad:
 	}
 
 	if(!passin)
-		passin = CONF_get_string(req_conf, SECTION, "input_password");
-
+		{
+		passin = NCONF_get_string(req_conf, SECTION, "input_password");
+		if (!passin)
+			ERR_clear_error();
+		}
+	
 	if(!passout)
-		passout = CONF_get_string(req_conf, SECTION, "output_password");
+		{
+		passout = NCONF_get_string(req_conf, SECTION, "output_password");
+		if (!passout)
+			ERR_clear_error();
+		}
 
-	p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+	p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+	if (!p)
+		ERR_clear_error();
 
 	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
 		BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
 		goto end;
 	}
 
+	if (chtype != MBSTRING_UTF8)
+		{
+		p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+		if (!p)
+			ERR_clear_error();
+		else if (!strcmp(p, "yes"))
+			chtype = MBSTRING_UTF8;
+		}
+
+
 	if(!req_exts)
-		req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+		{
+		req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+		if (!req_exts)
+			ERR_clear_error();
+		}
 	if(req_exts) {
 		/* Check syntax of file */
 		X509V3_CTX ctx;
 		X509V3_set_ctx_test(&ctx);
-		X509V3_set_conf_lhash(&ctx, req_conf);
-		if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+		X509V3_set_nconf(&ctx, req_conf);
+		if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
 			BIO_printf(bio_err,
 			 "Error Loading request extension section %s\n",
 								req_exts);
@@ -521,49 +617,39 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (keyfile != NULL)
 		{
-		if (BIO_read_filename(in,keyfile) <= 0)
-			{
-			perror(keyfile);
-			goto end;
-			}
-
-		if (keyform == FORMAT_ASN1)
-			pkey=d2i_PrivateKey_bio(in,NULL);
-		else if (keyform == FORMAT_PEM)
-			{
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
-			}
-		else
+		pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
+			"Private Key");
+		if (!pkey)
 			{
-			BIO_printf(bio_err,"bad input format specified for X509 request\n");
-			goto end;
-			}
-
-		if (pkey == NULL)
-			{
-			BIO_printf(bio_err,"unable to load Private key\n");
+			/* load_key() has already printed an appropriate
+			   message */
 			goto end;
 			}
-                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
-			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+			if (randfile == NULL)
+				ERR_clear_error();
 			app_RAND_load_file(randfile, bio_err, 0);
-                	}
+			}
 		}
 
 	if (newreq && (pkey == NULL))
 		{
-		char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+		if (randfile == NULL)
+			ERR_clear_error();
 		app_RAND_load_file(randfile, bio_err, 0);
 		if (inrand)
 			app_RAND_load_files(inrand);
 	
 		if (newkey <= 0)
 			{
-			newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
-			if (newkey <= 0)
+			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
@@ -578,7 +664,7 @@ bad:
 
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
@@ -588,7 +674,7 @@ bad:
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey_type == TYPE_DSA)
 			{
 			if (!DSA_generate_key(dsa_params)) goto end;
@@ -602,13 +688,17 @@ bad:
 		if (pkey == NULL) goto end;
 
 		if (keyout == NULL)
-			keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-
+			{
+			keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
+			if (keyout == NULL)
+				ERR_clear_error();
+			}
+		
 		if (keyout == NULL)
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -625,9 +715,14 @@ bad:
 				}
 			}
 
-		p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+		p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
 		if (p == NULL)
-			p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+			{
+			ERR_clear_error();
+			p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
+			if (p == NULL)
+				ERR_clear_error();
+			}
 		if ((p != NULL) && (strcmp(p,"no") == 0))
 			cipher=NULL;
 		if (nodes) cipher=NULL;
@@ -689,7 +784,7 @@ loop:
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
 #endif
@@ -701,9 +796,13 @@ loop:
 				goto end;
 				}
 
-			i=make_REQ(req,pkey,!x509);
-			if (kludge >= 0)
-				req->req_info->req_kludge=kludge;
+			i=make_REQ(req,pkey,subj,!x509, chtype);
+			subj=NULL; /* done processing '-subj' option */
+			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+				{
+				sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+				req->req_info->attributes = NULL;
+				}
 			if (!i)
 				{
 				BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -718,7 +817,14 @@ loop:
 
 			/* Set version to V3 */
 			if(!X509_set_version(x509ss, 2)) goto end;
-			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+			if (serial)
+				{
+				if (!X509_set_serialNumber(x509ss, serial)) goto end;
+				}
+			else
+				{
+				if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+				}
 
 			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
 			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
@@ -731,18 +837,18 @@ loop:
 			/* Set up V3 context struct */
 
 			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
-			X509V3_set_conf_lhash(&ext_ctx, req_conf);
+			X509V3_set_nconf(&ext_ctx, req_conf);
 
 			/* Add extensions */
-			if(extensions && !X509V3_EXT_add_conf(req_conf, 
+			if(extensions && !X509V3_EXT_add_nconf(req_conf, 
 				 	&ext_ctx, extensions, x509ss))
-			    {
-			    BIO_printf(bio_err,
-				       "Error Loading extension section %s\n",
-				       extensions);
-			    goto end;
-			    }
-
+				{
+				BIO_printf(bio_err,
+					"Error Loading extension section %s\n",
+					extensions);
+				goto end;
+				}
+			
 			if (!(i=X509_sign(x509ss,pkey,digest)))
 				goto end;
 			}
@@ -753,22 +859,51 @@ loop:
 			/* Set up V3 context struct */
 
 			X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
-			X509V3_set_conf_lhash(&ext_ctx, req_conf);
+			X509V3_set_nconf(&ext_ctx, req_conf);
 
 			/* Add extensions */
-			if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
+			if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 
 				 	&ext_ctx, req_exts, req))
-			    {
-			    BIO_printf(bio_err,
-				       "Error Loading extension section %s\n",
-				       req_exts);
-			    goto end;
-			    }
+				{
+				BIO_printf(bio_err,
+					"Error Loading extension section %s\n",
+					req_exts);
+				goto end;
+				}
 			if (!(i=X509_REQ_sign(req,pkey,digest)))
 				goto end;
 			}
 		}
 
+	if (subj && x509)
+		{
+		BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+		goto end;
+		}
+
+	if (subj && !x509)
+		{
+		if (verbose)
+			{
+			BIO_printf(bio_err, "Modifying Request's Subject\n");
+			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+			}
+
+		if (build_subject(req, subj, chtype) == 0)
+			{
+			BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+			ex=1;
+			goto end;
+			}
+
+		req->req_info->enc.modified = 1;
+
+		if (verbose)
+			{
+			print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+			}
+		}
+
 	if (verify && !x509)
 		{
 		int tmp=0;
@@ -793,12 +928,13 @@ loop:
 		else if (i == 0)
 			{
 			BIO_printf(bio_err,"verify failure\n");
+			ERR_print_errors(bio_err);
 			}
 		else /* if (i > 0) */
 			BIO_printf(bio_err,"verify OK\n");
 		}
 
-	if (noout && !text && !modulus)
+	if (noout && !text && !modulus && !subject && !pubkey)
 		{
 		ex=0;
 		goto end;
@@ -807,7 +943,7 @@ loop:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -827,34 +963,57 @@ loop:
 			}
 		}
 
+	if (pubkey)
+		{
+		EVP_PKEY *tpubkey; 
+		tpubkey=X509_REQ_get_pubkey(req);
+		if (tpubkey == NULL)
+			{
+			BIO_printf(bio_err,"Error getting public key\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		PEM_write_bio_PUBKEY(out, tpubkey);
+		EVP_PKEY_free(tpubkey);
+		}
+
 	if (text)
 		{
 		if (x509)
-			X509_print(out,x509ss);
+			X509_print_ex(out, x509ss, nmflag, reqflag);
 		else	
-			X509_REQ_print(out,req);
+			X509_REQ_print_ex(out, req, nmflag, reqflag);
+		}
+
+	if(subject) 
+		{
+		if(x509)
+			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+		else
+			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
 		}
 
 	if (modulus)
 		{
-		EVP_PKEY *pubkey;
+		EVP_PKEY *tpubkey;
 
 		if (x509)
-			pubkey=X509_get_pubkey(x509ss);
+			tpubkey=X509_get_pubkey(x509ss);
 		else
-			pubkey=X509_REQ_get_pubkey(req);
-		if (pubkey == NULL)
+			tpubkey=X509_REQ_get_pubkey(req);
+		if (tpubkey == NULL)
 			{
 			fprintf(stdout,"Modulus=unavailable\n");
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
-#ifndef NO_RSA
-		if (pubkey->type == EVP_PKEY_RSA)
-			BN_print(out,pubkey->pkey.rsa->n);
+#ifndef OPENSSL_NO_RSA
+		if (tpubkey->type == EVP_PKEY_RSA)
+			BN_print(out,tpubkey->pkey.rsa->n);
 		else
 #endif
 			fprintf(stdout,"Wrong Algorithm type");
+		EVP_PKEY_free(tpubkey);
 		fprintf(stdout,"\n");
 		}
 
@@ -893,55 +1052,67 @@ loop:
 		}
 	ex=0;
 end:
+#ifndef MONOLITH
+	if(to_free)
+		OPENSSL_free(to_free);
+#endif
 	if (ex)
 		{
 		ERR_print_errors(bio_err);
 		}
-	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+	if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
 	BIO_free(in);
 	BIO_free_all(out);
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
+	ASN1_INTEGER_free(serial);
 	if(passargin && passin) OPENSSL_free(passin);
 	if(passargout && passout) OPENSSL_free(passout);
 	OBJ_cleanup();
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
-	EXIT(ex);
+	apps_shutdown();
+	OPENSSL_EXIT(ex);
 	}
 
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
+			unsigned long chtype)
 	{
 	int ret=0,i;
 	char no_prompt = 0;
 	STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
 	char *tmp, *dn_sect,*attr_sect;
 
-	tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+	tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
+	if (tmp == NULL)
+		ERR_clear_error();
 	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
 
-	dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+	dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
 	if (dn_sect == NULL)
 		{
 		BIO_printf(bio_err,"unable to find '%s' in config\n",
 			DISTINGUISHED_NAME);
 		goto err;
 		}
-	dn_sk=CONF_get_section(req_conf,dn_sect);
+	dn_sk=NCONF_get_section(req_conf,dn_sect);
 	if (dn_sk == NULL)
 		{
 		BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
 		goto err;
 		}
 
-	attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+	attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
 	if (attr_sect == NULL)
+		{
+		ERR_clear_error();		
 		attr_sk=NULL;
+		}
 	else
 		{
-		attr_sk=CONF_get_section(req_conf,attr_sect);
+		attr_sk=NCONF_get_section(req_conf,attr_sect);
 		if (attr_sk == NULL)
 			{
 			BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@@ -952,8 +1123,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	/* setup version number */
 	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
 
-	if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
-	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+	if (no_prompt) 
+		i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+	else 
+		{
+		if (subj)
+			i = build_subject(req, subj, chtype);
+		else
+			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
+		}
 	if(!i) goto err;
 
 	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
@@ -963,26 +1141,52 @@ err:
 	return(ret);
 	}
 
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
+	{
+	X509_NAME *n;
+
+	if (!(n = do_subject(subject, chtype)))
+		return 0;
+
+	if (!X509_REQ_set_subject_name(req, n))
+		{
+		X509_NAME_free(n);
+		return 0;
+		}
+	X509_NAME_free(n);
+	return 1;
+}
+
 
 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
-		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs)
+		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+		unsigned long chtype)
 	{
 	int i;
 	char *p,*q;
 	char buf[100];
-	int nid,min,max;
+	int nid;
+	long n_min,n_max;
 	char *type,*def,*value;
 	CONF_VALUE *v;
 	X509_NAME *subj;
 	subj = X509_REQ_get_subject_name(req);
-	BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-	BIO_printf(bio_err,"into your certificate request.\n");
-	BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-	BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-	BIO_printf(bio_err,"For some fields there will be a default value,\n");
-	BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-	BIO_printf(bio_err,"-----\n");
+
+	if(!batch)
+		{
+		BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+		BIO_printf(bio_err,"into your certificate request.\n");
+		BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+		BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+		BIO_printf(bio_err,"For some fields there will be a default value,\n");
+		BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+		BIO_printf(bio_err,"-----\n");
+		}
 
 
 	if (sk_CONF_VALUE_num(dn_sk))
@@ -1011,22 +1215,36 @@ start:		for (;;)
 				}
 			/* If OBJ not recognised ignore it */
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
+
+			if(strlen(v->name) > sizeof buf-9)
+			   {
+			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+			   return 0;
+			   }
+
 			sprintf(buf,"%s_default",v->name);
-			if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+				{
+				ERR_clear_error();
 				def="";
-				
+				}
 			sprintf(buf,"%s_value",v->name);
-			if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+				{
+				ERR_clear_error();
 				value=NULL;
+				}
 
 			sprintf(buf,"%s_min",v->name);
-			min=(int)CONF_get_number(req_conf,dn_sect,buf);
+			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+				n_min = -1;
 
 			sprintf(buf,"%s_max",v->name);
-			max=(int)CONF_get_number(req_conf,dn_sect,buf);
+			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+				n_max = -1;
 
 			if (!add_DN_object(subj,v->value,def,value,nid,
-				min,max))
+				n_min,n_max, chtype))
 				return 0;
 			}
 		if (X509_NAME_entry_count(subj) == 0)
@@ -1037,7 +1255,7 @@ start:		for (;;)
 
 		if (attribs)
 			{
-			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
+			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1056,24 +1274,39 @@ start2:			for (;;)
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;
 
+				if(strlen(v->name) > sizeof buf-9)
+				   {
+				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+				   return 0;
+				   }
+
 				sprintf(buf,"%s_default",type);
-				if ((def=CONF_get_string(req_conf,attr_sect,buf))
+				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
+					{
+					ERR_clear_error();
 					def="";
+					}
+				
 				
 				sprintf(buf,"%s_value",type);
-				if ((value=CONF_get_string(req_conf,attr_sect,buf))
+				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
+					{
+					ERR_clear_error();
 					value=NULL;
+					}
 
 				sprintf(buf,"%s_min",type);
-				min=(int)CONF_get_number(req_conf,attr_sect,buf);
+				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+					n_min = -1;
 
 				sprintf(buf,"%s_max",type);
-				max=(int)CONF_get_number(req_conf,attr_sect,buf);
+				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+					n_max = -1;
 
 				if (!add_attribute_object(req,
-					v->value,def,value,nid,min,max))
+					v->value,def,value,nid,n_min,n_max, chtype))
 					return 0;
 				}
 			}
@@ -1089,7 +1322,7 @@ start2:			for (;;)
 	}
 
 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
-			STACK_OF(CONF_VALUE) *attr_sk, int attribs)
+			STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
 	{
 	int i;
 	char *p,*q;
@@ -1117,7 +1350,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 				if(*p) type = p;
 				break;
 			}
-		if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC,
+		if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
 				(unsigned char *) v->value,-1,-1,0)) return 0;
 
 		}
@@ -1132,7 +1365,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 			for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
 				{
 				v=sk_CONF_VALUE_value(attr_sk,i);
-				if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC,
+				if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
 					(unsigned char *)v->value, -1)) return 0;
 				}
 			}
@@ -1141,15 +1374,16 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 
 
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	     int nid, int min, int max)
+	     int nid, int n_min, int n_max, unsigned long chtype)
 	{
 	int i,ret=0;
 	MS_STATIC char buf[1024];
 start:
-	BIO_printf(bio_err,"%s [%s]:",text,def);
+	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
 	(void)BIO_flush(bio_err);
-	if (value != NULL)
+	if(value != NULL)
 		{
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
 		strcpy(buf,value);
 		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
@@ -1157,7 +1391,15 @@ start:
 	else
 		{
 		buf[0]='\0';
-		fgets(buf,1024,stdin);
+		if (!batch)
+			{
+			fgets(buf,sizeof buf,stdin);
+			}
+		else
+			{
+			buf[0] = '\n';
+			buf[1] = '\0';
+			}
 		}
 
 	if (buf[0] == '\0') return(0);
@@ -1177,12 +1419,11 @@ start:
 		return(0);
 		}
 	buf[--i]='\0';
-
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, min, max)) goto start;
-	if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
+	if(!req_check_len(i, n_min, n_max)) goto start;
+	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
 				(unsigned char *) buf, -1,-1,0)) goto err;
 	ret=1;
 err:
@@ -1190,17 +1431,18 @@ err:
 	}
 
 static int add_attribute_object(X509_REQ *req, char *text,
-				char *def, char *value, int nid, int min,
-				int max)
+				char *def, char *value, int nid, int n_min,
+				int n_max, unsigned long chtype)
 	{
 	int i;
 	static char buf[1024];
 
 start:
-	BIO_printf(bio_err,"%s [%s]:",text,def);
+	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
 		strcpy(buf,value);
 		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
@@ -1208,7 +1450,15 @@ start:
 	else
 		{
 		buf[0]='\0';
-		fgets(buf,1024,stdin);
+		if (!batch)
+			{
+			fgets(buf,sizeof buf,stdin);
+			}
+		else
+			{
+			buf[0] = '\n';
+			buf[1] = '\0';
+			}
 		}
 
 	if (buf[0] == '\0') return(0);
@@ -1231,9 +1481,9 @@ start:
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, min, max)) goto start;
+	if(!req_check_len(i, n_min, n_max)) goto start;
 
-	if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
+	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
 					(unsigned char *)buf, -1)) {
 		BIO_printf(bio_err, "Error adding attribute\n");
 		ERR_print_errors(bio_err);
@@ -1245,7 +1495,7 @@ err:
 	return(0);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';
@@ -1262,16 +1512,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	}
 #endif
 
-static int req_check_len(int len, int min, int max)
+static int req_check_len(int len, int n_min, int n_max)
 	{
-	if (len < min)
+	if ((n_min > 0) && (len < n_min))
 		{
-		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
 		return(0);
 		}
-	if ((max != 0) && (len > max))
+	if ((n_max >= 0) && (len > n_max))
 		{
-		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",max);
+		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",n_max);
 		return(0);
 		}
 	return(1);
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index b4b0651..aebec74 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -79,6 +79,9 @@
  * -des		- encrypt output if PEM format with DES in cbc mode
  * -des3	- encrypt output if PEM format
  * -idea	- encrypt output if PEM format
+ * -aes128	- encrypt output if PEM format
+ * -aes192	- encrypt output if PEM format
+ * -aes256	- encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the RSA key modulus
  * -check	- verify key consistency
@@ -90,16 +93,18 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
 	const EVP_CIPHER *enc=NULL;
-	BIO *in=NULL,*out=NULL;
+	BIO *out=NULL;
 	int informat,outformat,text=0,check=0,noout=0;
 	int pubin = 0, pubout = 0;
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
+	char *engine=NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -108,6 +113,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -148,6 +156,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -186,20 +199,27 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
 		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -210,69 +230,29 @@ bad:
 		goto end;
 	}
 
-	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
 
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
+	{
+		EVP_PKEY	*pkey;
 
-	BIO_printf(bio_err,"read RSA key\n");
-	if	(informat == FORMAT_ASN1) {
-		if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
-		else rsa=d2i_RSAPrivateKey_bio(in,NULL);
-	}
-#ifndef NO_RC4
-	else if (informat == FORMAT_NETSCAPE)
-		{
-		BUF_MEM *buf=NULL;
-		unsigned char *p;
-		int size=0;
+		if (pubin)
+			pkey = load_pubkey(bio_err, infile,
+				(informat == FORMAT_NETSCAPE && sgckey ?
+					FORMAT_IISSGC : informat), 1,
+				passin, e, "Public Key");
+		else
+			pkey = load_key(bio_err, infile,
+				(informat == FORMAT_NETSCAPE && sgckey ?
+					FORMAT_IISSGC : informat), 1,
+				passin, e, "Private Key");
 
-		buf=BUF_MEM_new();
-		for (;;)
-			{
-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-				goto end;
-			i=BIO_read(in,&(buf->data[size]),1024*10);
-			size+=i;
-			if (i == 0) break;
-			if (i < 0)
-				{
-				perror("reading private key");
-				BUF_MEM_free(buf);
-				goto end;
-				}
-			}
-		p=(unsigned char *)buf->data;
-		rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
-		BUF_MEM_free(buf);
-		}
-#endif
-	else if (informat == FORMAT_PEM) {
-		if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
-		else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
+		if (pkey != NULL)
+		rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+		EVP_PKEY_free(pkey);
 	}
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key\n");
-		goto end;
-		}
+
 	if (rsa == NULL)
 		{
-		BIO_printf(bio_err,"unable to load key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@@ -280,7 +260,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -319,14 +299,14 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			long e;
+			long err;
 
-			while ((e = ERR_peek_error()) != 0 &&
-				ERR_GET_LIB(e) == ERR_LIB_RSA &&
-				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
-				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+			while ((err = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(err) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
 				{
-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
@@ -348,7 +328,7 @@ bad:
 		if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
 		else i=i2d_RSAPrivateKey_bio(out,rsa);
 	}
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	else if (outformat == FORMAT_NETSCAPE)
 		{
 		unsigned char *p,*pp;
@@ -384,14 +364,14 @@ bad:
 	else
 		ret=0;
 end:
-	if(in != NULL) BIO_free(in);
 	if(out != NULL) BIO_free_all(out);
 	if(rsa != NULL) RSA_free(rsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c
index de231b0..36957e5 100644
--- a/crypto/openssl/apps/rsautl.c
+++ b/crypto/openssl/apps/rsautl.c
@@ -56,7 +56,7 @@
  *
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 
 #include "apps.h"
 #include <string.h>
@@ -82,8 +82,10 @@ int MAIN(int argc, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
+	char *engine = NULL;
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -102,6 +104,9 @@ int MAIN(int argc, char **argv)
 	argv++;
 
 	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	pad = RSA_PKCS1_PADDING;
@@ -117,6 +122,12 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
+		} else if (strcmp(*argv,"-keyform") == 0) {
+			if (--argc < 1) badarg = 1;
+			keyform=str2fmt(*(++argv));
+		} else if(!strcmp(*argv, "-engine")) {
+			if (--argc < 1) badarg = 1;
+			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -151,20 +162,25 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+        e = setup_engine(bio_err, engine, 0);
+
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	
 	switch(key_type) {
 		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL);
+		pkey = load_key(bio_err, keyfile, keyform, 0,
+			NULL, e, "Private Key");
 		break;
 
 		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform);
+		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+			NULL, e, "Public Key");
 		break;
 
 		case KEY_CERT:
-		x = load_cert(bio_err, keyfile, keyform);
+		x = load_cert(bio_err, keyfile, keyform,
+			NULL, e, "Certificate");
 		if(x) {
 			pkey = X509_get_pubkey(x);
 			X509_free(x);
@@ -173,7 +189,6 @@ int MAIN(int argc, char **argv)
 	}
 
 	if(!pkey) {
-		BIO_printf(bio_err, "Error loading key\n");
 		return 1;
 	}
 
@@ -203,7 +218,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
@@ -278,6 +293,7 @@ static void usage()
 	BIO_printf(bio_err, "-in file        input file\n");
 	BIO_printf(bio_err, "-out file       output file\n");
 	BIO_printf(bio_err, "-inkey file     input key\n");
+	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
@@ -289,6 +305,8 @@ static void usage()
 	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
+
 }
 
 #endif
diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h
index 57af7c0..ff18a72 100644
--- a/crypto/openssl/apps/s_apps.h
+++ b/crypto/openssl/apps/s_apps.h
@@ -55,9 +55,64 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <sys/types.h>
-#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
 /* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
 #define MAX_NOFILE	32
@@ -87,13 +142,9 @@ typedef fd_mask fd_set;
 int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#else
-int MS_CALLBACK verify_callback(int ok, char *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-#else
-int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
 #endif
 int init_client(int *sock, char *server, int port);
 int should_retry(int i);
@@ -104,8 +155,6 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H
-void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
-#else
-void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
 #endif
-
diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
index fd62259..675527d 100644
--- a/crypto/openssl/apps/s_cb.c
+++ b/crypto/openssl/apps/s_cb.c
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -81,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	err=	X509_STORE_CTX_get_error(ctx);
 	depth=	X509_STORE_CTX_get_error_depth(ctx);
 
-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
 	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
 	if (!ok)
 		{
@@ -101,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	switch (ctx->error)
 		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
 		BIO_printf(bio_err,"issuer= %s\n",buf);
 		break;
 	case X509_V_ERR_CERT_NOT_YET_VALID:
@@ -200,7 +253,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
 	return(ret);
 	}
 
-void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
 	{
 	char *str;
 	int w;
@@ -236,3 +289,261 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
 		}
 	}
 
+
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+	{
+	BIO *bio = arg;
+	const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
+	
+	str_write_p = write_p ? ">>>" : "<<<";
+
+	switch (version)
+		{
+	case SSL2_VERSION:
+		str_version = "SSL 2.0";
+		break;
+	case SSL3_VERSION:
+		str_version = "SSL 3.0 ";
+		break;
+	case TLS1_VERSION:
+		str_version = "TLS 1.0 ";
+		break;
+	default:
+		str_version = "???";
+		}
+
+	if (version == SSL2_VERSION)
+		{
+		str_details1 = "???";
+
+		if (len > 0)
+			{
+			switch (((unsigned char*)buf)[0])
+				{
+				case 0:
+					str_details1 = ", ERROR:";
+					str_details2 = " ???";
+					if (len >= 3)
+						{
+						unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
+						
+						switch (err)
+							{
+						case 0x0001:
+							str_details2 = " NO-CIPHER-ERROR";
+							break;
+						case 0x0002:
+							str_details2 = " NO-CERTIFICATE-ERROR";
+							break;
+						case 0x0004:
+							str_details2 = " BAD-CERTIFICATE-ERROR";
+							break;
+						case 0x0006:
+							str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
+							break;
+							}
+						}
+
+					break;
+				case 1:
+					str_details1 = ", CLIENT-HELLO";
+					break;
+				case 2:
+					str_details1 = ", CLIENT-MASTER-KEY";
+					break;
+				case 3:
+					str_details1 = ", CLIENT-FINISHED";
+					break;
+				case 4:
+					str_details1 = ", SERVER-HELLO";
+					break;
+				case 5:
+					str_details1 = ", SERVER-VERIFY";
+					break;
+				case 6:
+					str_details1 = ", SERVER-FINISHED";
+					break;
+				case 7:
+					str_details1 = ", REQUEST-CERTIFICATE";
+					break;
+				case 8:
+					str_details1 = ", CLIENT-CERTIFICATE";
+					break;
+				}
+			}
+		}
+
+	if (version == SSL3_VERSION || version == TLS1_VERSION)
+		{
+		switch (content_type)
+			{
+		case 20:
+			str_content_type = "ChangeCipherSpec";
+			break;
+		case 21:
+			str_content_type = "Alert";
+			break;
+		case 22:
+			str_content_type = "Handshake";
+			break;
+			}
+
+		if (content_type == 21) /* Alert */
+			{
+			str_details1 = ", ???";
+			
+			if (len == 2)
+				{
+				switch (((unsigned char*)buf)[0])
+					{
+				case 1:
+					str_details1 = ", warning";
+					break;
+				case 2:
+					str_details1 = ", fatal";
+					break;
+					}
+
+				str_details2 = " ???";
+				switch (((unsigned char*)buf)[1])
+					{
+				case 0:
+					str_details2 = " close_notify";
+					break;
+				case 10:
+					str_details2 = " unexpected_message";
+					break;
+				case 20:
+					str_details2 = " bad_record_mac";
+					break;
+				case 21:
+					str_details2 = " decryption_failed";
+					break;
+				case 22:
+					str_details2 = " record_overflow";
+					break;
+				case 30:
+					str_details2 = " decompression_failure";
+					break;
+				case 40:
+					str_details2 = " handshake_failure";
+					break;
+				case 42:
+					str_details2 = " bad_certificate";
+					break;
+				case 43:
+					str_details2 = " unsupported_certificate";
+					break;
+				case 44:
+					str_details2 = " certificate_revoked";
+					break;
+				case 45:
+					str_details2 = " certificate_expired";
+					break;
+				case 46:
+					str_details2 = " certificate_unknown";
+					break;
+				case 47:
+					str_details2 = " illegal_parameter";
+					break;
+				case 48:
+					str_details2 = " unknown_ca";
+					break;
+				case 49:
+					str_details2 = " access_denied";
+					break;
+				case 50:
+					str_details2 = " decode_error";
+					break;
+				case 51:
+					str_details2 = " decrypt_error";
+					break;
+				case 60:
+					str_details2 = " export_restriction";
+					break;
+				case 70:
+					str_details2 = " protocol_version";
+					break;
+				case 71:
+					str_details2 = " insufficient_security";
+					break;
+				case 80:
+					str_details2 = " internal_error";
+					break;
+				case 90:
+					str_details2 = " user_canceled";
+					break;
+				case 100:
+					str_details2 = " no_renegotiation";
+					break;
+					}
+				}
+			}
+		
+		if (content_type == 22) /* Handshake */
+			{
+			str_details1 = "???";
+
+			if (len > 0)
+				{
+				switch (((unsigned char*)buf)[0])
+					{
+				case 0:
+					str_details1 = ", HelloRequest";
+					break;
+				case 1:
+					str_details1 = ", ClientHello";
+					break;
+				case 2:
+					str_details1 = ", ServerHello";
+					break;
+				case 11:
+					str_details1 = ", Certificate";
+					break;
+				case 12:
+					str_details1 = ", ServerKeyExchange";
+					break;
+				case 13:
+					str_details1 = ", CertificateRequest";
+					break;
+				case 14:
+					str_details1 = ", ServerHelloDone";
+					break;
+				case 15:
+					str_details1 = ", CertificateVerify";
+					break;
+				case 16:
+					str_details1 = ", ClientKeyExchange";
+					break;
+				case 20:
+					str_details1 = ", Finished";
+					break;
+					}
+				}
+			}
+		}
+
+	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
+
+	if (len > 0)
+		{
+		size_t num, i;
+		
+		BIO_printf(bio, "   ");
+		num = len;
+#if 0
+		if (num > 16)
+			num = 16;
+#endif
+		for (i = 0; i < num; i++)
+			{
+			if (i % 16 == 0 && i > 0)
+				BIO_printf(bio, "\n   ");
+			BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
+			}
+		if (i < len)
+			BIO_printf(bio, " ...");
+		BIO_printf(bio, "\n");
+		}
+	BIO_flush(bio);
+	}
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index 9cfe2b1..738588c 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -55,12 +55,66 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 
@@ -68,7 +122,7 @@
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
    is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -82,12 +136,20 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 #include <conio.h>
 #endif
 
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
 
-#if (defined(VMS) && __VMS_VER < 70000000)
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
@@ -112,6 +174,7 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_msg=0;
 static int c_showcerts=0;
 
 static void sc_usage(void);
@@ -138,6 +201,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
+	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
 #ifdef FIONBIO
@@ -151,8 +215,14 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
+	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
+	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
+	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
+	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
+	BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 
 	}
@@ -163,8 +233,9 @@ int MAIN(int argc, char **argv)
 	{
 	int off=0;
 	SSL *con=NULL,*con2=NULL;
+	X509_STORE *store = NULL;
 	int s,k,width,state=0;
-	char *cbuf=NULL,*sbuf=NULL;
+	char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
@@ -178,19 +249,22 @@ int MAIN(int argc, char **argv)
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int prexit = 0;
+	int smtp_starttls = 0;
+	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
-#ifdef WINDOWS
+	char *engine_id=NULL;
+	ENGINE *e=NULL;
+#ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_client_method();
 #endif
 
@@ -199,13 +273,18 @@ int MAIN(int argc, char **argv)
 	c_quiet=0;
 	c_ign_eof=0;
 	c_debug=0;
+	c_msg=0;
 	c_showcerts=0;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
-		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
+		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -250,6 +329,10 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-crl_check") == 0)
+			vflags |= X509_V_FLAG_CRL_CHECK;
+		else if	(strcmp(*argv,"-crl_check_all") == 0)
+			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 		else if	(strcmp(*argv,"-prexit") == 0)
 			prexit=1;
 		else if	(strcmp(*argv,"-crlf") == 0)
@@ -265,21 +348,23 @@ int MAIN(int argc, char **argv)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-msg") == 0)
+			c_msg=1;
 		else if	(strcmp(*argv,"-showcerts") == 0)
 			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
 			state=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -310,6 +395,8 @@ int MAIN(int argc, char **argv)
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
+		else if (strcmp(*argv,"-serverpref") == 0)
+			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -319,6 +406,20 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
+		else if	(strcmp(*argv,"-starttls") == 0)
+			{
+			if (--argc < 1) goto bad;
+			++argv;
+			if (strcmp(*argv,"smtp") == 0)
+				smtp_starttls = 1;
+			else
+				goto bad;
+			}
+		else if	(strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id = *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -340,6 +441,11 @@ bad:
 		goto end;
 		}
 
+	OpenSSL_add_ssl_algorithms();
+	SSL_load_error_strings();
+
+        e = setup_engine(bio_err, engine_id, 1);
+
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
 		{
@@ -351,7 +457,7 @@ bad:
 
 	if (bio_c_out == NULL)
 		{
-		if (c_quiet)
+		if (c_quiet && !c_debug && !c_msg)
 			{
 			bio_c_out=BIO_new(BIO_s_null());
 			}
@@ -362,8 +468,6 @@ bad:
 			}
 		}
 
-	OpenSSL_add_ssl_algorithms();
-	SSL_load_error_strings();
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -400,8 +504,16 @@ bad:
 		/* goto end; */
 		}
 
+	store = SSL_CTX_get_cert_store(ctx);
+	X509_STORE_set_flags(store, vflags);
 
 	con=SSL_new(ctx);
+#ifndef OPENSSL_NO_KRB5
+	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
+                {
+                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
+		}
+#endif	/* OPENSSL_NO_KRB5  */
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
@@ -443,6 +555,11 @@ re_start:
 		BIO_set_callback(sbio,bio_dump_cb);
 		BIO_set_callback_arg(sbio,bio_c_out);
 		}
+	if (c_msg)
+		{
+		SSL_set_msg_callback(con, msg_cb);
+		SSL_set_msg_callback_arg(con, bio_c_out);
+		}
 
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_connect_state(con);
@@ -461,6 +578,14 @@ re_start:
 	sbuf_len=0;
 	sbuf_off=0;
 
+	/* This is an ugly hack that does a lot of assumptions */
+	if (smtp_starttls)
+		{
+		BIO_read(sbio,mbuf,BUFSIZZ);
+		BIO_printf(sbio,"STARTTLS\r\n");
+		BIO_read(sbio,sbuf,BUFSIZZ);
+		}
+
 	for (;;)
 		{
 		FD_ZERO(&readfds);
@@ -480,6 +605,13 @@ re_start:
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
 
+				if (smtp_starttls)
+					{
+					BIO_printf(bio_err,"%s",mbuf);
+					/* We don't need to know any more */
+					smtp_starttls = 0;
+					}
+
 				if (reconnect)
 					{
 					reconnect--;
@@ -496,7 +628,7 @@ re_start:
 
 		if (!ssl_pending)
 			{
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
 			if (tty_on)
 				{
 				if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -523,7 +655,7 @@ re_start:
 			 * will choke the compiler: if you do have a cast then
 			 * you can either go for (int *) or (void *).
 			 */
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 			/* Under Windows we make the assumption that we can
 			 * always write to the tty: therefore if we need to
 			 * write to the tty we just fall through. Otherwise
@@ -538,7 +670,11 @@ re_start:
 					tv.tv_usec = 0;
 					i=select(width,(void *)&readfds,(void *)&writefds,
 						 NULL,&tv);
+#ifdef OPENSSL_SYS_WINCE
+					if(!i && (!_kbhit() || !read_tty) ) continue;
+#else
 					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
+#endif
 				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
 					 NULL,NULL);
 			}
@@ -622,8 +758,8 @@ re_start:
 				goto shut;
 				}
 			}
-#ifdef WINDOWS
-		/* Assume Windows can always write */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+		/* Assume Windows/DOS can always write */
 		else if (!ssl_pending && write_tty)
 #else
 		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
@@ -703,8 +839,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				}
 			}
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINCE
+		else if (_kbhit())
+#else
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
+#endif
 #else
 		else if (FD_ISSET(fileno(stdin),&readfds))
 #endif
@@ -768,14 +908,16 @@ end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 
@@ -804,10 +946,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 			for (i=0; i<sk_X509_num(sk); i++)
 				{
 				X509_NAME_oneline(X509_get_subject_name(
-					sk_X509_value(sk,i)),buf,BUFSIZ);
+					sk_X509_value(sk,i)),buf,sizeof buf);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
 				X509_NAME_oneline(X509_get_issuer_name(
-					sk_X509_value(sk,i)),buf,BUFSIZ);
+					sk_X509_value(sk,i)),buf,sizeof buf);
 				BIO_printf(bio,"   i:%s\n",buf);
 				if (c_showcerts)
 					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
@@ -822,10 +964,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
 				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
-				buf,BUFSIZ);
+				buf,sizeof buf);
 			BIO_printf(bio,"subject=%s\n",buf);
 			X509_NAME_oneline(X509_get_issuer_name(peer),
-				buf,BUFSIZ);
+				buf,sizeof buf);
 			BIO_printf(bio,"issuer=%s\n",buf);
 			}
 		else
@@ -847,7 +989,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 			{
 			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
 			}
-		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+		p=SSL_get_shared_ciphers(s,buf,sizeof buf);
 		if (p != NULL)
 			{
 			/* This works only for SSL 2.  In later protocol
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 624dfb5..44886c5 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <assert.h>
 #include <stdio.h>
@@ -62,7 +115,8 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef NO_STDIO
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 
@@ -70,7 +124,7 @@
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
    is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -86,16 +140,24 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 #include <conio.h>
 #endif
 
-#if (defined(VMS) && __VMS_VER < 70000000)
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
 static int sv_body(char *hostname, int s, unsigned char *context);
@@ -104,7 +166,9 @@ static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
-#ifndef NO_DH
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len);
+#ifndef OPENSSL_NO_DH
 static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
@@ -120,7 +184,7 @@ static void s_server_init(void);
 # endif
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -174,9 +238,12 @@ static int www=0;
 
 static BIO *bio_s_out=NULL;
 static int s_debug=0;
+static int s_msg=0;
 static int s_quiet=0;
 
 static int hack=0;
+static char *engine_id=NULL;
+static const char *session_id_prefix=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -197,8 +264,10 @@ static void s_server_init(void)
 
 	bio_s_out=NULL;
 	s_debug=0;
+	s_msg=0;
 	s_quiet=0;
 	hack=0;
+	engine_id=NULL;
 	}
 #endif
 
@@ -224,11 +293,13 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
 	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -debug        - Print more output\n");
+	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -state        - Print the SSL states\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
 	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -237,12 +308,16 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
 #endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
 
@@ -253,10 +328,10 @@ static char **local_argv;
 static int ebcdic_new(BIO *bi);
 static int ebcdic_free(BIO *a);
 static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
 static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, char *str);
+static int ebcdic_puts(BIO *bp, const char *str);
 
 #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
 static BIO_METHOD methods_ebcdic=
@@ -321,7 +396,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
 	return(ret);
 }
 
-static int ebcdic_write(BIO *b, char *in, int inl)
+static int ebcdic_write(BIO *b, const char *in, int inl)
 {
 	EBCDIC_OUTBUFF *wbuf;
 	int ret=0;
@@ -354,7 +429,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
 	return(ret);
 }
 
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
 	long ret;
 
@@ -373,7 +448,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
 
 static int ebcdic_gets(BIO *bp, char *buf, int size)
 {
-	int i, ret;
+	int i, ret=0;
 	if (bp->next_bio == NULL) return(0);
 /*	return(BIO_gets(bp->next_bio,buf,size));*/
 	for (i=0; i<size-1; ++i)
@@ -392,7 +467,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
 	return (ret < 0 && i == 0) ? ret : i;
 }
 
-static int ebcdic_puts(BIO *bp, char *str)
+static int ebcdic_puts(BIO *bp, const char *str)
 {
 	if (bp->next_bio == NULL) return(0);
 	return ebcdic_write(bp, str, strlen(str));
@@ -403,6 +478,8 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char *argv[])
 	{
+	X509_STORE *store = NULL;
+	int vflags = 0;
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
 	char *context = NULL;
@@ -413,16 +490,14 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+	ENGINE *e=NULL;
 	char *inrand=NULL;
-#ifndef NO_DH
-	DH *dh=NULL;
-#endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
 
@@ -437,6 +512,9 @@ int MAIN(int argc, char *argv[])
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	verify_depth=0;
 #ifdef FIONBIO
 	s_nbio=0;
@@ -509,6 +587,16 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
+		else if (strcmp(*argv,"-crl_check") == 0)
+			{
+			vflags |= X509_V_FLAG_CRL_CHECK;
+			}
+		else if (strcmp(*argv,"-crl_check") == 0)
+			{
+			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+			}
+		else if	(strcmp(*argv,"-serverpref") == 0)
+			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -532,6 +620,8 @@ int MAIN(int argc, char *argv[])
 			}
 		else if	(strcmp(*argv,"-debug") == 0)
 			{ s_debug=1; }
+		else if	(strcmp(*argv,"-msg") == 0)
+			{ s_msg=1; }
 		else if	(strcmp(*argv,"-hack") == 0)
 			{ hack=1; }
 		else if	(strcmp(*argv,"-state") == 0)
@@ -550,24 +640,36 @@ int MAIN(int argc, char *argv[])
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
+		else if	(strcmp(*argv,"-HTTP") == 0)
+			{ www=3; }
 		else if	(strcmp(*argv,"-no_ssl2") == 0)
 			{ off|=SSL_OP_NO_SSLv2; }
 		else if	(strcmp(*argv,"-no_ssl3") == 0)
 			{ off|=SSL_OP_NO_SSLv3; }
 		else if	(strcmp(*argv,"-no_tls1") == 0)
 			{ off|=SSL_OP_NO_TLSv1; }
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
+		else if (strcmp(*argv, "-id_prefix") == 0)
+			{
+			if (--argc < 1) goto bad;
+			session_id_prefix = *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -589,6 +691,11 @@ bad:
 		goto end;
 		}
 
+	SSL_load_error_strings();
+	OpenSSL_add_ssl_algorithms();
+
+        e = setup_engine(bio_err, engine_id, 1);
+
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
 		{
@@ -600,7 +707,7 @@ bad:
 
 	if (bio_s_out == NULL)
 		{
-		if (s_quiet && !s_debug)
+		if (s_quiet && !s_debug && !s_msg)
 			{
 			bio_s_out=BIO_new(BIO_s_null());
 			}
@@ -611,7 +718,7 @@ bad:
 			}
 		}
 
-#if !defined(NO_RSA) || !defined(NO_DSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
 	if (nocert)
 #endif
 		{
@@ -621,21 +728,32 @@ bad:
 		s_dkey_file=NULL;
 		}
 
-	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-
+	if (session_id_prefix)
+		{
+		if(strlen(session_id_prefix) >= 32)
+			BIO_printf(bio_err,
+"warning: id_prefix is too long, only one new session will be possible\n");
+		else if(strlen(session_id_prefix) >= 16)
+			BIO_printf(bio_err,
+"warning: id_prefix is too long if you use SSLv2\n");
+		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
+			{
+			BIO_printf(bio_err,"error setting 'id_prefix'\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
+		}
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
 	SSL_CTX_set_options(ctx,off);
-	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 
@@ -660,11 +778,19 @@ bad:
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
+	store = SSL_CTX_get_cert_store(ctx);
+	X509_STORE_set_flags(store, vflags);
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (!no_dhe)
 		{
-		dh=load_dh_param(dhfile ? dhfile : s_cert_file);
+		DH *dh=NULL;
+
+		if (dhfile)
+			dh = load_dh_param(dhfile);
+		else if (s_cert_file)
+			dh = load_dh_param(s_cert_file);
+
 		if (dh != NULL)
 			{
 			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -689,7 +815,7 @@ bad:
 			goto end;
 		}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #if 1
 	if (!no_tmp_rsa)
 		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -741,7 +867,8 @@ end:
 		BIO_free(bio_s_out);
 		bio_s_out=NULL;
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
@@ -778,7 +905,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
 
@@ -801,6 +928,15 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 
 	if (con == NULL) {
 		con=SSL_new(ctx);
+#ifndef OPENSSL_NO_KRB5
+		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+                        {
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
+								KRB5SVC);
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
+								KRB5KEYTAB);
+                        }
+#endif	/* OPENSSL_NO_KRB5 */
 		if(context)
 		      SSL_set_session_id_context(con, context,
 						 strlen((char *)context));
@@ -825,6 +961,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
 		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
 		}
+	if (s_msg)
+		{
+		SSL_set_msg_callback(con, msg_cb);
+		SSL_set_msg_callback_arg(con, bio_s_out);
+		}
 
 	width=s+1;
 	for (;;)
@@ -838,7 +979,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (!read_from_sslcon)
 			{
 			FD_ZERO(&readfds);
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
 			FD_SET(fileno(stdin),&readfds);
 #endif
 			FD_SET(s,&readfds);
@@ -848,7 +989,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			 * the compiler: if you do have a cast then you can either
 			 * go for (int *) or (void *).
 			 */
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 			/* Under Windows we can't select on stdin: only
 			 * on sockets. As a workaround we timeout the select every
 			 * second and check for any keypress. In a proper Windows
@@ -1043,7 +1184,7 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,bufsize);
+		OPENSSL_cleanse(buf,bufsize);
 		OPENSSL_free(buf);
 		}
 	if (ret >= 0)
@@ -1095,14 +1236,14 @@ static int init_ssl_connection(SSL *con)
 		{
 		BIO_printf(bio_s_out,"Client certificate\n");
 		PEM_write_bio_X509(bio_s_out,peer);
-		X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+		X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
 		BIO_printf(bio_s_out,"subject=%s\n",buf);
-		X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+		X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
 		BIO_printf(bio_s_out,"issuer=%s\n",buf);
 		X509_free(peer);
 		}
 
-	if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
 		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
@@ -1114,7 +1255,7 @@ static int init_ssl_connection(SSL *con)
 	return(1);
 	}
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 static DH *load_dh_param(char *dhfile)
 	{
 	DH *ret=NULL;
@@ -1183,6 +1324,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
 	if ((con=SSL_new(ctx)) == NULL) goto err;
+#ifndef OPENSSL_NO_KRB5
+	if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+		{
+		kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+		kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+		}
+#endif	/* OPENSSL_NO_KRB5 */
 	if(context) SSL_set_session_id_context(con, context,
 					       strlen((char *)context));
 
@@ -1210,6 +1358,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 		BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
 		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
 		}
+	if (s_msg)
+		{
+		SSL_set_msg_callback(con, msg_cb);
+		SSL_set_msg_callback_arg(con, bio_s_out);
+		}
 
 	blank=0;
 	for (;;)
@@ -1250,7 +1403,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			else
 				{
 				BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
 				sleep(1);
 #endif
 				continue;
@@ -1344,7 +1497,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
-		else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
+		else if ((www == 2 || www == 3)
+                         && (strncmp("GET /",buf,5) == 0))
 			{
 			BIO *file;
 			char *p,*e;
@@ -1434,13 +1588,16 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			if (!s_quiet)
 				BIO_printf(bio_err,"FILE:%s\n",p);
 
-			i=strlen(p);
-			if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
-				((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
-				((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
-				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-			else
-				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+                        if (www == 2)
+                                {
+                                i=strlen(p);
+                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                                else
+                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+                                }
 			/* send the file */
 			total_bytes=0;
 			for (;;)
@@ -1518,7 +1675,7 @@ err:
 	return(ret);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
@@ -1540,3 +1697,26 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	return(rsa_tmp);
 	}
 #endif
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len)
+	{
+	unsigned int count = 0;
+	do	{
+		RAND_pseudo_bytes(id, *id_len);
+		/* Prefix the session_id with the required prefix. NB: If our
+		 * prefix is too long, clip it - but there will be worse effects
+		 * anyway, eg. the server could only possibly create 1 session
+		 * ID (ie. the prefix!) so all future session negotiations will
+		 * fail due to conflicts. */
+		memcpy(id, session_id_prefix,
+			(strlen(session_id_prefix) < *id_len) ?
+			strlen(session_id_prefix) : *id_len);
+		}
+	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+		(++count < MAX_SESSION_ID_ATTEMPTS));
+	if(count >= MAX_SESSION_ID_ATTEMPTS)
+		return 0;
+	return 1;
+	}
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index 9812e6d..a88de6c 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -62,11 +62,13 @@
 #include <errno.h>
 #include <signal.h>
 
+#include <openssl/e_os2.h>
+
 /* With IPv6, it looks like Digital has mixed up the proper order of
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
    is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -80,27 +82,27 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 
 static struct hostent *GetHostByName(char *name);
-#ifdef WINDOWS
-static void sock_cleanup(void);
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void);
 #endif
-static int sock_init(void);
+static int ssl_sock_init(void);
 static int init_client_ip(int *sock,unsigned char ip[4], int port);
 static int init_server(int *sock, int port);
 static int init_server_long(int *sock, int port,char *ip);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 static struct WSAData wsa_state;
 static int wsa_init_done=0;
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 static HWND topWnd=0;
 static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
@@ -116,7 +118,7 @@ static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
 		case WM_DESTROY:
 		case WM_CLOSE:
 			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
-			sock_cleanup();
+			ssl_sock_cleanup();
 			break;
 			}
 		}
@@ -129,30 +131,38 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 	return(FALSE);
 	}
 
-#endif /* WIN32 */
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WIN32 */
+#endif /* OPENSSL_SYS_WINDOWS */
 
-#ifdef WINDOWS
-static void sock_cleanup(void)
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void)
 	{
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
 		WSACancelBlockingCall();
+#endif
 		WSACleanup();
 		}
 	}
 #endif
 
-static int sock_init(void)
+static int ssl_sock_init(void)
 	{
-#ifdef WINDOWS
+#ifdef WATT32
+	extern int _watt_do_exit;
+	_watt_do_exit = 0;
+	dbug_init();
+	if (sock_init())
+		return (0);
+#elif defined(OPENSSL_SYS_WINDOWS)
 	if (!wsa_init_done)
 		{
 		int err;
 	  
 #ifdef SIGINT
-		signal(SIGINT,(void (*)(int))sock_cleanup);
+		signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
 #endif
 		wsa_init_done=1;
 		memset(&wsa_state,0,sizeof(wsa_state));
@@ -163,15 +173,15 @@ static int sock_init(void)
 			return(0);
 			}
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
 		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
 
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* WIN16 */
+#endif /* OPENSSL_SYS_WIN16 */
 		}
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WINDOWS */
 	return(1);
 	}
 
@@ -194,7 +204,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	struct sockaddr_in them;
 	int s,i;
 
-	if (!sock_init()) return(0);
+	if (!ssl_sock_init()) return(0);
 
 	memset((char *)&them,0,sizeof(them));
 	them.sin_family=AF_INET;
@@ -209,7 +219,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 
-#ifndef MPE
+#ifndef OPENSSL_SYS_MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
@@ -259,7 +269,7 @@ static int init_server_long(int *sock, int port, char *ip)
 	struct sockaddr_in server;
 	int s= -1,i;
 
-	if (!sock_init()) return(0);
+	if (!ssl_sock_init()) return(0);
 
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -285,7 +295,7 @@ static int init_server_long(int *sock, int port, char *ip)
 #endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
 		perror("bind");
 #endif
 		goto err;
@@ -316,9 +326,9 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	int len;
 /*	struct linger ling; */
 
-	if (!sock_init()) return(0);
+	if (!ssl_sock_init()) return(0);
 
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
 redoit:
 #endif
 
@@ -332,7 +342,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
@@ -446,7 +456,7 @@ static int host_ip(char *str, unsigned char ip[4])
 		{ /* do a gethostbyname */
 		struct hostent *he;
 
-		if (!sock_init()) return(0);
+		if (!ssl_sock_init()) return(0);
 
 		he=GetHostByName(str);
 		if (he == NULL)
@@ -527,9 +537,12 @@ static struct hostent *GetHostByName(char *name)
 		ret=gethostbyname(name);
 		if (ret == NULL) return(NULL);
 		/* else add to cache */
-		strncpy(ghbn_cache[lowi].name,name,128);
-		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
-		ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+		if(strlen(name) < sizeof ghbn_cache[0].name)
+			{
+			strcpy(ghbn_cache[lowi].name,name);
+			memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+			ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+			}
 		return(ret);
 		}
 	else
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index 2d8e2b2..1ad16cd 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -67,22 +67,25 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef NO_STDIO
+#define USE_SOCKETS
+#include "apps.h"
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
-#define USE_SOCKETS
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/pem.h>
-#include "apps.h"
 #include "s_apps.h"
 #include <openssl/err.h>
 #ifdef WIN32_STUFF
 #include "winmain.h"
 #include "wintext.h"
 #endif
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
 
-#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 #define TIMES
 #endif
 
@@ -98,18 +101,14 @@
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
-#if !defined(TIMES) && !defined(VXWORKS)
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
 #include <sys/timeb.h>
 #endif
 
-#ifdef _AIX
-#include <sys/select.h>
-#endif
-
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
@@ -119,11 +118,19 @@
 /* The following if from times(3) man page.  It may need to be changed
 */
 #ifndef HZ
-#ifndef CLK_TCK
-#define HZ      100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
+# ifdef _SC_CLK_TCK
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#    define HZ	100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
+#   endif
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
+#  endif
+# endif
 #endif
 
 #undef PROG
@@ -139,6 +146,8 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
 
+#define MYBUFSIZ 1024*8
+
 #undef min
 #undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
@@ -176,7 +185,7 @@ static int perform=0;
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
@@ -200,7 +209,7 @@ static void s_time_init(void)
 #ifdef FIONBIO
 	t_nbio=0;
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	exitNow = 0;		/* Set when it's time to exit main */
 #endif
 	}
@@ -313,14 +322,19 @@ static int parseArgs(int argc, char **argv)
 		{
 		if (--argc < 1) goto bad;
 		s_www_path= *(++argv);
+		if(strlen(s_www_path) > MYBUFSIZ-100)
+			{
+			BIO_printf(bio_err,"-www option too long\n");
+			badop=1;
+			}
 		}
 	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
 	    s_time_meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 	else if(strcmp(*argv,"-ssl3") == 0)
 	    s_time_meth=SSLv3_client_method();
 #endif
@@ -370,7 +384,7 @@ static double tm_Time_F(int s)
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
-#elif defined(VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
         {
 	static unsigned long tick_start, tick_end;
 
@@ -424,11 +438,11 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	s_time_meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	s_time_meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	s_time_meth=SSLv2_client_method();
 #endif
 
@@ -461,7 +475,6 @@ int MAIN(int argc, char **argv)
 
 	if (tm_cipher == NULL ) {
 		fprintf( stderr, "No CIPHER specified\n" );
-/*		EXIT(1); */
 	}
 
 	if (!(perform & 1)) goto next;
@@ -474,7 +487,7 @@ int MAIN(int argc, char **argv)
 	tm_Time_F(START);
 	for (;;)
 		{
-		if (finishtime < time(NULL)) break;
+		if (finishtime < (long)time(NULL)) break;
 #ifdef WIN32_STUFF
 
 		if( flushWinMsgs(0) == -1 )
@@ -525,9 +538,9 @@ int MAIN(int argc, char **argv)
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
 
-	i=(int)(time(NULL)-finishtime+maxTime);
+	i=(int)((long)time(NULL)-finishtime+maxTime);
 	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
 
 	/* Now loop and time connections using the same session id over and over */
 
@@ -559,7 +572,7 @@ next:
 	nConn = 0;
 	totalTime = 0.0;
 
-	finishtime=time(NULL)+maxTime;
+	finishtime=(long)time(NULL)+maxTime;
 
 	printf( "starting\n" );
 	bytes_read=0;
@@ -567,7 +580,7 @@ next:
 		
 	for (;;)
 		{
-		if (finishtime < time(NULL)) break;
+		if (finishtime < (long)time(NULL)) break;
 
 #ifdef WIN32_STUFF
 		if( flushWinMsgs(0) == -1 )
@@ -617,7 +630,7 @@ next:
 
 
 	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
 
 	ret=0;
 end:
@@ -628,7 +641,8 @@ end:
 		SSL_CTX_free(tm_ctx);
 		tm_ctx=NULL;
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 /***********************************************************************
diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c
index 60cc3f1..d91d84d 100644
--- a/crypto/openssl/apps/sess_id.c
+++ b/crypto/openssl/apps/sess_id.c
@@ -156,7 +156,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
@@ -208,7 +208,7 @@ bad:
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -272,7 +272,8 @@ bad:
 end:
 	if (out != NULL) BIO_free_all(out);
 	if (x != NULL) SSL_SESSION_free(x);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 static SSL_SESSION *load_sess_id(char *infile, int format)
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
index ebdac15..ef0e477 100644
--- a/crypto/openssl/apps/smime.c
+++ b/crypto/openssl/apps/smime.c
@@ -67,7 +67,6 @@
 
 #undef PROG
 #define PROG smime_main
-static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 
 #define SMIME_OP	0x10
@@ -81,6 +80,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
-	EVP_CIPHER *cipher = NULL;
+	const EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
 	X509_STORE *store = NULL;
 	X509 *cert = NULL, *recip = NULL, *signer = NULL;
@@ -96,30 +96,41 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *encerts = NULL, *other = NULL;
 	BIO *in = NULL, *out = NULL, *indata = NULL;
 	int badarg = 0;
-	int flags = PKCS7_DETACHED;
+	int flags = PKCS7_DETACHED, store_flags = 0;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL;
 	char *passargin = NULL, *passin = NULL;
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-	args = argv + 1;
+        int keyform = FORMAT_PEM;
+	char *engine=NULL;
 
+	args = argv + 1;
 	ret = 1;
 
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	while (!badarg && *args && *args[0] == '-') {
 		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
 		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
 		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
 		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
 		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-des")) 
 				cipher = EVP_des_cbc();
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 		else if (!strcmp (*args, "-rc2-40")) 
 				cipher = EVP_rc2_40_cbc();
 		else if (!strcmp (*args, "-rc2-128")) 
@@ -127,6 +138,14 @@ int MAIN(int argc, char **argv)
 		else if (!strcmp (*args, "-rc2-64")) 
 				cipher = EVP_rc2_64_cbc();
 #endif
+#ifndef OPENSSL_NO_AES
+		else if (!strcmp(*args,"-aes128"))
+				cipher = EVP_aes_128_cbc();
+		else if (!strcmp(*args,"-aes192"))
+				cipher = EVP_aes_192_cbc();
+		else if (!strcmp(*args,"-aes256"))
+				cipher = EVP_aes_256_cbc();
+#endif
 		else if (!strcmp (*args, "-text")) 
 				flags |= PKCS7_TEXT;
 		else if (!strcmp (*args, "-nointern")) 
@@ -147,12 +166,21 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
+		else if (!strcmp (*args, "-crl_check"))
+				store_flags |= X509_V_FLAG_CRL_CHECK;
+		else if (!strcmp (*args, "-crl_check_all"))
+				store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 		else if (!strcmp(*args,"-rand")) {
 			if (args[1]) {
 				args++;
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
+		} else if (!strcmp(*args,"-engine")) {
+			if (args[1]) {
+				args++;
+				engine = *args;
+			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -188,6 +216,11 @@ int MAIN(int argc, char **argv)
 				args++;
 				keyfile = *args;
 			} else badarg = 1;
+		} else if (!strcmp (*args, "-keyform")) {
+			if (args[1]) {
+				args++;
+				keyform = str2fmt(*args);
+			} else badarg = 1;
 		} else if (!strcmp (*args, "-certfile")) {
 			if (args[1]) {
 				args++;
@@ -259,15 +292,19 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-sign          sign message\n");
 		BIO_printf (bio_err, "-verify        verify signed message\n");
 		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
 		BIO_printf (bio_err, "-des           encrypt with DES\n");
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
 		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
 #endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
 		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
 		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
 		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
@@ -281,6 +318,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-in file       input file\n");
 		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
 		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
 		BIO_printf (bio_err, "-out file      output file\n");
 		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
 		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
@@ -290,6 +328,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
@@ -298,6 +339,8 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -324,7 +367,7 @@ int MAIN(int argc, char **argv)
 
 	if(operation == SMIME_ENCRYPT) {
 		if (!cipher) {
-#ifndef NO_RC2			
+#ifndef OPENSSL_NO_RC2			
 			cipher = EVP_rc2_40_cbc();
 #else
 			BIO_printf(bio_err, "No cipher selected\n");
@@ -333,8 +376,11 @@ int MAIN(int argc, char **argv)
 		}
 		encerts = sk_X509_new_null();
 		while (*args) {
-			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
+			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+				NULL, e, "recipient certificate file"))) {
+#if 0				/* An appropriate message is already printed */
 				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
 				goto end;
 			}
 			sk_X509_push(encerts, cert);
@@ -344,23 +390,32 @@ int MAIN(int argc, char **argv)
 	}
 
 	if(signerfile && (operation == SMIME_SIGN)) {
-		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
+		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+			e, "signer certificate"))) {
+#if 0			/* An appropri message has already been printed */
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+#endif
 			goto end;
 		}
 	}
 
 	if(certfile) {
-		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
+		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+			e, "certificate file"))) {
+#if 0			/* An appropriate message has already been printed */
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 	}
 
 	if(recipfile && (operation == SMIME_DECRYPT)) {
-		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
+		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+			e, "recipient certificate file"))) {
+#if 0			/* An appropriate message has alrady been printed */
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+#endif
 			ERR_print_errors(bio_err);
 			goto end;
 		}
@@ -373,11 +428,11 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;
 
 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
-			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
-			ERR_print_errors(bio_err);
+		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+			       "signing key file");
+		if (!key) {
 			goto end;
-		}
+                }
 	}
 
 	if (infile) {
@@ -396,7 +451,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
@@ -405,9 +460,11 @@ int MAIN(int argc, char **argv)
 	}
 
 	if(operation == SMIME_VERIFY) {
-		if(!(store = setup_verify(CAfile, CApath))) goto end;
+		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
+		X509_STORE_set_flags(store, store_flags);
 	}
 
+
 	ret = 3;
 
 	if(operation == SMIME_ENCRYPT) {
@@ -507,36 +564,6 @@ end:
 	return (ret);
 }
 
-static X509_STORE *setup_verify(char *CAfile, char *CApath)
-{
-	X509_STORE *store;
-	X509_LOOKUP *lookup;
-	if(!(store = X509_STORE_new())) goto end;
-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-	if (lookup == NULL) goto end;
-	if (CAfile) {
-		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
-			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
-			goto end;
-		}
-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-		
-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) goto end;
-	if (CApath) {
-		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
-			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
-			goto end;
-		}
-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
-	ERR_clear_error();
-	return store;
-	end:
-	X509_STORE_free(store);
-	return NULL;
-}
-
 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 {
 	int i;
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index f73deba..7f42b52 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -1,4 +1,4 @@
-/* apps/speed.c */
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,19 +75,24 @@
 #include <string.h>
 #include <math.h>
 #include "apps.h"
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
 
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
 # define USE_TOD
-#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
 # define TIMEB
 #endif
 
@@ -107,7 +112,7 @@
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -115,7 +120,7 @@
 #include <sys/timeb.h>
 #endif
 
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
 
@@ -125,78 +130,113 @@
 #include <sys/param.h>
 #endif
 
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_AES
+#include <openssl/aes.h>
+#endif
+#ifndef OPENSSL_NO_MD2
 #include <openssl/md2.h>
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 #include <openssl/mdc2.h>
 #endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 #include <openssl/md4.h>
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
 #include <openssl/hmac.h>
 #endif
 #include <openssl/evp.h>
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>
 #endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 #include <openssl/ripemd.h>
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 #include <openssl/rc4.h>
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 #include <openssl/rc5.h>
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 #include <openssl/rc2.h>
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 #include <openssl/blowfish.h>
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 #include <openssl/cast.h>
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #include "./testrsa.h"
 #endif
 #include <openssl/x509.h>
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include "./testdsa.h"
 #endif
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   define HZ	100.0
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
+# if defined(_SC_CLK_TCK) \
+     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#    define HZ	100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
+#   endif
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
 #  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
 # endif
 #endif
 
+#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2)
+# define HAVE_FORK 1
+#endif
+
 #undef BUFSIZE
 #define BUFSIZE	((long)1024*8+1)
 int run=0;
 
-static double Time_F(int s, int usertime);
-static void print_message(char *s,long num,int length);
+static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
+static int mr=0;
+static int usertime=1;
+
+static double Time_F(int s);
+static void print_message(const char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+static void print_result(int alg,int run_no,int count,double time_used);
+#ifdef HAVE_FORK
+static int do_multi(int multi);
+#endif
+
+#define ALGOR_NUM	19
+#define SIZE_NUM	5
+#define RSA_NUM		4
+#define DSA_NUM		3
+static const char *names[ALGOR_NUM]={
+  "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
+  "des cbc","des ede3","idea cbc",
+  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
+  "aes-128 cbc","aes-192 cbc","aes-256 cbc"};
+static double results[ALGOR_NUM][SIZE_NUM];
+static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+static double rsa_results[RSA_NUM][2];
+static double dsa_results[DSA_NUM][2];
+
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -218,15 +258,16 @@ static SIGRETTYPE sig_done(int sig)
 #define START	0
 #define STOP	1
 
-static double Time_F(int s, int usertime)
+static double Time_F(int s)
 	{
 	double ret;
 
 #ifdef USE_TOD
 	if(usertime)
-		{
+	    {
 		static struct rusage tstart,tend;
 
+		getrusage_used = 1;
 		if (s == START)
 			{
 			getrusage(RUSAGE_SELF,&tstart);
@@ -248,6 +289,7 @@ static double Time_F(int s, int usertime)
 		static struct timeval tstart,tend;
 		long i;
 
+		gettimeofday_used = 1;
 		if (s == START)
 			{
 			gettimeofday(&tstart,NULL);
@@ -268,6 +310,7 @@ static double Time_F(int s, int usertime)
 		{
 		static struct tms tstart,tend;
 
+		times_used = 1;
 		if (s == START)
 			{
 			times(&tstart);
@@ -284,8 +327,8 @@ static double Time_F(int s, int usertime)
 # if defined(TIMES) && defined(TIMEB)
 	else
 # endif
-# ifdef VXWORKS
-		{
+# ifdef OPENSSL_SYS_VXWORKS
+                {
 		static unsigned long tick_start, tick_end;
 
 		if( s == START )
@@ -305,6 +348,7 @@ static double Time_F(int s, int usertime)
 		static struct timeb tstart,tend;
 		long i;
 
+		ftime_used = 1;
 		if (s == START)
 			{
 			ftime(&tstart);
@@ -319,7 +363,6 @@ static double Time_F(int s, int usertime)
 			}
 		}
 # endif
-
 #endif
 	}
 
@@ -327,64 +370,85 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
-#define ALGOR_NUM	15
-#define SIZE_NUM	5
-#define RSA_NUM		4
-#define DSA_NUM		3
-	long count,rsa_count;
+	long count=0,save_count=0;
 	int i,j,k;
-#ifndef NO_RSA
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+	long rsa_count;
+#endif
+#ifndef OPENSSL_NO_RSA
 	unsigned rsa_num;
 #endif
-#ifndef NO_MD2
+	unsigned char md[EVP_MAX_MD_SIZE];
+#ifndef OPENSSL_NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 	unsigned char mdc2[MDC2_DIGEST_LENGTH];
 #endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 	unsigned char md4[MD4_DIGEST_LENGTH];
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	RC4_KEY rc4_ks;
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	RC5_32_KEY rc5_ks;
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	RC2_KEY rc2_ks;
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	BF_KEY bf_ks;
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	CAST_KEY cast_ks;
 #endif
-	static unsigned char key16[16]=
+	static const unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	unsigned char iv[8];
-#ifndef NO_DES
-	des_cblock *buf_as_des_cblock = NULL;
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
+	static const unsigned char key24[24]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	static const unsigned char key32[32]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#ifndef OPENSSL_NO_AES
+#define MAX_BLOCK_SIZE 128
+#else
+#define MAX_BLOCK_SIZE 64
+#endif
+	unsigned char DES_iv[8];
+	unsigned char iv[MAX_BLOCK_SIZE/8];
+#ifndef OPENSSL_NO_DES
+	DES_cblock *buf_as_des_cblock = NULL;
+	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	DES_key_schedule sch;
+	DES_key_schedule sch2;
+	DES_key_schedule sch3;
+#endif
+#ifndef OPENSSL_NO_AES
+	AES_KEY aes_ks1, aes_ks2, aes_ks3;
 #endif
 #define	D_MD2		0
 #define	D_MDC2		1
@@ -401,13 +465,12 @@ int MAIN(int argc, char **argv)
 #define	D_CBC_RC5	12
 #define	D_CBC_BF	13
 #define	D_CBC_CAST	14
-	double d,results[ALGOR_NUM][SIZE_NUM];
-	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+#define D_CBC_128_AES	15
+#define D_CBC_192_AES	16
+#define D_CBC_256_AES	17
+#define D_EVP		18
+	double d=0.0;
 	long c[ALGOR_NUM][SIZE_NUM];
-	static char *names[ALGOR_NUM]={
-		"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
-		"des cbc","des ede3","idea cbc",
-		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define	R_DSA_512	0
 #define	R_DSA_1024	1
 #define	R_DSA_2048	2
@@ -415,10 +478,9 @@ int MAIN(int argc, char **argv)
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
-	double rsa_results[RSA_NUM][2];
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
 	static unsigned char *rsa_data[RSA_NUM]=
 		{test512,test1024,test2048,test4096};
@@ -426,17 +488,21 @@ int MAIN(int argc, char **argv)
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	DSA *dsa_key[DSA_NUM];
 	long dsa_c[DSA_NUM][2];
-	double dsa_results[DSA_NUM][2];
 	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 #endif
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
 	int doit[ALGOR_NUM];
 	int pr_header=0;
-	int usertime=1;
+	const EVP_CIPHER *evp_cipher=NULL;
+	const EVP_MD *evp_md=NULL;
+	int decrypt=0;
+#ifdef HAVE_FORK
+	int multi=0;
+#endif
 
 #ifndef TIMES
 	usertime=-1;
@@ -444,7 +510,7 @@ int MAIN(int argc, char **argv)
 
 	apps_startup();
 	memset(results, 0, sizeof(results));
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
 
@@ -452,7 +518,10 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-#ifndef NO_RSA
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+#ifndef OPENSSL_NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
@@ -463,8 +532,8 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
-#ifndef NO_DES
-	buf_as_des_cblock = (des_cblock *)buf;
+#ifndef OPENSSL_NO_DES
+	buf_as_des_cblock = (DES_cblock *)buf;
 #endif
 	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
 		{
@@ -473,6 +542,7 @@ int MAIN(int argc, char **argv)
 		}
 
 	memset(c,0,sizeof(c));
+	memset(DES_iv,0,sizeof(DES_iv));
 	memset(iv,0,sizeof(iv));
 
 	for (i=0; i<ALGOR_NUM; i++)
@@ -488,34 +558,108 @@ int MAIN(int argc, char **argv)
 	while (argc)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
+			{
 			usertime = 0;
-#ifndef NO_MD2
+			j--;	/* Otherwise, -elapsed gets confused with
+				   an algorithm. */
+			}
+		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no EVP given\n");
+				goto end;
+				}
+			evp_cipher=EVP_get_cipherbyname(*argv);
+			if(!evp_cipher)
+				{
+				evp_md=EVP_get_digestbyname(*argv);
+				}
+			if(!evp_cipher && !evp_md)
+				{
+				BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
+				goto end;
+				}
+			doit[D_EVP]=1;
+			}
+		else if (argc > 0 && !strcmp(*argv,"-decrypt"))
+			{
+			decrypt=1;
+			j--;	/* Otherwise, -elapsed gets confused with
+				   an algorithm. */
+			}
+		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no engine given\n");
+				goto end;
+				}
+                        e = setup_engine(bio_err, *argv, 0);
+			/* j will be increased again further down.  We just
+			   don't want speed to confuse an engine with an
+			   algorithm, especially when none is given (which
+			   means all of them should be run) */
+			j--;
+			}
+#ifdef HAVE_FORK
+		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no multi count given\n");
+				goto end;
+				}
+			multi=atoi(argv[0]);
+			if(multi <= 0)
+			    {
+				BIO_printf(bio_err,"bad multi count\n");
+				goto end;
+				}				
+			j--;	/* Otherwise, -mr gets confused with
+				   an algorithm. */
+			}
+#endif
+		else if (argc > 0 && !strcmp(*argv,"-mr"))
+			{
+			mr=1;
+			j--;	/* Otherwise, -mr gets confused with
+				   an algorithm. */
+			}
+		else
+#ifndef OPENSSL_NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
 		else
 #endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
 		else
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
 			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 		else
 #endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
 			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -523,20 +667,26 @@ int MAIN(int argc, char **argv)
 			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
 		else
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
 		else 
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
 		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
 		else
 #endif
-#ifndef NO_RSA
-#ifdef RSAref
+#ifndef OPENSSL_NO_AES
+			if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
+		else	if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
+		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
+		else
+#endif
+#ifndef OPENSSL_NO_RSA
+#if 0 /* was: #ifdef RSAref */
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_RSAref());
+			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -549,7 +699,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
 		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
 		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
@@ -558,34 +708,34 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
 		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
 		else
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
 		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
 		else
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
 		else
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 			if (strcmp(*argv,"des") == 0)
 			{
 			doit[D_CBC_DES]=1;
@@ -593,7 +743,16 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_AES
+			if (strcmp(*argv,"aes") == 0)
+			{
+			doit[D_CBC_128_AES]=1;
+			doit[D_CBC_192_AES]=1;
+			doit[D_CBC_256_AES]=1;
+			}
+		else
+#endif
+#ifndef OPENSSL_NO_RSA
 			if (strcmp(*argv,"rsa") == 0)
 			{
 			rsa_doit[R_RSA_512]=1;
@@ -603,7 +762,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (strcmp(*argv,"dsa") == 0)
 			{
 			dsa_doit[R_DSA_512]=1;
@@ -615,85 +774,104 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"Error: bad option or value\n");
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available values:\n");
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 			BIO_printf(bio_err,"md2      ");
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 			BIO_printf(bio_err,"mdc2     ");
 #endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 			BIO_printf(bio_err,"md4      ");
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 			BIO_printf(bio_err,"md5      ");
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
 			BIO_printf(bio_err,"hmac     ");
 #endif
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA1
 			BIO_printf(bio_err,"sha1     ");
 #endif
-#ifndef NO_RIPEMD160
+#ifndef OPENSSL_NO_RIPEMD160
 			BIO_printf(bio_err,"rmd160");
 #endif
-#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
+#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
 			BIO_printf(bio_err,"\n");
 #endif
 
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 			BIO_printf(bio_err,"rc5-cbc  ");
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
-
+#ifndef OPENSSL_NO_DES
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
-#ifndef NO_RC4
+#endif
+#ifndef OPENSSL_NO_AES
+			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
+#endif
+#ifndef OPENSSL_NO_RC4
 			BIO_printf(bio_err,"rc4");
 #endif
 			BIO_printf(bio_err,"\n");
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
 
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea     ");
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 			BIO_printf(bio_err,"rc2      ");
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 			BIO_printf(bio_err,"des      ");
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_AES
+			BIO_printf(bio_err,"aes      ");
+#endif
+#ifndef OPENSSL_NO_RSA
 			BIO_printf(bio_err,"rsa      ");
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 			BIO_printf(bio_err,"blowfish");
 #endif
-#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+    !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
 			BIO_printf(bio_err,"\n");
 #endif
 
-#ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
+#if defined(TIMES) || defined(USE_TOD)
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
+			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+			BIO_printf(bio_err,"-evp e          use EVP e.\n");
+			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
+			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
+#ifdef HAVE_FORK
+			BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
+#endif
 			goto end;
 			}
 		argc--;
@@ -701,10 +879,18 @@ int MAIN(int argc, char **argv)
 		j++;
 		}
 
+#ifdef HAVE_FORK
+	if(multi && do_multi(multi))
+		goto show_res;
+#endif
+
 	if (j == 0)
 		{
 		for (i=0; i<ALGOR_NUM; i++)
-			doit[i]=1;
+			{
+			if (i != D_EVP)
+				doit[i]=1;
+			}
 		for (i=0; i<RSA_NUM; i++)
 			rsa_doit[i]=1;
 		for (i=0; i<DSA_NUM; i++)
@@ -713,18 +899,18 @@ int MAIN(int argc, char **argv)
 	for (i=0; i<ALGOR_NUM; i++)
 		if (doit[i]) pr_header++;
 
-	if (usertime == 0)
+	if (usertime == 0 && !mr)
 		BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
-	if (usertime <= 0)
+	if (usertime <= 0 && !mr)
 		{
 		BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
 		BIO_printf(bio_err,"program when this computer is idle.\n");
 		}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		{
-		unsigned char *p;
+		const unsigned char *p;
 
 		p=rsa_data[i];
 		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -736,7 +922,9 @@ int MAIN(int argc, char **argv)
 #if 0
 		else
 			{
-			BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+			BIO_printf(bio_err,mr ? "+RK:%d:"
+				   : "Loaded RSA key, %d bit modulus and e= 0x",
+				   BN_num_bits(rsa_key[i]->n));
 			BN_print(bio_err,rsa_key[i]->e);
 			BIO_printf(bio_err,"\n");
 			}
@@ -744,51 +932,57 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	dsa_key[0]=get_dsa512();
 	dsa_key[1]=get_dsa1024();
 	dsa_key[2]=get_dsa2048();
 #endif
 
-#ifndef NO_DES
-	des_set_key_unchecked(&key,sch);
-	des_set_key_unchecked(&key2,sch2);
-	des_set_key_unchecked(&key3,sch3);
+#ifndef OPENSSL_NO_DES
+	DES_set_key_unchecked(&key,&sch);
+	DES_set_key_unchecked(&key2,&sch2);
+	DES_set_key_unchecked(&key3,&sch3);
+#endif
+#ifndef OPENSSL_NO_AES
+	AES_set_encrypt_key(key16,128,&aes_ks1);
+	AES_set_encrypt_key(key24,192,&aes_ks2);
+	AES_set_encrypt_key(key32,256,&aes_ks3);
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	RC4_set_key(&rc4_ks,16,key16);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	RC5_32_set_key(&rc5_ks,16,key16,12);
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	CAST_set_key(&cast_ks,16,key16);
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
 #endif
 #ifndef SIGALRM
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
 		long i;
 		count*=2;
-		Time_F(START,usertime);
+		Time_F(START);
 		for (i=count; i; i--)
-			des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
-				&(sch[0]),DES_ENCRYPT);
-		d=Time_F(STOP,usertime);
+			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+				&sch,DES_ENCRYPT);
+		d=Time_F(STOP);
 		} while (d <3);
+	save_count=count;
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
 	c[D_MD4][0]=count;
@@ -830,7 +1024,7 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -850,7 +1044,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -875,167 +1069,152 @@ int MAIN(int argc, char **argv)
 #else
 /* not worth fixing */
 # error "You cannot disable DES on systems without SIGALRM."
-#endif /* NO_DES */
+#endif /* OPENSSL_NO_DES */
 #else
 #define COND(c)	(run)
 #define COUNT(d) (count)
 	signal(SIGALRM,sig_done);
 #endif /* SIGALRM */
 
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 	if (doit[D_MD2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD2][j]); count++)
-				MD2(buf,(unsigned long)lengths[j],&(md2[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MD2],d);
-			results[D_MD2][j]=((double)count)/d*lengths[j];
+				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
+			d=Time_F(STOP);
+			print_result(D_MD2,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 	if (doit[D_MDC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-				MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MDC2],d);
-			results[D_MDC2][j]=((double)count)/d*lengths[j];
+				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
+			d=Time_F(STOP);
+			print_result(D_MDC2,j,count,d);
 			}
 		}
 #endif
 
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 	if (doit[D_MD4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD4][j]); count++)
-				MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MD4],d);
-			results[D_MD4][j]=((double)count)/d*lengths[j];
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
+			d=Time_F(STOP);
+			print_result(D_MD4,j,count,d);
 			}
 		}
 #endif
 
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	if (doit[D_MD5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MD5],d);
-			results[D_MD5][j]=((double)count)/d*lengths[j];
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
+			d=Time_F(STOP);
+			print_result(D_MD5,j,count,d);
 			}
 		}
 #endif
 
-#if !defined(NO_MD5) && !defined(NO_HMAC)
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
 	if (doit[D_HMAC])
 		{
 		HMAC_CTX hctx;
-		HMAC_Init(&hctx,(unsigned char *)"This is a key...",
-			16,EVP_md5());
+
+		HMAC_CTX_init(&hctx);
+		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+			16,EVP_md5(), NULL);
 
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
 				{
-				HMAC_Init(&hctx,NULL,0,NULL);
-                                HMAC_Update(&hctx,buf,lengths[j]);
-                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+				HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+				HMAC_Update(&hctx,buf,lengths[j]);
+				HMAC_Final(&hctx,&(hmac[0]),NULL);
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_HMAC],d);
-			results[D_HMAC][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_HMAC,j,count,d);
 			}
+		HMAC_CTX_cleanup(&hctx);
 		}
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-				SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_SHA1],d);
-			results[D_SHA1][j]=((double)count)/d*lengths[j];
+				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
+			d=Time_F(STOP);
+			print_result(D_SHA1,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 	if (doit[D_RMD160])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_RMD160],d);
-			results[D_RMD160][j]=((double)count)/d*lengths[j];
+				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
+			d=Time_F(STOP);
+			print_result(D_RMD160,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	if (doit[D_RC4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_RC4][j]); count++)
 				RC4(&rc4_ks,(unsigned int)lengths[j],
 					buf,buf);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_RC4],d);
-			results[D_RC4][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_RC4,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	if (doit[D_CBC_DES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
-				des_ncbc_encrypt(buf,buf,lengths[j],sch,
-						 &iv,DES_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_DES],d);
-			results[D_CBC_DES][j]=((double)count)/d*lengths[j];
+				DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
+						 &DES_iv,DES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_DES,j,count,d);
 			}
 		}
 
@@ -1044,111 +1223,195 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
-				des_ede3_cbc_encrypt(buf,buf,lengths[j],
-						     sch,sch2,sch3,
-						     &iv,DES_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_EDE3_DES],d);
-			results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
+				DES_ede3_cbc_encrypt(buf,buf,lengths[j],
+						     &sch,&sch2,&sch3,
+						     &DES_iv,DES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_EDE3_DES,j,count,d);
+			}
+		}
+#endif
+#ifndef OPENSSL_NO_AES
+	if (doit[D_CBC_128_AES])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
+				AES_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&aes_ks1,
+					iv,AES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_128_AES,j,count,d);
+			}
+		}
+	if (doit[D_CBC_192_AES])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
+				AES_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&aes_ks2,
+					iv,AES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_192_AES,j,count,d);
+			}
+		}
+	if (doit[D_CBC_256_AES])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
+				AES_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&aes_ks3,
+					iv,AES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_256_AES,j,count,d);
 			}
 		}
+
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	if (doit[D_CBC_IDEA])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
 				idea_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&idea_ks,
 					iv,IDEA_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_IDEA],d);
-			results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_CBC_IDEA,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	if (doit[D_CBC_RC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
 				RC2_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc2_ks,
 					iv,RC2_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_RC2],d);
-			results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_CBC_RC2,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	if (doit[D_CBC_RC5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
 				RC5_32_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc5_ks,
 					iv,RC5_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_RC5],d);
-			results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_CBC_RC5,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
 				BF_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&bf_ks,
 					iv,BF_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_BF],d);
-			results[D_CBC_BF][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_CBC_BF,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	if (doit[D_CBC_CAST])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
 				CAST_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&cast_ks,
 					iv,CAST_ENCRYPT);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_CAST],d);
-			results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+			d=Time_F(STOP);
+			print_result(D_CBC_CAST,j,count,d);
 			}
 		}
 #endif
 
+	if (doit[D_EVP])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			if (evp_cipher)
+				{
+				EVP_CIPHER_CTX ctx;
+				int outl;
+
+				names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
+				/* -O3 -fschedule-insns messes up an
+				 * optimization here!  names[D_EVP]
+				 * somehow becomes NULL */
+				print_message(names[D_EVP],save_count,
+					lengths[j]);
+
+				EVP_CIPHER_CTX_init(&ctx);
+				if(decrypt)
+					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+				else
+					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+
+				Time_F(START);
+				if(decrypt)
+					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+						EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+				else
+					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+						EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+				if(decrypt)
+					EVP_DecryptFinal_ex(&ctx,buf,&outl);
+				else
+					EVP_EncryptFinal_ex(&ctx,buf,&outl);
+				d=Time_F(STOP);
+				}
+			if (evp_md)
+				{
+				names[D_EVP]=OBJ_nid2ln(evp_md->type);
+				print_message(names[D_EVP],save_count,
+					lengths[j]);
+
+				Time_F(START);
+				for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+					EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+
+				d=Time_F(STOP);
+				}
+			print_result(D_EVP,j,count,d);
+			}
+		}
+
 	RAND_pseudo_bytes(buf,36);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
 		int ret;
@@ -1166,7 +1429,7 @@ int MAIN(int argc, char **argv)
 				rsa_c[j][0],rsa_bits[j],
 				RSA_SECONDS);
 /*			RSA_blinding_on(rsa_key[j],NULL); */
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(rsa_c[j][0]); count++)
 				{
 				ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
@@ -1180,10 +1443,10 @@ int MAIN(int argc, char **argv)
 					break;
 					}
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,
-				"%ld %d bit private RSA's in %.2fs\n",
-				count,rsa_bits[j],d);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
+				   : "%ld %d bit private RSA's in %.2fs\n",
+				   count,rsa_bits[j],d);
 			rsa_results[j][0]=d/(double)count;
 			rsa_count=count;
 			}
@@ -1201,7 +1464,7 @@ int MAIN(int argc, char **argv)
 			pkey_print_message("public","rsa",
 				rsa_c[j][1],rsa_bits[j],
 				RSA_SECONDS);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(rsa_c[j][1]); count++)
 				{
 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
@@ -1215,10 +1478,10 @@ int MAIN(int argc, char **argv)
 					break;
 					}
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,
-				"%ld %d bit public RSA's in %.2fs\n",
-				count,rsa_bits[j],d);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
+				   : "%ld %d bit public RSA's in %.2fs\n",
+				   count,rsa_bits[j],d);
 			rsa_results[j][1]=d/(double)count;
 			}
 #endif
@@ -1233,7 +1496,7 @@ int MAIN(int argc, char **argv)
 #endif
 
 	RAND_pseudo_bytes(buf,20);
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (RAND_status() != 1)
 		{
 		RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -1245,7 +1508,7 @@ int MAIN(int argc, char **argv)
 		int ret;
 
 		if (!dsa_doit[j]) continue;
-		DSA_generate_key(dsa_key[j]);
+/*		DSA_generate_key(dsa_key[j]); */
 /*		DSA_sign_setup(dsa_key[j],NULL); */
 		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
 			&kk,dsa_key[j]);
@@ -1260,7 +1523,7 @@ int MAIN(int argc, char **argv)
 			pkey_print_message("sign","dsa",
 				dsa_c[j][0],dsa_bits[j],
 				DSA_SECONDS);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(dsa_c[j][0]); count++)
 				{
 				ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
@@ -1274,9 +1537,10 @@ int MAIN(int argc, char **argv)
 					break;
 					}
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
-				count,dsa_bits[j],d);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
+				   : "%ld %d bit DSA signs in %.2fs\n",
+				   count,dsa_bits[j],d);
 			dsa_results[j][0]=d/(double)count;
 			rsa_count=count;
 			}
@@ -1294,7 +1558,7 @@ int MAIN(int argc, char **argv)
 			pkey_print_message("verify","dsa",
 				dsa_c[j][1],dsa_bits[j],
 				DSA_SECONDS);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(dsa_c[j][1]); count++)
 				{
 				ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
@@ -1308,9 +1572,10 @@ int MAIN(int argc, char **argv)
 					break;
 					}
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
-				count,dsa_bits[j],d);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
+				   : "%ld %d bit DSA verify in %.2fs\n",
+				   count,dsa_bits[j],d);
 			dsa_results[j][1]=d/(double)count;
 			}
 
@@ -1323,106 +1588,160 @@ int MAIN(int argc, char **argv)
 		}
 	if (rnd_fake) RAND_cleanup();
 #endif
-
-	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
+#ifdef HAVE_FORK
+show_res:
+#endif
+	if(!mr)
+		{
+		fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
         fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
-	printf("options:");
-	printf("%s ",BN_options());
-#ifndef NO_MD2
-	printf("%s ",MD2_options());
+		printf("options:");
+		printf("%s ",BN_options());
+#ifndef OPENSSL_NO_MD2
+		printf("%s ",MD2_options());
 #endif
-#ifndef NO_RC4
-	printf("%s ",RC4_options());
+#ifndef OPENSSL_NO_RC4
+		printf("%s ",RC4_options());
 #endif
-#ifndef NO_DES
-	printf("%s ",des_options());
+#ifndef OPENSSL_NO_DES
+		printf("%s ",DES_options());
 #endif
-#ifndef NO_IDEA
-	printf("%s ",idea_options());
+#ifndef OPENSSL_NO_AES
+		printf("%s ",AES_options());
 #endif
-#ifndef NO_BF
-	printf("%s ",BF_options());
+#ifndef OPENSSL_NO_IDEA
+		printf("%s ",idea_options());
 #endif
-	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+#ifndef OPENSSL_NO_BF
+		printf("%s ",BF_options());
+#endif
+		fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+		printf("available timing options: ");
+#ifdef TIMES
+		printf("TIMES ");
+#endif
+#ifdef TIMEB
+		printf("TIMEB ");
+#endif
+#ifdef USE_TOD
+		printf("USE_TOD ");
+#endif
+#ifdef HZ
+#define as_string(s) (#s)
+		printf("HZ=%g", (double)HZ);
+# ifdef _SC_CLK_TCK
+		printf(" [sysconf value]");
+# endif
+#endif
+		printf("\n");
+		printf("timing function used: %s%s%s%s%s%s%s\n",
+		       (ftime_used ? "ftime" : ""),
+		       (ftime_used + times_used > 1 ? "," : ""),
+		       (times_used ? "times" : ""),
+		       (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
+		       (gettimeofday_used ? "gettimeofday" : ""),
+		       (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
+		       (getrusage_used ? "getrusage" : ""));
+		}
 
 	if (pr_header)
 		{
-		fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); 
-		fprintf(stdout,"type        ");
+		if(mr)
+			fprintf(stdout,"+H");
+		else
+			{
+			fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); 
+			fprintf(stdout,"type        ");
+			}
 		for (j=0;  j<SIZE_NUM; j++)
-			fprintf(stdout,"%7d bytes",lengths[j]);
+			fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
 		fprintf(stdout,"\n");
 		}
 
 	for (k=0; k<ALGOR_NUM; k++)
 		{
 		if (!doit[k]) continue;
-		fprintf(stdout,"%-13s",names[k]);
+		if(mr)
+			fprintf(stdout,"+F:%d:%s",k,names[k]);
+		else
+			fprintf(stdout,"%-13s",names[k]);
 		for (j=0; j<SIZE_NUM; j++)
 			{
-			if (results[k][j] > 10000)
+			if (results[k][j] > 10000 && !mr)
 				fprintf(stdout," %11.2fk",results[k][j]/1e3);
 			else
-				fprintf(stdout," %11.2f ",results[k][j]);
+				fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
 			}
 		fprintf(stdout,"\n");
 		}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	j=1;
 	for (k=0; k<RSA_NUM; k++)
 		{
 		if (!rsa_doit[k]) continue;
-		if (j)
+		if (j && !mr)
 			{
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
-			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
-			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
-		fprintf(stdout,"\n");
+		if(mr)
+			fprintf(stdout,"+F2:%u:%u:%f:%f\n",
+				k,rsa_bits[k],rsa_results[k][0],
+				rsa_results[k][1]);
+		else
+			fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+				rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+				1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		}
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	j=1;
 	for (k=0; k<DSA_NUM; k++)
 		{
 		if (!dsa_doit[k]) continue;
-		if (j)	{
+		if (j && !mr)
+			{
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
-			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
-			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
-		fprintf(stdout,"\n");
+		if(mr)
+			fprintf(stdout,"+F3:%u:%u:%f:%f\n",
+				k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+		else
+			fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+				dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		}
 #endif
 	mret=0;
 end:
+	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		if (rsa_key[i] != NULL)
 			RSA_free(rsa_key[i]);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	for (i=0; i<DSA_NUM; i++)
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
 #endif
-	EXIT(mret);
+	apps_shutdown();
+	OPENSSL_EXIT(mret);
 	}
 
-static void print_message(char *s, long num, int length)
+static void print_message(const char *s, long num, int length)
 	{
 #ifdef SIGALRM
-	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
+	BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
+		   : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
 	(void)BIO_flush(bio_err);
 	alarm(SECONDS);
 #else
-	BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
+	BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
+		   : "Doing %s %ld times on %d size blocks: ",s,num,length);
 	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
@@ -1434,11 +1753,13 @@ static void pkey_print_message(char *str, char *str2, long num, int bits,
 	     int tm)
 	{
 #ifdef SIGALRM
-	BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
+	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
+			   : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
 	(void)BIO_flush(bio_err);
 	alarm(RSA_SECONDS);
 #else
-	BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
+	BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
+			   : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
 	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
@@ -1446,3 +1767,175 @@ static void pkey_print_message(char *str, char *str2, long num, int bits,
 #endif
 	}
 
+static void print_result(int alg,int run_no,int count,double time_used)
+	{
+	BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
+		   : "%ld %s's in %.2fs\n",count,names[alg],time_used);
+	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
+	}
+
+static char *sstrsep(char **string, const char *delim)
+    {
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, sizeof isdelim);
+    isdelim[0] = 1;
+
+    while (*delim)
+        {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+        }
+
+    while (!isdelim[(unsigned char)(**string)])
+        {
+        (*string)++;
+        }
+
+    if (**string)
+        {
+        **string = 0;
+        (*string)++;
+        }
+
+    return token;
+    }
+
+#ifdef HAVE_FORK
+static int do_multi(int multi)
+	{
+	int n;
+	int fd[2];
+	int *fds;
+	static char sep[]=":";
+
+	fds=malloc(multi*sizeof *fds);
+	for(n=0 ; n < multi ; ++n)
+		{
+		pipe(fd);
+		if(fork())
+			{
+			close(fd[1]);
+			fds[n]=fd[0];
+			}
+		else
+			{
+			close(fd[0]);
+			close(1);
+			dup(fd[1]);
+			close(fd[1]);
+			mr=1;
+			usertime=0;
+			return 0;
+			}
+		printf("Forked child %d\n",n);
+		}
+
+	/* for now, assume the pipe is long enough to take all the output */
+	for(n=0 ; n < multi ; ++n)
+		{
+		FILE *f;
+		char buf[1024];
+		char *p;
+
+		f=fdopen(fds[n],"r");
+		while(fgets(buf,sizeof buf,f))
+			{
+			p=strchr(buf,'\n');
+			if(p)
+				*p='\0';
+			if(buf[0] != '+')
+				{
+				fprintf(stderr,"Don't understand line '%s' from child %d\n",
+						buf,n);
+				continue;
+				}
+			printf("Got: %s from %d\n",buf,n);
+			if(!strncmp(buf,"+F:",3))
+				{
+				int alg;
+				int j;
+
+				p=buf+3;
+				alg=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+				for(j=0 ; j < SIZE_NUM ; ++j)
+					results[alg][j]+=atof(sstrsep(&p,sep));
+				}
+			else if(!strncmp(buf,"+F2:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+				else
+					rsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+				else
+					rsa_results[k][1]=d;
+				}
+			else if(!strncmp(buf,"+F2:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+				else
+					rsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+				else
+					rsa_results[k][1]=d;
+				}
+			else if(!strncmp(buf,"+F3:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
+				else
+					dsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
+				else
+					dsa_results[k][1]=d;
+				}
+			else if(!strncmp(buf,"+H:",3))
+				{
+				}
+			else
+				fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
+			}
+		}
+	return 1;
+	}
+#endif
diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c
index 459d730..ed370c5 100644
--- a/crypto/openssl/apps/spkac.c
+++ b/crypto/openssl/apps/spkac.c
@@ -81,21 +81,26 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
-	BIO *in = NULL,*out = NULL, *key = NULL;
+	BIO *in = NULL,*out = NULL;
 	int verify=0,noout=0,pubkey=0;
 	char *infile = NULL,*outfile = NULL,*prog;
 	char *passargin = NULL, *passin = NULL;
 	char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
 	char *challenge = NULL, *keyfile = NULL;
-	LHASH *conf = NULL;
+	CONF *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
+	char *engine=NULL;
 
 	apps_startup();
 
 	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
@@ -136,6 +141,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +171,7 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
@@ -170,18 +181,13 @@ bad:
 		goto end;
 	}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if(keyfile) {
-		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
-		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
-		if(!key) {
-			BIO_printf(bio_err, "Error opening key file\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
+		pkey = load_key(bio_err,
+				strcmp(keyfile, "-") ? keyfile : NULL,
+				FORMAT_PEM, 1, passin, e, "private key");
 		if(!pkey) {
-			BIO_printf(bio_err, "Error reading private key\n");
-			ERR_print_errors(bio_err);
 			goto end;
 		}
 		spki = NETSCAPE_SPKI_new();
@@ -194,7 +200,7 @@ bad:
 		if (outfile) out = BIO_new_file(outfile, "w");
 		else {
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			    out = BIO_push(tmpbio, out);
@@ -224,15 +230,16 @@ bad:
 		goto end;
 	}
 
-	conf = CONF_load_bio(NULL, in, NULL);
+	conf = NCONF_new(NULL);
+	i = NCONF_load_bio(conf, in, NULL);
 
-	if(!conf) {
+	if(!i) {
 		BIO_printf(bio_err, "Error parsing config file\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
 
-	spkstr = CONF_get_string(conf, spksect, spkac);
+	spkstr = NCONF_get_string(conf, spksect, spkac);
 		
 	if(!spkstr) {
 		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
@@ -251,7 +258,7 @@ bad:
 	if (outfile) out = BIO_new_file(outfile, "w");
 	else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
@@ -281,12 +288,12 @@ bad:
 	ret = 0;
 
 end:
-	CONF_free(conf);
+	NCONF_free(conf);
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
 	BIO_free_all(out);
-	BIO_free(key);
 	EVP_PKEY_free(pkey);
 	if(passin) OPENSSL_free(passin);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/crypto/openssl/apps/testdsa.h b/crypto/openssl/apps/testdsa.h
index f0bfbb1..9e84e31 100644
--- a/crypto/openssl/apps/testdsa.h
+++ b/crypto/openssl/apps/testdsa.h
@@ -3,6 +3,18 @@
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
+static unsigned char dsa512_priv[] = {
+	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
+	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
+	};
+static unsigned char dsa512_pub[] = {
+	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
+	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
+	0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
+	0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
+	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
+	0xbe,0xba,0x0a,0x6b,0xc8,
+	};
 static unsigned char dsa512_p[]={
 	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
 	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
@@ -29,14 +41,34 @@ DSA *get_dsa512()
 	DSA *dsa;
 
 	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
+	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
 	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
 	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
 	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
 
+static unsigned char dsa1024_priv[]={
+	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
+	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
+	};
+static unsigned char dsa1024_pub[]={
+	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
+	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
+	0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
+	0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
+	0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
+	0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
+	0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
+	0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
+	0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
+	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
+	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
+	};
 static unsigned char dsa1024_p[]={
 	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
 	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
@@ -73,14 +105,45 @@ DSA *get_dsa1024()
 	DSA *dsa;
 
 	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
+	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
 	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
 	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
 	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
 
+static unsigned char dsa2048_priv[]={
+	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
+	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
+	};
+static unsigned char dsa2048_pub[]={
+	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
+	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
+	0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
+	0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
+	0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
+	0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
+	0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
+	0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
+	0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
+	0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
+	0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
+	0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
+	0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
+	0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
+	0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
+	0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
+	0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
+	0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
+	0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
+	0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
+	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
+	0x8b,0x33,0xb7,0xce,
+	};
 static unsigned char dsa2048_p[]={
 	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
 	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
@@ -139,10 +202,13 @@ DSA *get_dsa2048()
 	DSA *dsa;
  
 	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
+	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
 	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
 	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
 	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
index 47e602d..9a18213 100644
--- a/crypto/openssl/apps/verify.c
+++ b/crypto/openssl/apps/verify.c
@@ -70,14 +70,15 @@
 #define PROG	verify_main
 
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
 static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0, issuer_checks = 0;
+static int v_verbose=0, vflags = 0;
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +86,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
+	char *engine=NULL;
 
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -98,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argc--;
 	argv++;
 	for (;;)
@@ -137,10 +142,21 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
+			else if (strcmp(*argv,"-engine") == 0)
+				{
+				if (--argc < 1) goto end;
+				engine= *(++argv);
+				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
+			else if (strcmp(*argv,"-ignore_critical") == 0)
+				vflags |= X509_V_FLAG_IGNORE_CRITICAL;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
-				issuer_checks=1;
+				vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
+			else if (strcmp(*argv,"-crl_check") == 0)
+				vflags |= X509_V_FLAG_CRL_CHECK;
+			else if (strcmp(*argv,"-crl_check_all") == 0)
+				vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 			else if (strcmp(*argv,"-verbose") == 0)
 				v_verbose=1;
 			else if (argv[0][0] == '-')
@@ -154,6 +170,8 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -194,14 +212,14 @@ int MAIN(int argc, char **argv)
 		}
 	}
 
-	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
+	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
 	else
 		for (i=0; i<argc; i++)
-			check(cert_ctx,argv[i], untrusted, trusted, purpose);
+			check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
@@ -213,42 +231,19 @@ end:
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
 	{
 	X509 *x=NULL;
-	BIO *in=NULL;
 	int i=0,ret=0;
 	X509_STORE_CTX *csc;
 
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-
-	x=PEM_read_bio_X509(in,NULL,NULL,NULL);
+	x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
 	if (x == NULL)
-		{
-		fprintf(stdout,"%s: unable to load certificate file\n",
-			(file == NULL)?"stdin":file);
-		ERR_print_errors(bio_err);
 		goto end;
-		}
 	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
 
 	csc = X509_STORE_CTX_new();
@@ -257,11 +252,14 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	X509_STORE_CTX_init(csc,ctx,x,uchain);
+	X509_STORE_set_flags(ctx, vflags);
+	if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
 	if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
-	if(issuer_checks)
-		X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
 	i=X509_verify_cert(csc);
 	X509_STORE_CTX_free(csc);
 
@@ -275,7 +273,6 @@ end:
 	else
 		ERR_print_errors(bio_err);
 	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
 
 	return(ret);
 	}
@@ -333,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	if (!ok)
 		{
 		X509_NAME_oneline(
-				X509_get_subject_name(ctx->current_cert),buf,256);
+				X509_get_subject_name(ctx->current_cert),buf,
+				sizeof buf);
 		printf("%s\n",buf);
 		printf("error %d at %d depth lookup:%s\n",ctx->error,
 			ctx->error_depth,
@@ -349,6 +347,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 		if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
 		if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
+		if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
+		if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
+		if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
 		}
 	if (!v_verbose)
 		ERR_clear_error();
diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c
index f5c9adc..0843b67 100644
--- a/crypto/openssl/apps/version.c
+++ b/crypto/openssl/apps/version.c
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -62,6 +115,21 @@
 #include "apps.h"
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
 
 #undef PROG
 #define PROG	version_main
@@ -71,7 +139,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0,platform=0;
+	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
 
 	apps_startup();
 
@@ -92,8 +160,10 @@ int MAIN(int argc, char **argv)
 			options=1;
 		else if (strcmp(argv[i],"-p") == 0)
 			platform=1;
+		else if (strcmp(argv[i],"-d") == 0)
+			dir=1;
 		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=platform=1;
+			date=version=cflags=options=platform=dir=1;
 		else
 			{
 			BIO_printf(bio_err,"usage:version -[avbofp]\n");
@@ -109,24 +179,26 @@ int MAIN(int argc, char **argv)
 		{
 		printf("options:  ");
 		printf("%s ",BN_options());
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 		printf("%s ",MD2_options());
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 		printf("%s ",RC4_options());
 #endif
-#ifndef NO_DES
-		printf("%s ",des_options());
+#ifndef OPENSSL_NO_DES
+		printf("%s ",DES_options());
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		printf("%s ",idea_options());
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 		printf("%s ",BF_options());
 #endif
 		printf("\n");
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/crypto/openssl/apps/winrand.c b/crypto/openssl/apps/winrand.c
index d042258..59bede3 100644
--- a/crypto/openssl/apps/winrand.c
+++ b/crypto/openssl/apps/winrand.c
@@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
         HDC hdc;
 	PAINTSTRUCT ps;
         RECT rect;
-        char buffer[200];
         static int seeded = 0;
 
 	switch (iMsg)
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index b9b1328..7915eca 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -60,7 +60,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -105,6 +105,7 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
+" -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -121,7 +122,8 @@ static char *x509_usage[]={
 " -CAkey arg      - set the CA key, must be PEM format\n",
 "                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial       - serial file\n",
+" -CAserial arg   - serial file\n",
+" -set_serial     - serial number to use\n",
 " -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -129,15 +131,18 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
+" -certopt arg    - various certificate text options\n",
 NULL
 };
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
-						LHASH *conf, char *section);
+						CONF *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
 			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
-			 int create,int days, int clrext, LHASH *conf, char *section);
+			 int create,int days, int clrext, CONF *conf, char *section,
+						ASN1_INTEGER *sno);
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int reqfile=0;
 
@@ -145,11 +150,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
 	ASN1_OBJECT *objtmp;
 	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+	ASN1_INTEGER *sno = NULL;
 	int i,num,badops=0;
 	BIO *out=NULL;
 	BIO *STDout=NULL;
@@ -159,6 +166,7 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -170,11 +178,12 @@ int MAIN(int argc, char **argv)
 	int fingerprint=0;
 	char buf[256];
 	const EVP_MD *md_alg,*digest=EVP_md5();
-	LHASH *extconf = NULL;
+	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0;
+	unsigned long nmflag = 0, certflag = 0;
+	char *engine=NULL;
 
 	reqfile=0;
 
@@ -182,8 +191,11 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
@@ -294,6 +306,12 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CAserial= *(++argv);
 			}
+		else if (strcmp(*argv,"-set_serial") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
+				goto bad;
+			}
 		else if (strcmp(*argv,"-addtrust") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -326,6 +344,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
+		else if (strcmp(*argv,"-certopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
+			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -337,6 +360,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -397,6 +425,8 @@ int MAIN(int argc, char **argv)
 			clrext = 1;
 			}
 #endif
+		else if (strcmp(*argv,"-ocspid") == 0)
+			ocspid= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -416,10 +446,12 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=x509_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
 
@@ -447,9 +479,10 @@ bad:
 
 	if (extfile)
 		{
-		long errorline;
+		long errorline = -1;
 		X509V3_CTX ctx2;
-		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+		extconf = NCONF_new(NULL);
+		if (!NCONF_load(extconf, extfile,&errorline))
 			{
 			if (errorline <= 0)
 				BIO_printf(bio_err,
@@ -461,11 +494,18 @@ bad:
 							,errorline,extfile);
 			goto end;
 			}
-		if (!extsect && !(extsect = CONF_get_string(extconf, "default",
-					 "extensions"))) extsect = "default";
+		if (!extsect)
+			{
+			extsect = NCONF_get_string(extconf, "default", "extensions");
+			if (!extsect)
+				{
+				ERR_clear_error();
+				extsect = "default";
+				}
+			}
 		X509V3_set_ctx_test(&ctx2);
-		X509V3_set_conf_lhash(&ctx2, extconf);
-		if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+		X509V3_set_nconf(&ctx2, extconf);
+		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
 			{
 			BIO_printf(bio_err,
 				"Error Loading extension section %s\n",
@@ -549,7 +589,12 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
 
-		if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+		if (sno)
+			{
+			if (!X509_set_serialNumber(x, sno))
+				goto end;
+			}
+		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
 
@@ -561,12 +606,12 @@ bad:
 		EVP_PKEY_free(pkey);
 		}
 	else
-		x=load_cert(bio_err,infile,informat);
+		x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
 
 	if (x == NULL) goto end;
 	if (CA_flag)
 		{
-		xca=load_cert(bio_err,CAfile,CAformat);
+		xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
 		if (xca == NULL) goto end;
 		}
 
@@ -584,7 +629,7 @@ bad:
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -688,12 +733,12 @@ bad:
 					goto end;
 					}
 				BIO_printf(STDout,"Modulus=");
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 				if (pkey->type == EVP_PKEY_DSA)
 					BN_print(STDout,pkey->pkey.dsa->pub_key);
 				else
@@ -725,10 +770,11 @@ bad:
 				int y,z;
 
 				X509_NAME_oneline(X509_get_subject_name(x),
-					buf,256);
+					buf,sizeof buf);
 				BIO_printf(STDout,"/* subject:%s */\n",buf);
 				m=X509_NAME_oneline(
-					X509_get_issuer_name(x),buf,256);
+					X509_get_issuer_name(x),buf,
+					sizeof buf);
 				BIO_printf(STDout,"/* issuer :%s */\n",buf);
 
 				z=i2d_X509(x,NULL);
@@ -774,7 +820,7 @@ bad:
 				}
 			else if (text == i)
 				{
-				X509_print(out,x);
+				X509_print_ex(out,x,nmflag, certflag);
 				}
 			else if (startdate == i)
 				{
@@ -816,10 +862,11 @@ bad:
 				if (Upkey == NULL)
 					{
 					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin);
+						keyfile, keyformat, 0,
+						passin, e, "Private key");
 					if (Upkey == NULL) goto end;
 					}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -834,10 +881,12 @@ bad:
 				if (CAkeyfile != NULL)
 					{
 					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin);
+						CAkeyfile, CAkeyformat,
+						0, passin, e,
+						"CA Private Key");
 					if (CApkey == NULL) goto end;
 					}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -845,7 +894,7 @@ bad:
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
 					CApkey, CAserial,CA_createserial,days, clrext,
-					extconf, extsect))
+					extconf, extsect, sno))
 					goto end;
 				}
 			else if (x509req == i)
@@ -861,13 +910,14 @@ bad:
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin);
+						keyfile, FORMAT_PEM, 0,
+						passin, e, "request key");
 					if (pk == NULL) goto end;
 					}
 
 				BIO_printf(bio_err,"Generating certificate request\n");
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -886,6 +936,10 @@ bad:
 					}
 				noout=1;
 				}
+			else if (ocspid == i)
+				{
+				X509_ocspid_print(out, x);
+				}
 			}
 		}
 
@@ -948,7 +1002,7 @@ end:
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
 	OBJ_cleanup();
-	CONF_free(extconf);
+	NCONF_free(extconf);
 	BIO_free_all(out);
 	BIO_free_all(STDout);
 	X509_STORE_free(ctx);
@@ -958,32 +1012,23 @@ end:
 	EVP_PKEY_free(Upkey);
 	EVP_PKEY_free(CApkey);
 	X509_REQ_free(rq);
+	ASN1_INTEGER_free(sno);
 	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
 	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
 	if (passin) OPENSSL_free(passin);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
-	     int days, int clrext, LHASH *conf, char *section)
+static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	{
-	int ret=0;
-	BIO *io=NULL;
+	char *buf = NULL, *p;
 	MS_STATIC char buf2[1024];
-	char *buf=NULL,*p;
-	BIGNUM *serial=NULL;
-	ASN1_INTEGER *bs=NULL,bs2;
-	X509_STORE_CTX xsc;
-	EVP_PKEY *upkey;
-
-	upkey = X509_get_pubkey(xca);
-	EVP_PKEY_copy_parameters(upkey,pkey);
-	EVP_PKEY_free(upkey);
+	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	BIO *io = NULL;
+	BIGNUM *serial = NULL;
 
-	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
-	buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
-		((serialfile == NULL)
+	buf=OPENSSL_malloc( ((serialfile == NULL)
 			?(strlen(CAfile)+strlen(POSTFIX)+1)
 			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
@@ -1030,7 +1075,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 		}
 	else 
 		{
-		if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
 			{
 			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
 			ERR_print_errors(bio_err);
@@ -1049,20 +1094,55 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 
 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
-	bs2.data=(unsigned char *)buf2;
-	bs2.length=BN_bn2bin(serial,bs2.data);
-
+	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
 	if (BIO_write_filename(io,buf) <= 0)
 		{
 		BIO_printf(bio_err,"error attempting to write serial number file\n");
 		perror(buf);
 		goto end;
 		}
-	i2a_ASN1_INTEGER(io,&bs2);
+	i2a_ASN1_INTEGER(io,bs2);
 	BIO_puts(io,"\n");
+
 	BIO_free(io);
+	if (buf) OPENSSL_free(buf);
+	ASN1_INTEGER_free(bs2);
+	BN_free(serial);
 	io=NULL;
-	
+	return bs;
+
+	end:
+	if (buf) OPENSSL_free(buf);
+	BIO_free(io);
+	ASN1_INTEGER_free(bs);
+	BN_free(serial);
+	return NULL;
+
+	}
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+	     int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
+	{
+	int ret=0;
+	ASN1_INTEGER *bs=NULL;
+	X509_STORE_CTX xsc;
+	EVP_PKEY *upkey;
+
+	upkey = X509_get_pubkey(xca);
+	EVP_PKEY_copy_parameters(upkey,pkey);
+	EVP_PKEY_free(upkey);
+
+	if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
+		{
+		BIO_printf(bio_err,"Error initialising X509 store\n");
+		goto end;
+		}
+	if (sno) bs = sno;
+	else if (!(bs = load_serial(CAfile, serialfile, create)))
+		goto end;
+
 	if (!X509_STORE_add_cert(ctx,x)) goto end;
 
 	/* NOTE: this certificate can/should be self signed, unless it was
@@ -1097,8 +1177,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 		X509V3_CTX ctx2;
 		X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
-                X509V3_set_conf_lhash(&ctx2, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+                X509V3_set_nconf(&ctx2, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
 		}
 
 	if (!X509_sign(x,pkey,digest)) goto end;
@@ -1107,10 +1187,7 @@ end:
 	X509_STORE_CTX_cleanup(&xsc);
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (buf != NULL) OPENSSL_free(buf);
-	if (bs != NULL) ASN1_INTEGER_free(bs);
-	if (io != NULL)	BIO_free(io);
-	if (serial != NULL) BN_free(serial);
+	if (!sno) ASN1_INTEGER_free(bs);
 	return ret;
 	}
 
@@ -1147,7 +1224,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 
 /* self sign */
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
-						LHASH *conf, char *section)
+						CONF *conf, char *section)
 	{
 
 	EVP_PKEY *pktmp;
@@ -1177,8 +1254,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
 		X509V3_CTX ctx;
 		X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
-                X509V3_set_conf_lhash(&ctx, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+                X509V3_set_nconf(&ctx, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
 		}
 	if (!X509_sign(x,pkey,digest)) goto err;
 	return 1;
@@ -1203,6 +1280,3 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
 		}
 	return 1;
 }
-
-
-
diff --git a/crypto/openssl/bugs/stream.c b/crypto/openssl/bugs/stream.c
index d2967c8..c3b5e86 100644
--- a/crypto/openssl/bugs/stream.c
+++ b/crypto/openssl/bugs/stream.c
@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 #include <openssl/rc4.h>
-#ifdef NO_DES
+#ifdef OPENSSL_NO_DES
 #include <des.h>
 #else
 #include <openssl/des.h>
diff --git a/crypto/openssl/certs/RegTP-4R.pem b/crypto/openssl/certs/RegTP-4R.pem
new file mode 100644
index 0000000..6f2c6ab
--- /dev/null
+++ b/crypto/openssl/certs/RegTP-4R.pem
@@ -0,0 +1,19 @@
+issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Jan 21 16:04:53 1999 GMT
+notAfter=Jan 21 16:04:53 2004 GMT
+subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
+MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
+IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
+aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
+jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
+5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
+JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
+Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
+JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/RegTP-5R.pem b/crypto/openssl/certs/RegTP-5R.pem
new file mode 100644
index 0000000..9eb79aa
--- /dev/null
+++ b/crypto/openssl/certs/RegTP-5R.pem
@@ -0,0 +1,19 @@
+issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Mar 22 08:55:51 2000 GMT
+notAfter=Mar 22 08:55:51 2005 GMT
+subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
+IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
+vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
+HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
+CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
+b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
+P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/RegTP-6R.pem b/crypto/openssl/certs/RegTP-6R.pem
new file mode 100644
index 0000000..4d79c74
--- /dev/null
+++ b/crypto/openssl/certs/RegTP-6R.pem
@@ -0,0 +1,19 @@
+issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Feb  1 09:52:17 2001 GMT
+notAfter=Jun  1 09:52:17 2005 GMT
+subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
+IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
+wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
+mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
+ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
+IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
+XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/config b/crypto/openssl/config
index 40ad0fe..8988f66 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -20,6 +20,31 @@
 # Be as similar to the output of config.guess/config.sub
 # as possible.
 
+PREFIX=""
+SUFFIX=""
+TEST="false"
+
+# pick up any command line args to config
+for i
+do
+case "$i" in 
+-d*) PREFIX="debug-";;
+-t*) TEST="true";;
+-h*) TEST="true"; cat <<EOF
+Usage: config [options]
+ -d	Add a debug- prefix to machine choice.
+ -t	Test mode, do not run the Configure perl script.
+ -h	This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*) options=$options" $i" ;;
+esac
+done
+
 # First get uname entries that we use below
 
 MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
@@ -68,7 +93,7 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
-     OpenUNIX)
+	    OpenUNIX)
 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
 		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
 		fi
@@ -115,10 +140,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
     HP-UX:*)
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
-	    11.*)
-		echo "${MACHINE}-hp-hpux11"; exit 0
-		;;
-	    10.*)
+	    1[0-9].*)	# HPUX 10 and 11 targets are unified
 		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
@@ -147,6 +169,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-linux1"; exit 0
 	;;
 
+    GNU*)
+	echo "hurd-x86"; exit 0;
+	;;
+
     LynxOS:*)
 	echo "${MACHINE}-lynx-lynxos"; exit 0
 	;;
@@ -243,7 +269,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	;;
 
     Darwin:*)
-	echo "ppc-apple-darwin"; exit 0
+	case "$MACHINE" in
+	    Power*)
+		echo "ppc-apple-darwin${VERSION}"
+		;;
+	    *)
+		echo "i386-apple-darwin${VERSION}"
+		;;
+	esac
+	exit 0
 	;;
 
     SunOS:5.*)
@@ -317,6 +351,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
     *CRAY*)
        echo "j90-cray-unicos"; exit 0;
        ;;
+
+    NONSTOP_KERNEL*)
+       echo "nsr-tandem-nsk"; exit 0;
+       ;;
 esac
 
 #
@@ -354,31 +392,6 @@ exit 0
 # this is where the translation occurs into SSLeay terms
 # ---------------------------------------------------------------------------
 
-PREFIX=""
-SUFFIX=""
-TEST="false"
-
-# pick up any command line args to config
-for i
-do
-case "$i" in 
--d*) PREFIX="debug-";;
--t*) TEST="true";;
--h*) TEST="true"; cat <<EOF
-Usage: config [options]
- -d	Add a debug- prefix to machine choice.
- -t	Test mode, do not run the Configure perl script.
- -h	This help.
-
-Any other text will be passed to the Configure perl script.
-See INSTALL for instructions.
-
-EOF
-;;
-*) options=$options" $i" ;;
-esac
-done
-
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
 GCCVER=`(gcc -dumpversion) 2>/dev/null`
@@ -409,6 +422,15 @@ if [ "$SYSTEM" = "HP-UX" ];then
   fi
 fi
 if [ "$SYSTEM" = "SunOS" ]; then
+  if [ $GCCVER -ge 30 ]; then
+    # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
+    # to be working, at the very least 'make test' passes...
+    if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
+      GCC_ARCH="-m64"
+    else
+      GCC_ARCH="-m32"
+    fi
+  fi
   # check for WorkShop C, expected output is "cc: blah-blah C x.x"
   CCVER=`(cc -V 2>&1) 2>/dev/null | \
   	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
@@ -439,7 +461,6 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
   fi
 fi
 
-GCCVER=${GCCVER:-0}
 CCVER=${CCVER:-0}
 
 # read the output of the embedded GuessOS 
@@ -472,8 +493,10 @@ case "$GUESSOS" in
   mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
-	echo "         Type return if you want to continue, Ctrl-C to abort."
-	read waste < /dev/tty
+	if [ "$TEST" = "false" ]; then
+	  echo "         You have about 5 seconds to press Ctrl-C to abort."
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	fi
         CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
         CPU=${CPU:-0}
         if [ $CPU -ge 5000 ]; then
@@ -521,14 +544,16 @@ EOF
   m68k-*-linux*) OUT="linux-m68k" ;;
   ia64-*-linux?) OUT="linux-ia64" ;;
   ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
-  ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
+  ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+  i386-apple-darwin*) OUT="darwin-i386-cc" ;;
   sparc64-*-linux2)
-	#Before we can uncomment following lines we have to wait at least
-	#till 64-bit glibc for SPARC is operational:-(
-	#echo "WARNING! If you wish to build 64-bit library, then you have to"
-	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type return if you want to continue, Ctrl-C to abort."
-	#read waste < /dev/tty
+	echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
+	echo "         and wish to build 64-bit library, then you have to"
+	echo "         invoke './Configure linux64-sparcv9' *manually*."
+	if [ "$TEST" = "false" ]; then
+	  echo "          You have about 5 seconds to press Ctrl-C to abort."
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	fi
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
 	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
@@ -561,17 +586,54 @@ EOF
   arm*-*-linux2) OUT="linux-elf-arm" ;;
   s390-*-linux2) OUT="linux-s390" ;;
   s390x-*-linux?) OUT="linux-s390x" ;;
-  *-*-linux2) OUT="linux-elf" ;;
+  x86_64-*-linux?) OUT="linux-x86_64" ;;
+  *-*-linux2) OUT="linux-elf"
+	if [ "$GCCVER" -gt 28 ]; then
+          if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
+            OUT="linux-pentium"
+          fi
+          if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
+            OUT="linux-ppro"
+          fi
+          if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
+            OUT="linux-k6"
+          fi
+        fi ;;
   *-*-linux1) OUT="linux-aout" ;;
   sun4u*-*-solaris2)
+	OUT="solaris-sparcv9-$CC"
 	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
-	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
+	if [ "$ISA64" != "" ]; then
+	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type return if you want to continue, Ctrl-C to abort."
-		read waste < /dev/tty
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
+		# $GCC_ARCH denotes default ABI chosen by compiler driver
+		# (first one found on the $PATH). I assume that user
+		# expects certain consistency with the rest of his builds
+		# and therefore switch over to 64-bit. <appro>
+		OUT="solaris64-sparcv9-gcc"
+		echo "WARNING! If you wish to build 32-bit library, then you have to"
+		echo "         invoke './Configure solaris-sparcv9-gcc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	    elif [ "$GCC_ARCH" = "-m32" ]; then
+		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
+		echo "        and wish to build 64-bit library, then you have to"
+		echo "        invoke './Configure solaris64-sparcv9-gcc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	    fi
 	fi
-	OUT="solaris-sparcv9-$CC" ;;
+	;;
   sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
   sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
   sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
@@ -583,9 +645,17 @@ EOF
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
   sun3*-*-netbsd) OUT="NetBSD-m68" ;;
   *-*-netbsd) OUT="NetBSD-sparc" ;;
-  *86*-*-openbsd) OUT="OpenBSD-x86" ;;
   alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
+  *86*-*-openbsd) OUT="OpenBSD-i386" ;;
+  m68k*-*-openbsd) OUT="OpenBSD-m68k" ;;
+  m88k*-*-openbsd) OUT="OpenBSD-m88k" ;;
+  mips*-*-openbsd) OUT="OpenBSD-mips" ;;
   pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+  powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;;
+  sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;;
+  sparc*-*-openbsd) OUT="OpenBSD-sparc" ;;
+  vax*-*-openbsd) OUT="OpenBSD-vax" ;;
+  hppa*-*-openbsd) OUT="OpenBSD-hppa" ;;
   *-*-openbsd) OUT="OpenBSD" ;;
   *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
   *-*-osf) OUT="alphaold-cc" ;;
@@ -620,6 +690,37 @@ EOF
 	else
 	  OUT="hpux-parisc-$CC"
 	fi
+	KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+	KERNEL_BITS=${KERNEL_BITS:-32}
+	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
+	CPU_VERSION=${CPU_VERSION:-0}
+	# See <sys/unistd.h> for further info on CPU_VERSION.
+	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+	     echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
+	     echo "        Post request to openssl-dev@openssl.org for 32-bit support."
+	     if [ "$TEST" = "false" ]; then
+		(stty -icanon min 0 time 50; read waste) < /dev/tty
+	     fi
+	     OUT="hpux64-ia64-cc"
+	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
+	     if [ "$CC" = "cc" ]; then
+		OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc?
+	     fi
+	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+		echo "WARNING! If you wish to build 64-bit library then you have to"
+		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	     fi
+	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
+	     :
+	elif [ $CPU_VERSION -ge 523 ]; then	# PA-RISC 1.0 CPU
+	     :
+	else					# Motorola(?) CPU
+	     OUT="hpux-$CC"
+	fi
 	options="$options -D_REENTRANT" ;;
   *-hpux)	OUT="hpux-parisc-$CC" ;;
   # these are all covered by the catchall below
@@ -630,14 +731,21 @@ EOF
   *-*-cygwin) OUT="Cygwin" ;;
   t3e-cray-unicosmk) OUT="cray-t3e" ;;
   j90-cray-unicos) OUT="cray-j90" ;;
+  nsr-tandem-nsk) OUT="tandem-c89" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
 # See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
-then
-  options="$options -DATALLA"
-fi
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
 
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -658,7 +766,7 @@ case "$GUESSOS" in
   i386-*) options="$options 386" ;;
 esac
 
-for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha
 do
   if [ ! -d crypto/$i ]
   then
@@ -666,6 +774,27 @@ do
   fi
 done
 
+# Discover Kerberos 5 (since it's still a prototype, we don't
+# do any guesses yet, that's why this section is commented away.
+#if [ -d /usr/kerberos ]; then
+#    krb5_dir=/usr/kerberos
+#    if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
+#	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
+#	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
+#	-a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
+#	-a \( -f $krb5_dir/include/krb5.h \) ]; then
+#	options="$options --with-krb5-flavor=MIT"
+#    fi
+#elif [ -d /usr/heimdal ]; then
+#    krb5_dir=/usr/heimdal
+#    if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
+#	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
+#	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
+#	-a \( -f $krb5_dir/include/krb5.h \) ]; then
+#	options="$options --with-krb5-flavor=Heimdal"
+#    fi
+#fi
+
 if [ -z "$OUT" ]; then
   OUT="$CC"
 fi
diff --git a/crypto/openssl/crypto/Makefile.ssl b/crypto/openssl/crypto/Makefile.ssl
index f96154c..9def17a 100644
--- a/crypto/openssl/crypto/Makefile.ssl
+++ b/crypto/openssl/crypto/Makefile.ssl
@@ -5,14 +5,15 @@
 DIR=		crypto
 TOP=		..
 CC=		cc
-INCLUDE=	-I. -I../include
+INCLUDE=	-I. -I$(TOP) -I../include
 INCLUDES=	-I.. -I../.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 RM=             rm -f
 AR=		ar r
@@ -27,27 +28,29 @@ LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
 GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
-HEADER=	cryptlib.h buildinf.h md32_common.h $(EXHEADER)
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+	ossl_typ.h
+HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all: buildinf.h lib subdirs
+all: buildinf.h lib subdirs shared
 
 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
@@ -73,7 +76,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making 'files' in crypto/$$i..."; \
+	(cd $$i && echo "making 'files' in crypto/$$i..." && \
 	$(MAKE) PERL='${PERL}' files ); \
 	done;
 
@@ -84,27 +87,31 @@ links:
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
-	(cd $$i; echo "making links in crypto/$$i..."; \
+	(cd $$i && echo "making links in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
 	done;
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+shared:
+	if [ -n "$(SHARED_LIBS)" ]; then \
+		(cd ..; $(MAKE) $(SHARED_LIB)); \
+	fi
+
 libs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making libs in crypto/$$i..."; \
+	(cd $$i && echo "making libs in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
 	done;
 
 tests:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making tests in crypto/$$i..."; \
+	(cd $$i && echo "making tests in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
 	done;
 
@@ -116,32 +123,32 @@ install:
 	done;
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making install in crypto/$$i..."; \
+	(cd $$i && echo "making install in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;
 
 lint:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making lint in crypto/$$i..."; \
+	(cd $$i && echo "making lint in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
 	done;
 
 depend:
 	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
-	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
+	(cd $$i && echo "making depend in crypto/$$i..." && \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
 	done;
 
 clean:
 	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making clean in crypto/$$i..."; \
+	(cd $$i && echo "making clean in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
 	done;
 
@@ -150,54 +157,62 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making dclean in crypto/$$i..."; \
+	(cd $$i && echo "making dclean in crypto/$$i..." && \
 	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
 	done;
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
-cversion.o: cryptlib.h
-ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
-uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
+tmdiff.o: tmdiff.c
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-uid.o: ../include/openssl/symhacks.h
+uid.o: ../include/openssl/symhacks.h uid.c
diff --git a/crypto/openssl/crypto/aes/Makefile.ssl b/crypto/openssl/crypto/aes/Makefile.ssl
new file mode 100644
index 0000000..364d05b
--- /dev/null
+++ b/crypto/openssl/crypto/aes/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+
+DIR=	aes
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=	/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/crypto/openssl/crypto/aes/README b/crypto/openssl/crypto/aes/README
new file mode 100644
index 0000000..0f9620a
--- /dev/null
+++ b/crypto/openssl/crypto/aes/README
@@ -0,0 +1,3 @@
+This is an OpenSSL-compatible version of AES (also called Rijndael).
+aes_core.c is basically the same as rijndael-alg-fst.c but with an
+API that looks like the rest of the OpenSSL symmetric cipher suite.
diff --git a/crypto/openssl/crypto/aes/aes.h b/crypto/openssl/crypto/aes/aes.h
new file mode 100644
index 0000000..8294a41
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes.h
@@ -0,0 +1,112 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+#define HEADER_AES_H
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#define AES_ENCRYPT	1
+#define AES_DECRYPT	0
+
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
+#define AES_MAXNR 14
+#define AES_BLOCK_SIZE 16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+    unsigned long rd_key[4 *(AES_MAXNR + 1)];
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char counter[AES_BLOCK_SIZE],
+	unsigned char ecount_buf[AES_BLOCK_SIZE],
+	unsigned int *num);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* !HEADER_AES_H */
diff --git a/crypto/openssl/crypto/aes/aes_cbc.c b/crypto/openssl/crypto/aes/aes_cbc.c
new file mode 100644
index 0000000..de43830
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_cbc.c
@@ -0,0 +1,111 @@
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+		     const unsigned long length, const AES_KEY *key,
+		     unsigned char *ivec, const int enc) {
+
+	unsigned long n;
+	unsigned long len = length;
+	unsigned char tmp[AES_BLOCK_SIZE];
+
+	assert(in && out && key && ivec);
+	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+	if (AES_ENCRYPT == enc) {
+		while (len >= AES_BLOCK_SIZE) {
+			for(n=0; n < sizeof tmp; ++n)
+				tmp[n] = in[n] ^ ivec[n];
+			AES_encrypt(tmp, out, key);
+			memcpy(ivec, out, AES_BLOCK_SIZE);
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+		}
+		if (len) {
+			for(n=0; n < len; ++n)
+				tmp[n] = in[n] ^ ivec[n];
+			for(n=len; n < AES_BLOCK_SIZE; ++n)
+				tmp[n] = ivec[n];
+			AES_encrypt(tmp, tmp, key);
+			memcpy(out, tmp, len);
+			memcpy(ivec, tmp, sizeof tmp);
+		}			
+	} else {
+		while (len >= AES_BLOCK_SIZE) {
+			memcpy(tmp, in, sizeof tmp);
+			AES_decrypt(in, out, key);
+			for(n=0; n < AES_BLOCK_SIZE; ++n)
+				out[n] ^= ivec[n];
+			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+		}
+		if (len) {
+			memcpy(tmp, in, sizeof tmp);
+			AES_decrypt(tmp, tmp, key);
+			for(n=0; n < len; ++n)
+				out[n] ^= ivec[n];
+			memcpy(ivec, tmp, sizeof tmp);
+		}			
+	}
+}
diff --git a/crypto/openssl/crypto/aes/aes_cfb.c b/crypto/openssl/crypto/aes/aes_cfb.c
new file mode 100644
index 0000000..9b569dd
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_cfb.c
@@ -0,0 +1,157 @@
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc) {
+
+	unsigned int n;
+	unsigned long l = length;
+	unsigned char c;
+
+	assert(in && out && key && ivec && num);
+
+	n = *num;
+
+	if (enc) {
+		while (l--) {
+			if (n == 0) {
+				AES_encrypt(ivec, ivec, key);
+			}
+			ivec[n] = *(out++) = *(in++) ^ ivec[n];
+			n = (n+1) % AES_BLOCK_SIZE;
+		}
+	} else {
+		while (l--) {
+			if (n == 0) {
+				AES_encrypt(ivec, ivec, key);
+			}
+			c = *(in);
+			*(out++) = *(in++) ^ ivec[n];
+			ivec[n] = c;
+			n = (n+1) % AES_BLOCK_SIZE;
+		}
+	}
+
+	*num=n;
+}
+
diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/openssl/crypto/aes/aes_core.c
new file mode 100644
index 0000000..ea884f6
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_core.c
@@ -0,0 +1,1257 @@
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+	0x01000000, 0x02000000, 0x04000000, 0x08000000,
+	0x10000000, 0x20000000, 0x40000000, 0x80000000,
+	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+			AES_KEY *key) {
+
+	u32 *rk;
+   	int i = 0;
+	u32 temp;
+
+	if (!userKey || !key)
+		return -1;
+	if (bits != 128 && bits != 192 && bits != 256)
+		return -2;
+
+	rk = key->rd_key;
+
+	if (bits==128)
+		key->rounds = 10;
+	else if (bits==192)
+		key->rounds = 12;
+	else
+		key->rounds = 14;
+
+	rk[0] = GETU32(userKey     );
+	rk[1] = GETU32(userKey +  4);
+	rk[2] = GETU32(userKey +  8);
+	rk[3] = GETU32(userKey + 12);
+	if (bits == 128) {
+		for (;;) {
+			temp  = rk[3];
+			rk[4] = rk[0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[5] = rk[1] ^ rk[4];
+			rk[6] = rk[2] ^ rk[5];
+			rk[7] = rk[3] ^ rk[6];
+			if (++i == 10) {
+				return 0;
+			}
+			rk += 4;
+		}
+	}
+	rk[4] = GETU32(userKey + 16);
+	rk[5] = GETU32(userKey + 20);
+	if (bits == 192) {
+		for (;;) {
+			temp = rk[ 5];
+			rk[ 6] = rk[ 0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[ 7] = rk[ 1] ^ rk[ 6];
+			rk[ 8] = rk[ 2] ^ rk[ 7];
+			rk[ 9] = rk[ 3] ^ rk[ 8];
+			if (++i == 8) {
+				return 0;
+			}
+			rk[10] = rk[ 4] ^ rk[ 9];
+			rk[11] = rk[ 5] ^ rk[10];
+			rk += 6;
+		}
+	}
+	rk[6] = GETU32(userKey + 24);
+	rk[7] = GETU32(userKey + 28);
+	if (bits == 256) {
+		for (;;) {
+			temp = rk[ 7];
+			rk[ 8] = rk[ 0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[ 9] = rk[ 1] ^ rk[ 8];
+			rk[10] = rk[ 2] ^ rk[ 9];
+			rk[11] = rk[ 3] ^ rk[10];
+			if (++i == 7) {
+				return 0;
+			}
+			temp = rk[11];
+			rk[12] = rk[ 4] ^
+				(Te4[(temp >> 24)       ] & 0xff000000) ^
+				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp      ) & 0xff] & 0x000000ff);
+			rk[13] = rk[ 5] ^ rk[12];
+			rk[14] = rk[ 6] ^ rk[13];
+			rk[15] = rk[ 7] ^ rk[14];
+
+			rk += 8;
+        	}
+	}
+	return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+			 AES_KEY *key) {
+
+        u32 *rk;
+	int i, j, status;
+	u32 temp;
+
+	/* first, start with an encryption schedule */
+	status = AES_set_encrypt_key(userKey, bits, key);
+	if (status < 0)
+		return status;
+
+	rk = key->rd_key;
+
+	/* invert the order of the round keys: */
+	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+	}
+	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
+	for (i = 1; i < (key->rounds); i++) {
+		rk += 4;
+		rk[0] =
+			Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+		rk[1] =
+			Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+		rk[2] =
+			Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+		rk[3] =
+			Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
+	}
+	return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+		 const AES_KEY *key) {
+
+	const u32 *rk;
+	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+	int r;
+#endif /* ?FULL_UNROLL */
+
+	assert(in && out && key);
+	rk = key->rd_key;
+
+	/*
+	 * map byte array block to cipher state
+	 * and add initial round key:
+	 */
+	s0 = GETU32(in     ) ^ rk[0];
+	s1 = GETU32(in +  4) ^ rk[1];
+	s2 = GETU32(in +  8) ^ rk[2];
+	s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+	/* round 1: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+   	/* round 2: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+	/* round 3: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+   	/* round 4: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+	/* round 5: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+   	/* round 6: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+	/* round 7: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+   	/* round 8: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+	/* round 9: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+	 * apply last round and
+	 * map cipher state to byte array block:
+	 */
+	s0 =
+		(Te4[(t0 >> 24)       ] & 0xff000000) ^
+		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t3      ) & 0xff] & 0x000000ff) ^
+		rk[0];
+	PUTU32(out     , s0);
+	s1 =
+		(Te4[(t1 >> 24)       ] & 0xff000000) ^
+		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t0      ) & 0xff] & 0x000000ff) ^
+		rk[1];
+	PUTU32(out +  4, s1);
+	s2 =
+		(Te4[(t2 >> 24)       ] & 0xff000000) ^
+		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t1      ) & 0xff] & 0x000000ff) ^
+		rk[2];
+	PUTU32(out +  8, s2);
+	s3 =
+		(Te4[(t3 >> 24)       ] & 0xff000000) ^
+		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t2      ) & 0xff] & 0x000000ff) ^
+		rk[3];
+	PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+		 const AES_KEY *key) {
+
+	const u32 *rk;
+	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+	int r;
+#endif /* ?FULL_UNROLL */
+
+	assert(in && out && key);
+	rk = key->rd_key;
+
+	/*
+	 * map byte array block to cipher state
+	 * and add initial round key:
+	 */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+	rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+	 * apply last round and
+	 * map cipher state to byte array block:
+	 */
+   	s0 =
+   		(Td4[(t0 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
+   		rk[0];
+	PUTU32(out     , s0);
+   	s1 =
+   		(Td4[(t1 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
+   		rk[1];
+	PUTU32(out +  4, s1);
+   	s2 =
+   		(Td4[(t2 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
+   		rk[2];
+	PUTU32(out +  8, s2);
+   	s3 =
+   		(Td4[(t3 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
+   		rk[3];
+	PUTU32(out + 12, s3);
+}
+
diff --git a/crypto/openssl/crypto/aes/aes_ctr.c b/crypto/openssl/crypto/aes/aes_ctr.c
new file mode 100644
index 0000000..5908849
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_ctr.c
@@ -0,0 +1,128 @@
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* NOTE: CTR mode is big-endian.  The rest of the AES code
+ * is endian-neutral. */
+
+/* increment counter (128-bit int) by 2^64 */
+static void AES_ctr128_inc(unsigned char *counter) {
+	unsigned long c;
+
+	/* Grab 3rd dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 8);
+	c++;
+	PUTU32(counter + 8, c);
+#else
+	c = GETU32(counter + 4);
+	c++;
+	PUTU32(counter + 4, c);
+#endif
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab top dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 12);
+	c++;
+	PUTU32(counter + 12, c);
+#else
+	c = GETU32(counter +  0);
+	c++;
+	PUTU32(counter +  0, c);
+#endif
+
+}
+
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to AES_ctr128_encrypt().
+ */
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char counter[AES_BLOCK_SIZE],
+	unsigned char ecount_buf[AES_BLOCK_SIZE],
+	unsigned int *num) {
+
+	unsigned int n;
+	unsigned long l=length;
+
+	assert(in && out && key && counter && num);
+	assert(*num < AES_BLOCK_SIZE);
+
+	n = *num;
+
+	while (l--) {
+		if (n == 0) {
+			AES_encrypt(counter, ecount_buf, key);
+			AES_ctr128_inc(counter);
+		}
+		*(out++) = *(in++) ^ ecount_buf[n];
+		n = (n+1) % AES_BLOCK_SIZE;
+	}
+
+	*num=n;
+}
diff --git a/crypto/openssl/crypto/aes/aes_ecb.c b/crypto/openssl/crypto/aes/aes_ecb.c
new file mode 100644
index 0000000..28aa561
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_ecb.c
@@ -0,0 +1,73 @@
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+		     const AES_KEY *key, const int enc) {
+
+        assert(in && out && key);
+	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+	if (AES_ENCRYPT == enc)
+		AES_encrypt(in, out, key);
+	else
+		AES_decrypt(in, out, key);
+}
+
diff --git a/crypto/openssl/crypto/aes/aes_locl.h b/crypto/openssl/crypto/aes/aes_locl.h
new file mode 100644
index 0000000..f290946
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_locl.h
@@ -0,0 +1,85 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+#define HEADER_AES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+#endif
+
+typedef unsigned long u32;
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+#define MAXKC   (256/32)
+#define MAXKB   (256/8)
+#define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+#undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */
diff --git a/crypto/openssl/crypto/aes/aes_misc.c b/crypto/openssl/crypto/aes/aes_misc.c
new file mode 100644
index 0000000..090def2
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_misc.c
@@ -0,0 +1,64 @@
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
+
+const char *AES_options(void) {
+#ifdef FULL_UNROLL
+        return "aes(full)";
+#else   
+        return "aes(partial)";
+#endif
+}
diff --git a/crypto/openssl/crypto/aes/aes_ofb.c b/crypto/openssl/crypto/aes/aes_ofb.c
new file mode 100644
index 0000000..f358bb3
--- /dev/null
+++ b/crypto/openssl/crypto/aes/aes_ofb.c
@@ -0,0 +1,142 @@
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num) {
+
+	unsigned int n;
+	unsigned long l=length;
+
+	assert(in && out && key && ivec && num);
+
+	n = *num;
+
+	while (l--) {
+		if (n == 0) {
+			AES_encrypt(ivec, ivec, key);
+		}
+		*(out++) = *(in++) ^ ivec[n];
+		n = (n+1) % AES_BLOCK_SIZE;
+	}
+
+	*num=n;
+}
diff --git a/crypto/openssl/crypto/asn1/Makefile.ssl b/crypto/openssl/crypto/asn1/Makefile.ssl
index 73ef4d2..944d8f1 100644
--- a/crypto/openssl/crypto/asn1/Makefile.ssl
+++ b/crypto/openssl/crypto/asn1/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	asn1
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -23,39 +24,33 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
-	a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
-	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
-	x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
-	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+	a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+	x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
 	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
-	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
-	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
-	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+	f_int.c f_string.c n_pkey.c \
 	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
 	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
-	a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
-	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
-	x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
-	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+	x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
 	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
-	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
-	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
-	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+	f_int.o f_string.o n_pkey.o \
 	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
 	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
 SRC= $(LIBSRC)
 
-EXHEADER=  asn1.h asn1_mac.h
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -75,8 +70,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -104,7 +98,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -116,1230 +110,1043 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bitstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bitstr.o: ../cryptlib.h
-a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bmp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bmp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bmp.o: ../cryptlib.h
-a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bool.o: ../cryptlib.h
-a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
 a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_d2i_fp.o: ../../include/openssl/opensslconf.h
-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_d2i_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_d2i_fp.o: ../cryptlib.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/aes.h
 a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_digest.o: ../../include/openssl/opensslconf.h
-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_enum.o: ../cryptlib.h
-a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_gentm.o: ../cryptlib.h
-a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
 a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_i2d_fp.o: ../../include/openssl/opensslconf.h
-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_i2d_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_i2d_fp.o: ../cryptlib.h
-a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_int.o: ../cryptlib.h
-a_mbstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_mbstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_mbstr.o: ../cryptlib.h
-a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_meth.o: ../cryptlib.h
-a_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_null.o: ../cryptlib.h
-a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_object.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_object.o: ../cryptlib.h
-a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_octet.o: ../cryptlib.h
-a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_print.o: ../cryptlib.h
-a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
 a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: charmap.h
-a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_strnid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strnid.o: ../cryptlib.h
-a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_time.o: ../cryptlib.h
-a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utctm.o: ../cryptlib.h
-a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utf8.o: ../cryptlib.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/aes.h
 a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_verify.o: ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_vis.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_vis.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_vis.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_vis.o: ../cryptlib.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
 asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-asn1_err.o: ../../include/openssl/opensslconf.h
-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 asn1_lib.o: ../../include/openssl/opensslconf.h
-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_lib.o: ../cryptlib.h
-asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_par.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_par.o: ../cryptlib.h
-asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
+asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn_pack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn_pack.o: ../cryptlib.h
-d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_dhp.o: ../cryptlib.h
-d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_dsap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_dsap.o: ../../include/openssl/opensslconf.h
-d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_dsap.o: ../cryptlib.h
-d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_r_pr.o: ../../include/openssl/opensslconf.h
-d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_r_pu.o: ../../include/openssl/opensslconf.h
-d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_s_pr.o: ../../include/openssl/opensslconf.h
-d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_s_pr.o: ../cryptlib.h
-d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_s_pu.o: ../../include/openssl/opensslconf.h
-d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_s_pu.o: ../cryptlib.h
-evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 evp_asn1.o: ../../include/openssl/opensslconf.h
-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-evp_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_asn1.o: ../cryptlib.h
-f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_enum.o: ../cryptlib.h
-f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_int.o: ../cryptlib.h
-f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-f_string.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_string.o: ../cryptlib.h
-i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-i2d_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_dhp.o: ../cryptlib.h
-i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_dsap.o: ../../include/openssl/opensslconf.h
-i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_dsap.o: ../cryptlib.h
-i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_r_pr.o: ../../include/openssl/opensslconf.h
-i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_r_pu.o: ../../include/openssl/opensslconf.h
-i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_s_pr.o: ../../include/openssl/opensslconf.h
-i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_s_pr.o: ../cryptlib.h
-i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_s_pu.o: ../../include/openssl/opensslconf.h
-i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_s_pu.o: ../cryptlib.h
-n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-nsseq.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-nsseq.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-nsseq.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h
-p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbev2.o: ../cryptlib.h
-p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_dgst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc_c.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_enc_c.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_enc_c.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_evp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_evp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_i_s.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_i_s.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_recip.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_recip.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_recip.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_s_e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_s_e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_signd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_signd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signi.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_signi.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_signi.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
 t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h
-t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h
-t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_pkey.o: ../cryptlib.h
-t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h
-t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h
-t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_cinf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_cinf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pubkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
-x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/openssl/crypto/asn1/a_bitstr.c
index ecc0d4b..f4ea96c 100644
--- a/crypto/openssl/crypto/asn1/a_bitstr.c
+++ b/crypto/openssl/crypto/asn1/a_bitstr.c
@@ -60,27 +60,9 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_BIT_STRING *ASN1_BIT_STRING_new(void)
-{ return M_ASN1_BIT_STRING_new(); }
-
-void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x)
-{ M_ASN1_BIT_STRING_free(x); }
-
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }
 
-int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-{
-	int len, ret;
-	len = i2c_ASN1_BIT_STRING(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
-		i2c_ASN1_BIT_STRING(a, pp);	
-	}
-	return ret;
-}
-
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
 	int ret,j,bits,len;
@@ -131,40 +113,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return(ret);
 	}
 
-
-/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
-	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_BIT_STRING *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_BIT_STRING)
-		{
-		i=ASN1_R_EXPECTING_A_BIT_STRING;
-		goto err;
-		}
-	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
-	ret = c2i_ASN1_BIT_STRING(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
-	return(NULL);
-
-}
-
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	     long len)
 	{
@@ -172,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	unsigned char *p,*s;
 	int i;
 
+	if (len < 1)
+		{
+		i=ASN1_R_STRING_TOO_SHORT;
+		goto err;
+		}
+
 	if ((a == NULL) || ((*a) == NULL))
 		{
 		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
@@ -237,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 		if (a->data == NULL)
 			c=(unsigned char *)OPENSSL_malloc(w+1);
 		else
-			c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
+			c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+								 a->length,
+								 w+1);
 		if (c == NULL) return(0);
 		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
 		a->data=c;
diff --git a/crypto/openssl/crypto/asn1/a_bool.c b/crypto/openssl/crypto/asn1/a_bool.c
index 18fa618..24333ea4 100644
--- a/crypto/openssl/crypto/asn1/a_bool.c
+++ b/crypto/openssl/crypto/asn1/a_bool.c
@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
@@ -110,3 +110,5 @@ err:
 	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
 	return(ret);
 	}
+
+
diff --git a/crypto/openssl/crypto/asn1/a_bytes.c b/crypto/openssl/crypto/asn1/a_bytes.c
index 3a0c0c7..afd27b8 100644
--- a/crypto/openssl/crypto/asn1/a_bytes.c
+++ b/crypto/openssl/crypto/asn1/a_bytes.c
@@ -58,18 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-static unsigned long tag2bit[32]={
-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
-0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
-	};
+#include <openssl/asn1.h>
 
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
@@ -92,7 +81,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
 		i=ASN1_R_TAG_VALUE_TOO_HIGH;;
 		goto err;
 		}
-	if (!(tag2bit[tag] & type))
+	if (!(ASN1_tag2bit(tag) & type))
 		{
 		i=ASN1_R_WRONG_TYPE;
 		goto err;
@@ -296,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 			goto err;
 			}
 
-		if (!BUF_MEM_grow(&b,num+os->length))
+		if (!BUF_MEM_grow_clean(&b,num+os->length))
 			{
 			c->error=ERR_R_BUF_LIB;
 			goto err;
diff --git a/crypto/openssl/crypto/asn1/a_d2i_fp.c b/crypto/openssl/crypto/asn1/a_d2i_fp.c
index a49d1cb..b67b75e 100644
--- a/crypto/openssl/crypto/asn1/a_d2i_fp.c
+++ b/crypto/openssl/crypto/asn1/a_d2i_fp.c
@@ -61,9 +61,11 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
 
-#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
 
-#ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 	     unsigned char **x)
         {
@@ -85,21 +87,81 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 	     unsigned char **x)
 	{
+	BUF_MEM *b = NULL;
+	unsigned char *p;
+	char *ret=NULL;
+	int len;
+
+	len = asn1_d2i_read_bio(in, &b);
+	if(len < 0) goto err;
+
+	p=(unsigned char *)b->data;
+	ret=d2i(x,&p,len);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+	{
+	BUF_MEM *b = NULL;
+	unsigned char *p;
+	void *ret=NULL;
+	int len;
+
+	len = asn1_d2i_read_bio(in, &b);
+	if(len < 0) goto err;
+
+	p=(unsigned char *)b->data;
+	ret=ASN1_item_d2i(x,&p,len, it);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+		}
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_item_d2i_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+	{
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
-	char *ret=NULL;
+	int ret=-1;
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
+#if defined(__GNUC__) && defined(__ia64)
+	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+	long off=0;
+#else
 	int off=0;
+#endif
 	int len=0;
 
 	b=BUF_MEM_new();
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-		return(NULL);
+		return -1;
 		}
 
 	ERR_clear_error();
@@ -109,7 +171,7 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 			{
 			want-=(len-off);
 
-			if (!BUF_MEM_grow(b,len+want))
+			if (!BUF_MEM_grow_clean(b,len+want))
 				{
 				ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -164,18 +226,23 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 			if (want > (len-off))
 				{
 				want-=(len-off);
-				if (!BUF_MEM_grow(b,len+want))
+				if (!BUF_MEM_grow_clean(b,len+want))
 					{
 					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 					goto err;
 					}
-				i=BIO_read(in,&(b->data[len]),want);
-				if (i <= 0)
+				while (want > 0)
 					{
-					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
-					goto err;
+					i=BIO_read(in,&(b->data[len]),want);
+					if (i <= 0)
+						{
+						ASN1err(ASN1_F_ASN1_D2I_BIO,
+						    ASN1_R_NOT_ENOUGH_DATA);
+						goto err;
+						}
+					len+=i;
+					want -= i;
 					}
-				len+=i;
 				}
 			off+=(int)c.slen;
 			if (eos <= 0)
@@ -187,8 +254,8 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 			}
 		}
 
-	p=(unsigned char *)b->data;
-	ret=d2i(x,&p,off);
+	*pb = b;
+	return off;
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
diff --git a/crypto/openssl/crypto/asn1/a_digest.c b/crypto/openssl/crypto/asn1/a_digest.c
index 8257b86..4931e22 100644
--- a/crypto/openssl/crypto/asn1/a_digest.c
+++ b/crypto/openssl/crypto/asn1/a_digest.c
@@ -69,10 +69,11 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
-	EVP_MD_CTX ctx;
 	int i;
 	unsigned char *str,*p;
 
@@ -81,9 +82,24 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);
 
-	EVP_DigestInit(&ctx,type);
-	EVP_DigestUpdate(&ctx,str,i);
-	EVP_DigestFinal(&ctx,md,len);
+	EVP_Digest(str, i, md, len, type, NULL);
+	OPENSSL_free(str);
+	return(1);
+	}
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+		unsigned char *md, unsigned int *len)
+	{
+	int i;
+	unsigned char *str = NULL;
+
+	i=ASN1_item_i2d(asn,&str, it);
+	if (!str) return(0);
+
+	EVP_Digest(str, i, md, len, type, NULL);
 	OPENSSL_free(str);
 	return(1);
 	}
diff --git a/crypto/openssl/crypto/asn1/a_dup.c b/crypto/openssl/crypto/asn1/a_dup.c
index c3bda58..58a0178 100644
--- a/crypto/openssl/crypto/asn1/a_dup.c
+++ b/crypto/openssl/crypto/asn1/a_dup.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-#define READ_CHUNK   2048
+#ifndef NO_OLD_ASN1
 
 char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
@@ -81,3 +81,27 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+	{
+	unsigned char *b = NULL, *p;
+	long i;
+	void *ret;
+
+	if (x == NULL) return(NULL);
+
+	i=ASN1_item_i2d(x,&b,it);
+	if (b == NULL)
+		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+	p= b;
+	ret=ASN1_item_d2i(NULL,&p,i, it);
+	OPENSSL_free(b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_enum.c b/crypto/openssl/crypto/asn1/a_enum.c
index 1057171..ad8f0ff 100644
--- a/crypto/openssl/crypto/asn1/a_enum.c
+++ b/crypto/openssl/crypto/asn1/a_enum.c
@@ -65,60 +65,6 @@
  * for comments on encoding see a_int.c
  */
 
-ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
-{ return M_ASN1_ENUMERATED_new(); }
-
-void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
-{ M_ASN1_ENUMERATED_free(x); }
-
-
-int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
-{
-	int len, ret;
-	if(!a) return 0;
-	len = i2c_ASN1_INTEGER(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
-		i2c_ASN1_INTEGER(a, pp);	
-	}
-	return ret;
-}
-
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
-	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_ENUMERATED *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_ENUMERATED)
-		{
-		i=ASN1_R_EXPECTING_AN_ENUMERATED;
-		goto err;
-		}
-	ret = c2i_ASN1_INTEGER(a, &p, len);
-	if(ret) {
-		ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
-		*pp = p;
-	}
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
-	return(NULL);
-
-}
-
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
 	int i,j,k;
@@ -168,7 +114,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	if (i == V_ASN1_NEG_ENUMERATED)
 		neg=1;
 	else if (i != V_ASN1_ENUMERATED)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -176,7 +122,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;
 
 	for (i=0; i<a->length; i++)
 		{
@@ -207,8 +153,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	len=((j == 0)?0:((j/8)+1));
 	if (ret->length < len+4)
 		{
-		unsigned char *new_data=
-			OPENSSL_realloc(ret->data, len+4);
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c
index b55f882..cd09f68 100644
--- a/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/crypto/openssl/crypto/asn1/a_gentm.c
@@ -61,13 +61,10 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void)
-{ return M_ASN1_GENERALIZEDTIME_new(); }
-
-void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x)
-{ M_ASN1_GENERALIZEDTIME_free(x); }
+#if 0
 
 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
 	{
@@ -116,6 +113,8 @@ err:
 	return(NULL);
 	}
 
+#endif
+
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
@@ -147,6 +146,19 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 
 		if ((n < min[i]) || (n > max[i])) goto err;
 		}
+	/* Optional fractional seconds: decimal point followed by one
+	 * or more digits.
+	 */
+	if (a[o] == '.')
+		{
+		if (++o > l) goto err;
+		i = o;
+		while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+			o++;
+		/* Must have at least one digit after decimal point */
+		if (i == o) goto err;
+		}
+
 	if (a[o] == 'Z')
 		o++;
 	else if ((a[o] == '+') || (a[o] == '-'))
@@ -182,6 +194,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
+			s->type=V_ASN1_GENERALIZEDTIME;
 			}
 		return(1);
 		}
@@ -194,21 +207,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	{
 	char *p;
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
 	struct tm data;
-#endif
 
 	if (s == NULL)
 		s=M_ASN1_GENERALIZEDTIME_new();
 	if (s == NULL)
 		return(NULL);
 
-#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
-	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-	ts=&data;
-#else
-	ts=gmtime(&t);
-#endif
+	ts=OPENSSL_gmtime(&t, &data);
+	if (ts == NULL)
+		return(NULL);
+
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 16))
 		{
diff --git a/crypto/openssl/crypto/asn1/a_i2d_fp.c b/crypto/openssl/crypto/asn1/a_i2d_fp.c
index aee29a7..f4f1b73 100644
--- a/crypto/openssl/crypto/asn1/a_i2d_fp.c
+++ b/crypto/openssl/crypto/asn1/a_i2d_fp.c
@@ -59,9 +59,11 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-#ifndef NO_FP_API
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
 int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
         {
         BIO *b;
@@ -111,3 +113,51 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_item_i2d_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+	{
+	unsigned char *b = NULL;
+	int i,j=0,n,ret=1;
+
+	n = ASN1_item_i2d(x, &b, it);
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	for (;;)
+		{
+		i=BIO_write(out,&(b[j]),n);
+		if (i == n) break;
+		if (i <= 0)
+			{
+			ret=0;
+			break;
+			}
+		j+=i;
+		n-=i;
+		}
+	OPENSSL_free(b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/openssl/crypto/asn1/a_int.c
index 0a24bef..edb243c 100644
--- a/crypto/openssl/crypto/asn1/a_int.c
+++ b/crypto/openssl/crypto/asn1/a_int.c
@@ -60,33 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_INTEGER *ASN1_INTEGER_new(void)
-{ return M_ASN1_INTEGER_new();}
-
-void ASN1_INTEGER_free(ASN1_INTEGER *x)
-{ M_ASN1_INTEGER_free(x);}
-
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
 
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}
 
-/* Output ASN1 INTEGER including tag+length */
-
-int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-{
-	int len, ret;
-	if(!a) return 0;
-	len = i2c_ASN1_INTEGER(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
-		i2c_ASN1_INTEGER(a, pp);	
-	}
-	return ret;
-}
-
 /* 
  * This converts an ASN1 INTEGER into its content encoding.
  * The internal representation is an ASN1_STRING whose data is a big endian
@@ -174,39 +153,6 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	return(ret);
 	}
 
-/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
-	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_INTEGER *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_INTEGER)
-		{
-		i=ASN1_R_EXPECTING_AN_INTEGER;
-		goto err;
-		}
-	ret = c2i_ASN1_INTEGER(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
-	return(NULL);
-
-}
-
-
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
 
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
@@ -414,7 +360,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	if (i == V_ASN1_NEG_INTEGER)
 		neg=1;
 	else if (i != V_ASN1_INTEGER)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -422,7 +368,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;
 
 	for (i=0; i<a->length; i++)
 		{
@@ -453,7 +399,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	len=((j == 0)?0:((j/8)+1));
 	if (ret->length < len+4)
 		{
-		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
@@ -462,6 +408,12 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 		ret->data=new_data;
 		}
 	ret->length=BN_bn2bin(bn,ret->data);
+	/* Correct zero case */
+	if(!ret->length)
+		{
+		ret->data[0] = 0;
+		ret->length = 1;
+		}
 	return(ret);
 err:
 	if (ret != ai) M_ASN1_INTEGER_free(ret);
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index 20caa2d..0a8e6c2 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 
 	if ((a == NULL) || (a->data == NULL))
 		return(BIO_write(bp,"NULL",4));
-	i=i2t_ASN1_OBJECT(buf,80,a);
-	if (i > 80) i=80;
+	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+	if (i > sizeof buf) i=sizeof buf;
 	BIO_write(bp,buf,i);
 	return(i);
 	}
@@ -302,7 +302,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	}
 
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-	     char *sn, char *ln)
+	     const char *sn, const char *ln)
 	{
 	ASN1_OBJECT o;
 
diff --git a/crypto/openssl/crypto/asn1/a_octet.c b/crypto/openssl/crypto/asn1/a_octet.c
index 2586f43..9690bae 100644
--- a/crypto/openssl/crypto/asn1/a_octet.c
+++ b/crypto/openssl/crypto/asn1/a_octet.c
@@ -60,12 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void)
-{ return M_ASN1_OCTET_STRING_new(); }
-
-void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x)
-{ M_ASN1_OCTET_STRING_free(x); }
-
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
 
@@ -75,21 +69,3 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }
 
-int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
-{ return M_i2d_ASN1_OCTET_STRING(a, pp); }
-
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-	     unsigned char **pp, long length)
-	{
-	ASN1_OCTET_STRING *ret=NULL;
-
-	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-	return(ret);
-	}
-
diff --git a/crypto/openssl/crypto/asn1/a_print.c b/crypto/openssl/crypto/asn1/a_print.c
index b7bd2bd..8035513 100644
--- a/crypto/openssl/crypto/asn1/a_print.c
+++ b/crypto/openssl/crypto/asn1/a_print.c
@@ -60,50 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_IA5STRING *ASN1_IA5STRING_new(void)
-{ return M_ASN1_IA5STRING_new();}
-
-void ASN1_IA5STRING_free(ASN1_IA5STRING *x)
-{ M_ASN1_IA5STRING_free(x);}
-
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
-	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
-
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
-
-ASN1_T61STRING *ASN1_T61STRING_new(void)
-{ return M_ASN1_T61STRING_new();}
-
-void ASN1_T61STRING_free(ASN1_T61STRING *x)
-{ M_ASN1_T61STRING_free(x);}
-
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
-
-ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void)
-{ return M_ASN1_PRINTABLESTRING_new();}
-
-void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x)
-{ M_ASN1_PRINTABLESTRING_free(x);}
-
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-	     unsigned char **pp, long l)
-	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
-	     l)); }
-
-int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp)
-	{ return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); }
-
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
-	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
-
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
-
 int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
@@ -169,29 +125,3 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	s->type=ASN1_PRINTABLE_type(s->data,s->length);
 	return(1);
 	}
-
-ASN1_STRING *DIRECTORYSTRING_new(void)
-{ return M_DIRECTORYSTRING_new();}
-
-void DIRECTORYSTRING_free(ASN1_STRING *x)
-{ M_DIRECTORYSTRING_free(x);}
-
-int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
-	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
-
-ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
-
-ASN1_STRING *DISPLAYTEXT_new(void)
-{ return M_DISPLAYTEXT_new();}
-
-void DISPLAYTEXT_free(ASN1_STRING *x)
-{ M_DISPLAYTEXT_free(x);}
-
-int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
-	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
-
-ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
diff --git a/crypto/openssl/crypto/asn1/a_set.c b/crypto/openssl/crypto/asn1/a_set.c
index 5b0938e..0f83982 100644
--- a/crypto/openssl/crypto/asn1/a_set.c
+++ b/crypto/openssl/crypto/asn1/a_set.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
 
+#ifndef NO_ASN1_OLD
+
 typedef struct
     {
     unsigned char *pbData;
@@ -215,3 +217,4 @@ err:
 	return(NULL);
 	}
 
+#endif
diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/openssl/crypto/asn1/a_sign.c
index 94829d8..52ce7e3 100644
--- a/crypto/openssl/crypto/asn1/a_sign.c
+++ b/crypto/openssl/crypto/asn1/a_sign.c
@@ -124,6 +124,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
 	     const EVP_MD *type)
@@ -133,6 +135,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	int i,inl=0,outl=0,outll=0;
 	X509_ALGOR *a;
 
+	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<2; i++)
 		{
 		if (i == 0)
@@ -180,7 +183,90 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_SignInit(&ctx,type);
+	EVP_SignInit_ex(&ctx,type, NULL);
+	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+			(unsigned int *)&outl,pkey))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+		goto err;
+		}
+	if (signature->data != NULL) OPENSSL_free(signature->data);
+	signature->data=buf_out;
+	buf_out=NULL;
+	signature->length=outl;
+	/* In the interests of compatibility, I'll make sure that
+	 * the bit string has a 'not-used bits' value of 0
+	 */
+	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	if (buf_in != NULL)
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+	if (buf_out != NULL)
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+	return(outl);
+	}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+	     const EVP_MD *type)
+	{
+	EVP_MD_CTX ctx;
+	unsigned char *buf_in=NULL,*buf_out=NULL;
+	int i,inl=0,outl=0,outll=0;
+	X509_ALGOR *a;
+
+	EVP_MD_CTX_init(&ctx);
+	for (i=0; i<2; i++)
+		{
+		if (i == 0)
+			a=algor1;
+		else
+			a=algor2;
+		if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+			a->parameter->type=V_ASN1_NULL;
+			}
+		ASN1_OBJECT_free(a->algorithm);
+		a->algorithm=OBJ_nid2obj(type->pkey_type);
+		if (a->algorithm == NULL)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+			goto err;
+			}
+		if (a->algorithm->length == 0)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			goto err;
+			}
+		}
+	inl=ASN1_item_i2d(asn,&buf_in, it);
+	outll=outl=EVP_PKEY_size(pkey);
+	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+	if ((buf_in == NULL) || (buf_out == NULL))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_SignInit_ex(&ctx,type, NULL);
 	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
 	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
 			(unsigned int *)&outl,pkey))
@@ -199,10 +285,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-	memset(&ctx,0,sizeof(ctx));
+	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 569b811..1def6c6 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 
 #include "charmap.h"
+#include "cryptlib.h"
 
 /* ASN1_STRING_print_ex() and X509_NAME_print_ex().
  * Enhanced string and name printing routines handling
@@ -77,8 +78,8 @@
 /* Three IO functions for sending data to memory, a BIO and
  * and a FILE pointer.
  */
-
-int send_mem_chars(void *arg, const void *buf, int len)
+#if 0				/* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
 {
 	unsigned char **out = arg;
 	if(!out) return 1;
@@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
 	*out += len;
 	return 1;
 }
+#endif
 
-int send_bio_chars(void *arg, const void *buf, int len)
+static int send_bio_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(BIO_write(arg, buf, len) != len) return 0;
 	return 1;
 }
 
-int send_fp_chars(void *arg, const void *buf, int len)
+static int send_fp_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
@@ -113,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len);
 static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
 {
 	unsigned char chflgs, chtmp;
-	char tmphex[11];
+	char tmphex[HEX_SIZE(long)+3];
+
+	if(c > 0xffffffffL)
+		return -1;
 	if(c > 0xffff) {
-		BIO_snprintf(tmphex, 11, "\\W%08lX", c);
+		BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
 		if(!io_ch(arg, tmphex, 10)) return -1;
 		return 10;
 	}
 	if(c > 0xff) {
-		BIO_snprintf(tmphex, 11, "\\U%04lX", c);
+		BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
 		if(!io_ch(arg, tmphex, 6)) return -1;
 		return 6;
 	}
@@ -194,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen,
 		if(type & BUF_TYPE_CONVUTF8) {
 			unsigned char utfbuf[6];
 			int utflen;
-			utflen = UTF8_putc(utfbuf, 6, c);
+			utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
 			for(i = 0; i < utflen; i++) {
 				/* We don't need to worry about setting orflags correctly
 				 * because if utflen==1 its value will be correct anyway 
@@ -240,7 +245,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
  * #01234 format.
  */
 
-int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
 {
 	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 	 * the DER encoding to readily obtained
@@ -371,6 +376,8 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
 	return 1;
 }
 
+#define FN_WIDTH_LN	25
+#define FN_WIDTH_SN	10
 
 static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 				int indent, unsigned long flags)
@@ -456,19 +463,29 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 		val = X509_NAME_ENTRY_get_data(ent);
 		fn_nid = OBJ_obj2nid(fn);
 		if(fn_opt != XN_FLAG_FN_NONE) {
-			int objlen;
+			int objlen, fld_len;
 			if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
-				OBJ_obj2txt(objtmp, 80, fn, 1);
+				OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+				fld_len = 0; /* XXX: what should this be? */
 				objbuf = objtmp;
 			} else {
-				if(fn_opt == XN_FLAG_FN_SN) 
+				if(fn_opt == XN_FLAG_FN_SN) {
+					fld_len = FN_WIDTH_SN;
 					objbuf = OBJ_nid2sn(fn_nid);
-				else if(fn_opt == XN_FLAG_FN_LN)
+				} else if(fn_opt == XN_FLAG_FN_LN) {
+					fld_len = FN_WIDTH_LN;
 					objbuf = OBJ_nid2ln(fn_nid);
-				else objbuf = "";
+				} else {
+					fld_len = 0; /* XXX: what should this be? */
+					objbuf = "";
+				}
 			}
 			objlen = strlen(objbuf);
 			if(!io_ch(arg, objbuf, objlen)) return -1;
+			if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+				if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+				outlen += fld_len - objlen;
+			}
 			if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
 			outlen += objlen + sep_eq_len;
 		}
@@ -491,12 +508,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
+	if(flags == XN_FLAG_COMPAT)
+		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 
 
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
+	if(flags == XN_FLAG_COMPAT)
+		{
+		BIO *btmp;
+		int ret;
+		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+		if(!btmp) return -1;
+		ret = X509_NAME_print(btmp, nm, indent);
+		BIO_free(btmp);
+		return ret;
+		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
 
@@ -519,7 +548,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 {
 	ASN1_STRING stmp, *str = &stmp;
 	int mbflag, type, ret;
-	if(!*out || !in) return -1;
+	if(!in) return -1;
 	type = in->type;
 	if((type < 0) || (type > 30)) return -1;
 	mbflag = tag2nbyte[type];
@@ -528,6 +557,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 	stmp.data = NULL;
 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
 	if(ret < 0) return ret;
-	if(out) *out = stmp.data;
+	*out = stmp.data;
 	return stmp.length;
 }
diff --git a/crypto/openssl/crypto/asn1/a_strnid.c b/crypto/openssl/crypto/asn1/a_strnid.c
index b7db681..04789d1 100644
--- a/crypto/openssl/crypto/asn1/a_strnid.c
+++ b/crypto/openssl/crypto/asn1/a_strnid.c
@@ -105,7 +105,7 @@ int ASN1_STRING_set_default_mask_asc(char *p)
 		mask = strtoul(p + 5, &end, 0);
 		if(*end) return 0;
 	} else if(!strcmp(p, "nombstr"))
-		mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+			 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
 	else if(!strcmp(p, "pkix"))
 			mask = ~((unsigned long)B_ASN1_T61STRING);
 	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
@@ -170,8 +170,10 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
index 17475e0..6e5e9d8 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -64,14 +64,14 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include "o_time.h"
+#include <openssl/asn1t.h>
 
-ASN1_TIME *ASN1_TIME_new(void)
-{ return M_ASN1_TIME_new(); }
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
-void ASN1_TIME_free(ASN1_TIME *x)
-{ M_ASN1_TIME_free(x); }
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
 
+#if 0
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	{
 #ifdef CHARSET_EBCDIC
@@ -95,33 +95,64 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
 	return -1;
 	}
-
-
-ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
-	{
-	unsigned char tag;
-	tag = **pp & ~V_ASN1_CONSTRUCTED;
-	if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
-					 return d2i_ASN1_UTCTIME(a, pp, length);
-	if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
-				return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
-	ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
-	return(NULL);
-	}
+#endif
 
 
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	{
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
 
-	gmtime_r(&t,&data);
-	ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-#else
-	ts=gmtime(&t);
-#endif
+	ts=OPENSSL_gmtime(&t,&data);
+	if (ts == NULL)
+		return NULL;
 	if((ts->tm_year >= 50) && (ts->tm_year < 150))
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}
+
+int ASN1_TIME_check(ASN1_TIME *t)
+	{
+	if (t->type == V_ASN1_GENERALIZEDTIME)
+		return ASN1_GENERALIZEDTIME_check(t);
+	else if (t->type == V_ASN1_UTCTIME)
+		return ASN1_UTCTIME_check(t);
+	return 0;
+	}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+	{
+	ASN1_GENERALIZEDTIME *ret;
+	char *str;
+
+	if (!ASN1_TIME_check(t)) return NULL;
+
+	if (!out || !*out)
+		{
+		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+			return NULL;
+		if (out) *out = ret;
+		}
+	else ret = *out;
+
+	/* If already GeneralizedTime just copy across */
+	if (t->type == V_ASN1_GENERALIZEDTIME)
+		{
+		if(!ASN1_STRING_set(ret, t->data, t->length))
+			return NULL;
+		return ret;
+		}
+
+	/* grow the string */
+	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+		return NULL;
+	str = (char *)ret->data;
+	/* Work out the century and prepend */
+	if (t->data[0] >= '5') strcpy(str, "19");
+	else strcpy(str, "20");
+
+	BUF_strlcat(str, (char *)t->data, t->length+2);
+
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/openssl/crypto/asn1/a_type.c
index e72a6b2..fe3fcd4 100644
--- a/crypto/openssl/crypto/asn1/a_type.c
+++ b/crypto/openssl/crypto/asn1/a_type.c
@@ -57,240 +57,12 @@
  */
 
 #include <stdio.h>
+#include <openssl/asn1t.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-static void ASN1_TYPE_component_free(ASN1_TYPE *a);
-int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
-	{
-	int r=0;
-
-	if (a == NULL) return(0);
-
-	switch (a->type)
-		{
-	case V_ASN1_NULL:
-		if (pp != NULL)
-			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
-		r=2;
-		break;
-	case V_ASN1_INTEGER:
-	case V_ASN1_NEG_INTEGER:
-		r=i2d_ASN1_INTEGER(a->value.integer,pp);
-		break;
-	case V_ASN1_ENUMERATED:
-	case V_ASN1_NEG_ENUMERATED:
-		r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
-		break;
-	case V_ASN1_BIT_STRING:
-		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
-		break;
-	case V_ASN1_OCTET_STRING:
-		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
-		break;
-	case V_ASN1_OBJECT:
-		r=i2d_ASN1_OBJECT(a->value.object,pp);
-		break;
-	case V_ASN1_PRINTABLESTRING:
-		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
-		break;
-	case V_ASN1_T61STRING:
-		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
-		break;
-	case V_ASN1_IA5STRING:
-		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
-		break;
-	case V_ASN1_GENERALSTRING:
-		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
-		break;
-	case V_ASN1_UNIVERSALSTRING:
-		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
-		break;
-	case V_ASN1_UTF8STRING:
-		r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
-		break;
-	case V_ASN1_VISIBLESTRING:
-		r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
-		break;
-	case V_ASN1_BMPSTRING:
-		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
-		break;
-	case V_ASN1_UTCTIME:
-		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
-		break;
-	case V_ASN1_GENERALIZEDTIME:
-		r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
-		break;
-	case V_ASN1_SET:
-	case V_ASN1_SEQUENCE:
-	case V_ASN1_OTHER:
-	default:
-		if (a->value.set == NULL)
-			r=0;
-		else
-			{
-			r=a->value.set->length;
-			if (pp != NULL)
-				{
-				memcpy(*pp,a->value.set->data,r);
-				*pp+=r;
-				}
-			}
-		break;
-		}
-	return(r);
-	}
-
-ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
-	{
-	ASN1_TYPE *ret=NULL;
-	unsigned char *q,*p,*max;
-	int inf,tag,xclass;
-	long len;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	q=p;
-	max=(p+length);
-
-	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
-	if (inf & 0x80) goto err;
-	/* If not universal tag we've no idea what it is */
-	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
-	
-	ASN1_TYPE_component_free(ret);
-
-	switch (tag)
-		{
-	case V_ASN1_NULL:
-		p=q;
-		ret->value.ptr=NULL;
-		break;
-	case V_ASN1_INTEGER:
-		if ((ret->value.integer=
-			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_ENUMERATED:
-		if ((ret->value.enumerated=
-			d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_BIT_STRING:
-		if ((ret->value.bit_string=
-			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_OCTET_STRING:
-		if ((ret->value.octet_string=
-			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_VISIBLESTRING:
-		if ((ret->value.visiblestring=
-			d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UTF8STRING:
-		if ((ret->value.utf8string=
-			d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_OBJECT:
-		if ((ret->value.object=
-			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_PRINTABLESTRING:
-		if ((ret->value.printablestring=
-			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_T61STRING:
-		if ((ret->value.t61string=
-			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_IA5STRING:
-		if ((ret->value.ia5string=
-			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_GENERALSTRING:
-		if ((ret->value.generalstring=
-			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UNIVERSALSTRING:
-		if ((ret->value.universalstring=
-			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_BMPSTRING:
-		if ((ret->value.bmpstring=
-			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UTCTIME:
-		if ((ret->value.utctime=
-			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_GENERALIZEDTIME:
-		if ((ret->value.generalizedtime=
-			d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_SET:
-	case V_ASN1_SEQUENCE:
-	case V_ASN1_OTHER:
-	default:
-		/* Sets and sequences are left complete */
-		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
-		ret->value.set->type=tag;
-		len+=(q-p);
-		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
-		p+=len;
-		break;
-		}
-
-	ret->type=tag;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
-	return(NULL);
-	}
-
-ASN1_TYPE *ASN1_TYPE_new(void)
-	{
-	ASN1_TYPE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,ASN1_TYPE);
-	ret->type= -1;
-	ret->value.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
-	}
-
-void ASN1_TYPE_free(ASN1_TYPE *a)
-	{
-	if (a == NULL) return;
-	ASN1_TYPE_component_free(a);
-	OPENSSL_free(a);
-	}
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
-	if (a->value.ptr != NULL)
+	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
 		return(a->type);
 	else
 		return(0);
@@ -299,54 +71,11 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		ASN1_TYPE_component_free(a);
+		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
 	a->type=type;
 	a->value.ptr=value;
 	}
 
-static void ASN1_TYPE_component_free(ASN1_TYPE *a)
-	{
-	if (a == NULL) return;
-
-	if (a->value.ptr != NULL)
-		{
-		switch (a->type)
-			{
-		case V_ASN1_OBJECT:
-			ASN1_OBJECT_free(a->value.object);
-			break;
-		case V_ASN1_NULL:
-			break;
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_ENUMERATED:
-		case V_ASN1_NEG_ENUMERATED:
-		case V_ASN1_BIT_STRING:
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_SEQUENCE:
-		case V_ASN1_SET:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_OTHER:
-		default:
-			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-			break;
-			}
-		a->type=0;
-		a->value.ptr=NULL;
-		}
-	}
 
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
index dd5955a..dbb4a42 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -58,20 +58,11 @@
 
 #include <stdio.h>
 #include <time.h>
-#ifdef VMS
-#include <descrip.h>
-#include <lnmdef.h>
-#include <starlet.h>
-#endif
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
-ASN1_UTCTIME *ASN1_UTCTIME_new(void)
-{ return M_ASN1_UTCTIME_new(); }
-
-void ASN1_UTCTIME_free(ASN1_UTCTIME *x)
-{ M_ASN1_UTCTIME_free(x); }
-
+#if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
 #ifndef CHARSET_EBCDIC
@@ -119,6 +110,8 @@ err:
 	return(NULL);
 	}
 
+#endif
+
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
@@ -182,6 +175,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
+			s->type = V_ASN1_UTCTIME;
 			}
 		return(1);
 		}
@@ -193,59 +187,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	{
 	char *p;
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
-
 	struct tm data;
-#endif
 
 	if (s == NULL)
 		s=M_ASN1_UTCTIME_new();
 	if (s == NULL)
 		return(NULL);
 
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-	ts=&data;
-#else
-	ts=gmtime(&t);
-#endif
-#ifdef VMS
+	ts=OPENSSL_gmtime(&t, &data);
 	if (ts == NULL)
-		{
-		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
-		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
-		char result[256];
-		unsigned int reslen = 0;
-		struct {
-			short buflen;
-			short code;
-			void *bufaddr;
-			unsigned int *reslen;
-		} itemlist[] = {
-			{ 0, LNM$_STRING, 0, 0 },
-			{ 0, 0, 0, 0 },
-		};
-		int status;
-
-		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-		itemlist[0].buflen = sizeof(result);
-		itemlist[0].bufaddr = result;
-		itemlist[0].reslen = &reslen;
-		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-		if (!(status & 1))
-			return NULL;
-		result[reslen] = '\0';
-
-		/* Get the numerical value of the equivalence string */
-		status = atoi(result);
-
-		/* and use it to move time to GMT */
-		t -= status;
-
-		/* then convert the result to the time structure */
-		ts=(struct tm *)localtime(&t);
-		}
-#endif
+		return(NULL);
+
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 14))
 		{
@@ -270,9 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
-#endif
 	int offset;
 	int year;
 
@@ -289,12 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	gmtime_r(&t, &data);
-	tm = &data;
-#else
-	tm = gmtime(&t);
-#endif
+	tm = OPENSSL_gmtime(&t, &data);
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);
diff --git a/crypto/openssl/crypto/asn1/a_utf8.c b/crypto/openssl/crypto/asn1/a_utf8.c
index 854278f..508e11e 100644
--- a/crypto/openssl/crypto/asn1/a_utf8.c
+++ b/crypto/openssl/crypto/asn1/a_utf8.c
@@ -60,33 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_UTF8STRING *ASN1_UTF8STRING_new(void)
-{ return M_ASN1_UTF8STRING_new();}
-
-void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x)
-{ M_ASN1_UTF8STRING_free(x);}
-
-int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
-	{
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
-	}
-
-ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
-	     long length)
-	{
-	ASN1_UTF8STRING *ret=NULL;
-
-	ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-		pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-	return(ret);
-	}
-
 
 /* UTF8 utilities */
 
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c
index 2a11927..da2a0a6 100644
--- a/crypto/openssl/crypto/asn1/a_verify.c
+++ b/crypto/openssl/crypto/asn1/a_verify.c
@@ -71,6 +71,8 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     char *data, EVP_PKEY *pkey)
 	{
@@ -79,6 +81,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	unsigned char *p,*buf_in=NULL;
 	int ret= -1,i,inl;
 
+	EVP_MD_CTX_init(&ctx);
 	i=OBJ_obj2nid(a->algorithm);
 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
 	if (type == NULL)
@@ -97,10 +100,10 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -115,5 +118,58 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	/* memset(&ctx,0,sizeof(ctx)); */
 	ret=1;
 err:
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     void *asn, EVP_PKEY *pkey)
+	{
+	EVP_MD_CTX ctx;
+	const EVP_MD *type;
+	unsigned char *buf_in=NULL;
+	int ret= -1,i,inl;
+
+	EVP_MD_CTX_init(&ctx);
+	i=OBJ_obj2nid(a->algorithm);
+	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+	if (type == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+		goto err;
+		}
+
+	inl = ASN1_item_i2d(asn, &buf_in, it);
+	
+	if (buf_in == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_VerifyInit_ex(&ctx,type, NULL);
+	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	OPENSSL_free(buf_in);
+
+	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+			(unsigned int)signature->length,pkey) <= 0)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+	/* we don't need to zero the 'ctx' because we just checked
+	 * public information */
+	/* memset(&ctx,0,sizeof(ctx)); */
+	ret=1;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	return(ret);
+	}
+
+
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 65dc5ed..28b5b00 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -60,15 +60,23 @@
 #define HEADER_ASN1_H
 
 #include <time.h>
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/e_os2.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 
 #include <openssl/symhacks.h>
 
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -84,6 +92,7 @@ extern "C" {
 
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
 #define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
+#define V_ASN1_ANY			-4	/* used in ASN1 template code */
 
 #define V_ASN1_NEG			0x100	/* negative flag */
 
@@ -136,6 +145,8 @@ extern "C" {
 #define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
 #define B_ASN1_UTF8STRING	0x2000
+#define B_ASN1_UTCTIME		0x4000
+#define B_ASN1_GENERALIZEDTIME	0x8000
 
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG		0x1000
@@ -193,6 +204,21 @@ typedef struct asn1_string_st
 	long flags;
 	} ASN1_STRING;
 
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+	{
+	unsigned char *enc;	/* DER encoding */
+	long len;		/* Length of encoding */
+	int modified;		 /* set to 1 if 'enc' is invalid */
+	} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF	0x7fffffffL
+
 #define STABLE_FLAGS_MALLOC	0x01
 #define STABLE_NO_MASK		0x02
 #define DIRSTRING_TYPE	\
@@ -220,43 +246,116 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ub_title			64
 #define ub_email_address		128
 
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER		ASN1_STRING
-#define ASN1_ENUMERATED		ASN1_STRING
-#define ASN1_BIT_STRING		ASN1_STRING
-#define ASN1_OCTET_STRING	ASN1_STRING
-#define ASN1_PRINTABLESTRING	ASN1_STRING
-#define ASN1_T61STRING		ASN1_STRING
-#define ASN1_IA5STRING		ASN1_STRING
-#define ASN1_UTCTIME		ASN1_STRING
-#define ASN1_GENERALIZEDTIME	ASN1_STRING
-#define ASN1_TIME		ASN1_STRING
-#define ASN1_GENERALSTRING	ASN1_STRING
-#define ASN1_UNIVERSALSTRING	ASN1_STRING
-#define ASN1_BMPSTRING		ASN1_STRING
-#define ASN1_VISIBLESTRING	ASN1_STRING
-#define ASN1_UTF8STRING		ASN1_STRING
-#define ASN1_BOOLEAN		int
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
+	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
+	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+	type *d2i_##name(type **a, unsigned char **in, long len); \
+	int i2d_##name(type *a, unsigned char **out); \
+	DECLARE_ASN1_ITEM(itname)
+
+#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+	type *d2i_##name(type **a, const unsigned char **in, long len); \
+	int i2d_##name(const type *a, unsigned char **out); \
+	DECLARE_ASN1_ITEM(name)
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+	name *name##_new(void); \
+	void name##_free(name *a);
+
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+	OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
 #else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef int ASN1_BOOLEAN;
-#endif
 
-typedef int ASN1_NULL;
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+	const ASN1_ITEM * name##_it(void);
+
+#endif
 
 /* Parameters used by ASN1_STRING_print_ex() */
 
@@ -340,6 +439,8 @@ typedef int ASN1_NULL;
 DECLARE_STACK_OF(ASN1_INTEGER)
 DECLARE_ASN1_SET_OF(ASN1_INTEGER)
 
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
 typedef struct asn1_type_st
 	{
 	int type;
@@ -438,12 +539,11 @@ typedef struct BIT_STRING_BITNAME_st {
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
 		V_ASN1_UNIVERSAL)
 
-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-		pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+#define B_ASN1_TIME \
+			B_ASN1_UTCTIME | \
+			B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_T61STRING| \
 			B_ASN1_IA5STRING| \
@@ -451,7 +551,28 @@ typedef struct BIT_STRING_BITNAME_st {
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING|\
-			B_ASN1_UNKNOWN)
+			B_ASN1_UNKNOWN
+
+#define B_ASN1_DIRECTORYSTRING \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_TELETEXSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+			B_ASN1_IA5STRING| \
+			B_ASN1_VISIBLESTRING| \
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+		pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLE)
 
 #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
 #define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
@@ -459,11 +580,7 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DIRECTORYSTRING(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_TELETEXSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_UTF8STRING)
+			B_ASN1_DIRECTORYSTRING)
 
 #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
 #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
@@ -471,9 +588,7 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DISPLAYTEXT(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_VISIBLESTRING| \
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING)
+			B_ASN1_DISPLAYTEXT)
 
 #define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
 		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
@@ -577,10 +692,8 @@ typedef struct BIT_STRING_BITNAME_st {
 #define IS_SEQUENCE	0
 #define IS_SET		1
 
-ASN1_TYPE *	ASN1_TYPE_new(void );
-void		ASN1_TYPE_free(ASN1_TYPE *a);
-int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
-ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 
@@ -592,6 +705,8 @@ ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
 DECLARE_STACK_OF(ASN1_OBJECT)
 DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 
@@ -608,12 +723,8 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 
-ASN1_BIT_STRING *	ASN1_BIT_STRING_new(void);
-void		ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
-int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
 int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
-			long length);
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
 int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
@@ -621,7 +732,7 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
 				BIT_STRING_BITNAME *tbl, int indent);
 #endif
@@ -632,12 +743,8 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 
-ASN1_INTEGER *	ASN1_INTEGER_new(void);
-void		ASN1_INTEGER_free(ASN1_INTEGER *a);
-int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
-			long length);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
@@ -645,11 +752,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
 
-ASN1_ENUMERATED *	ASN1_ENUMERATED_new(void);
-void		ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
-int		i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
@@ -663,91 +766,35 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
 
-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_new(void);
-void		ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
-int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-			unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
 ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 
-ASN1_VISIBLESTRING *	ASN1_VISIBLESTRING_new(void);
-void		ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
-int	i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
-ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
-			unsigned char **pp,long length);
-
-ASN1_UTF8STRING *	ASN1_UTF8STRING_new(void);
-void		ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
-int		i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
-ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
-			unsigned char **pp,long length);
-
-ASN1_NULL *	ASN1_NULL_new(void);
-void		ASN1_NULL_free(ASN1_NULL *a);
-int		i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp);
-ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length);
-
-ASN1_BMPSTRING *	ASN1_BMPSTRING_new(void);
-void		ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
-int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
-	long length);
-
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
 
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
 
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
-	unsigned char **pp, long l);
-
-ASN1_PRINTABLESTRING *	ASN1_PRINTABLESTRING_new(void);
-void		ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-	unsigned char **pp, long l);
-int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp);
-
-ASN1_STRING *	DIRECTORYSTRING_new(void);
-void		DIRECTORYSTRING_free(ASN1_STRING *a);
-int	i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
-								 long length);
-
-ASN1_STRING *	DISPLAYTEXT_new(void);
-void		DISPLAYTEXT_free(ASN1_STRING *a);
-int	i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
-
-ASN1_T61STRING *	ASN1_T61STRING_new(void);
-void		ASN1_T61STRING_free(ASN1_IA5STRING *a);
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
-	unsigned char **pp, long l);
-
-ASN1_IA5STRING *	ASN1_IA5STRING_new(void);
-void		ASN1_IA5STRING_free(ASN1_IA5STRING *a);
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
-	unsigned char **pp, long l);
-
-ASN1_UTCTIME *	ASN1_UTCTIME_new(void);
-void		ASN1_UTCTIME_free(ASN1_UTCTIME *a);
-int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
-ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
 
-ASN1_GENERALIZEDTIME *	ASN1_GENERALIZEDTIME_new(void);
-void		ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
-int		i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
-ASN1_GENERALIZEDTIME *	d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 
-ASN1_TIME *	ASN1_TIME_new(void);
-void		ASN1_TIME_free(ASN1_TIME *a);
-int		i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
-ASN1_TIME *	d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 
 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
@@ -755,7 +802,7 @@ STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 			char *(*func)(), void (*free_func)(void *),
 			int ex_tag, int ex_class);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -768,7 +815,7 @@ int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
 int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	char *sn, char *ln);
+	const char *sn, const char *ln);
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(ASN1_INTEGER *a);
@@ -787,6 +834,7 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
 	long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
 		long length,int type);
@@ -805,17 +853,23 @@ int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 
-#ifndef NO_FP_API
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+#ifndef OPENSSL_NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 
 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
@@ -854,7 +908,9 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
 			     int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 
 void ASN1_STRING_set_default_mask(unsigned long mask);
 int ASN1_STRING_set_default_mask_asc(char *p);
@@ -871,6 +927,16 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
 void ASN1_STRING_TABLE_cleanup(void);
 
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -881,267 +947,155 @@ void ERR_load_ASN1_strings(void);
 
 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_ENUMERATED			 236
-#define ASN1_F_A2I_ASN1_INTEGER				 101
-#define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ACCESS_DESCRIPTION_NEW			 291
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
-#define ASN1_F_ASN1_D2I_BIO				 104
-#define ASN1_F_ASN1_D2I_FP				 105
-#define ASN1_F_ASN1_DUP					 106
-#define ASN1_F_ASN1_ENUMERATED_SET			 232
-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 233
-#define ASN1_F_ASN1_GENERALIZEDTIME_NEW			 222
-#define ASN1_F_ASN1_GET_OBJECT				 107
-#define ASN1_F_ASN1_HEADER_NEW				 108
-#define ASN1_F_ASN1_I2D_BIO				 109
-#define ASN1_F_ASN1_I2D_FP				 110
-#define ASN1_F_ASN1_INTEGER_SET				 111
-#define ASN1_F_ASN1_INTEGER_TO_BN			 112
-#define ASN1_F_ASN1_MBSTRING_COPY			 282
-#define ASN1_F_ASN1_OBJECT_NEW				 113
-#define ASN1_F_ASN1_PACK_STRING				 245
-#define ASN1_F_ASN1_PBE_SET				 253
-#define ASN1_F_ASN1_SEQ_PACK				 246
-#define ASN1_F_ASN1_SEQ_UNPACK				 247
-#define ASN1_F_ASN1_SIGN				 114
-#define ASN1_F_ASN1_STRING_NEW				 115
-#define ASN1_F_ASN1_STRING_TABLE_ADD			 283
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
-#define ASN1_F_ASN1_TYPE_NEW				 119
-#define ASN1_F_ASN1_UNPACK_STRING			 248
-#define ASN1_F_ASN1_UTCTIME_NEW				 120
-#define ASN1_F_ASN1_VERIFY				 121
-#define ASN1_F_AUTHORITY_KEYID_NEW			 237
-#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
-#define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_D2I_ACCESS_DESCRIPTION			 284
-#define ASN1_F_D2I_ASN1_BIT_STRING			 123
-#define ASN1_F_D2I_ASN1_BMPSTRING			 124
-#define ASN1_F_D2I_ASN1_BOOLEAN				 125
-#define ASN1_F_D2I_ASN1_BYTES				 126
-#define ASN1_F_D2I_ASN1_ENUMERATED			 235
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 223
-#define ASN1_F_D2I_ASN1_HEADER				 127
-#define ASN1_F_D2I_ASN1_INTEGER				 128
-#define ASN1_F_D2I_ASN1_NULL				 292
-#define ASN1_F_D2I_ASN1_OBJECT				 129
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
-#define ASN1_F_D2I_ASN1_SET				 132
-#define ASN1_F_D2I_ASN1_TIME				 224
-#define ASN1_F_D2I_ASN1_TYPE				 133
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
-#define ASN1_F_D2I_ASN1_UINTEGER			 280
-#define ASN1_F_D2I_ASN1_UTCTIME				 135
-#define ASN1_F_D2I_ASN1_UTF8STRING			 266
-#define ASN1_F_D2I_ASN1_VISIBLESTRING			 267
-#define ASN1_F_D2I_AUTHORITY_KEYID			 238
-#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
-#define ASN1_F_D2I_DHPARAMS				 136
-#define ASN1_F_D2I_DIST_POINT				 276
-#define ASN1_F_D2I_DIST_POINT_NAME			 277
-#define ASN1_F_D2I_DSAPARAMS				 137
-#define ASN1_F_D2I_DSAPRIVATEKEY			 138
-#define ASN1_F_D2I_DSAPUBLICKEY				 139
-#define ASN1_F_D2I_GENERAL_NAME				 230
-#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE		 228
-#define ASN1_F_D2I_NETSCAPE_PKEY			 140
-#define ASN1_F_D2I_NETSCAPE_RSA				 141
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
-#define ASN1_F_D2I_NETSCAPE_SPKI			 144
-#define ASN1_F_D2I_NOTICEREF				 268
-#define ASN1_F_D2I_OTHERNAME				 287
-#define ASN1_F_D2I_PBE2PARAM				 262
-#define ASN1_F_D2I_PBEPARAM				 249
-#define ASN1_F_D2I_PBKDF2PARAM				 263
-#define ASN1_F_D2I_PKCS12				 254
-#define ASN1_F_D2I_PKCS12_BAGS				 255
-#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
-#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
-#define ASN1_F_D2I_PKCS7				 145
-#define ASN1_F_D2I_PKCS7_DIGEST				 146
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
-#define ASN1_F_D2I_PKCS7_SIGNED				 152
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
-#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO			 250
-#define ASN1_F_D2I_PKEY_USAGE_PERIOD			 239
-#define ASN1_F_D2I_POLICYINFO				 269
-#define ASN1_F_D2I_POLICYQUALINFO			 270
-#define ASN1_F_D2I_PRIVATEKEY				 155
-#define ASN1_F_D2I_PUBLICKEY				 156
-#define ASN1_F_D2I_RSAPRIVATEKEY			 157
-#define ASN1_F_D2I_RSAPUBLICKEY				 158
-#define ASN1_F_D2I_SXNET				 241
-#define ASN1_F_D2I_SXNETID				 243
-#define ASN1_F_D2I_USERNOTICE				 271
-#define ASN1_F_D2I_X509					 159
-#define ASN1_F_D2I_X509_ALGOR				 160
-#define ASN1_F_D2I_X509_ATTRIBUTE			 161
-#define ASN1_F_D2I_X509_CERT_AUX			 285
-#define ASN1_F_D2I_X509_CINF				 162
-#define ASN1_F_D2I_X509_CRL				 163
-#define ASN1_F_D2I_X509_CRL_INFO			 164
-#define ASN1_F_D2I_X509_EXTENSION			 165
-#define ASN1_F_D2I_X509_KEY				 166
-#define ASN1_F_D2I_X509_NAME				 167
-#define ASN1_F_D2I_X509_NAME_ENTRY			 168
-#define ASN1_F_D2I_X509_PKEY				 169
-#define ASN1_F_D2I_X509_PUBKEY				 170
-#define ASN1_F_D2I_X509_REQ				 171
-#define ASN1_F_D2I_X509_REQ_INFO			 172
-#define ASN1_F_D2I_X509_REVOKED				 173
-#define ASN1_F_D2I_X509_SIG				 174
-#define ASN1_F_D2I_X509_VAL				 175
-#define ASN1_F_DIST_POINT_NAME_NEW			 278
-#define ASN1_F_DIST_POINT_NEW				 279
-#define ASN1_F_GENERAL_NAME_NEW				 231
-#define ASN1_F_I2D_ASN1_HEADER				 176
-#define ASN1_F_I2D_ASN1_TIME				 225
-#define ASN1_F_I2D_DHPARAMS				 177
-#define ASN1_F_I2D_DSAPARAMS				 178
-#define ASN1_F_I2D_DSAPRIVATEKEY			 179
-#define ASN1_F_I2D_DSAPUBLICKEY				 180
-#define ASN1_F_I2D_DSA_PUBKEY				 290
-#define ASN1_F_I2D_NETSCAPE_RSA				 181
-#define ASN1_F_I2D_PKCS7				 182
-#define ASN1_F_I2D_PRIVATEKEY				 183
-#define ASN1_F_I2D_PUBLICKEY				 184
-#define ASN1_F_I2D_RSAPRIVATEKEY			 185
-#define ASN1_F_I2D_RSAPUBLICKEY				 186
-#define ASN1_F_I2D_RSA_PUBKEY				 289
-#define ASN1_F_I2D_X509_ATTRIBUTE			 187
-#define ASN1_F_I2T_ASN1_OBJECT				 188
-#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW		 229
-#define ASN1_F_NETSCAPE_PKEY_NEW			 189
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
-#define ASN1_F_NETSCAPE_SPKI_NEW			 191
-#define ASN1_F_NOTICEREF_NEW				 272
-#define ASN1_F_OTHERNAME_NEW				 288
-#define ASN1_F_PBE2PARAM_NEW				 264
-#define ASN1_F_PBEPARAM_NEW				 251
-#define ASN1_F_PBKDF2PARAM_NEW				 265
-#define ASN1_F_PKCS12_BAGS_NEW				 258
-#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
-#define ASN1_F_PKCS12_NEW				 260
-#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
-#define ASN1_F_PKCS5_PBE2_SET				 281
-#define ASN1_F_PKCS7_DIGEST_NEW				 192
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
-#define ASN1_F_PKCS7_NEW				 197
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
-#define ASN1_F_PKCS7_SIGNED_NEW				 199
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
-#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW			 252
-#define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
-#define ASN1_F_POLICYINFO_NEW				 273
-#define ASN1_F_POLICYQUALINFO_NEW			 274
-#define ASN1_F_SXNETID_NEW				 244
-#define ASN1_F_SXNET_NEW				 242
-#define ASN1_F_USERNOTICE_NEW				 275
-#define ASN1_F_X509_ALGOR_NEW				 202
-#define ASN1_F_X509_ATTRIBUTE_NEW			 203
-#define ASN1_F_X509_CERT_AUX_NEW			 286
-#define ASN1_F_X509_CINF_NEW				 204
-#define ASN1_F_X509_CRL_INFO_NEW			 205
-#define ASN1_F_X509_CRL_NEW				 206
-#define ASN1_F_X509_DHPARAMS_NEW			 207
-#define ASN1_F_X509_EXTENSION_NEW			 208
-#define ASN1_F_X509_INFO_NEW				 209
-#define ASN1_F_X509_KEY_NEW				 210
-#define ASN1_F_X509_NAME_ENTRY_NEW			 211
-#define ASN1_F_X509_NAME_NEW				 212
-#define ASN1_F_X509_NEW					 213
-#define ASN1_F_X509_PKEY_NEW				 214
-#define ASN1_F_X509_PUBKEY_NEW				 215
-#define ASN1_F_X509_REQ_INFO_NEW			 216
-#define ASN1_F_X509_REQ_NEW				 217
-#define ASN1_F_X509_REVOKED_NEW				 218
-#define ASN1_F_X509_SIG_NEW				 219
-#define ASN1_F_X509_VAL_FREE				 220
-#define ASN1_F_X509_VAL_NEW				 221
+#define ASN1_F_A2I_ASN1_ENUMERATED			 101
+#define ASN1_F_A2I_ASN1_INTEGER				 102
+#define ASN1_F_A2I_ASN1_STRING				 103
+#define ASN1_F_ASN1_CHECK_TLEN				 104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
+#define ASN1_F_ASN1_COLLECT				 106
+#define ASN1_F_ASN1_D2I_BIO				 107
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
+#define ASN1_F_ASN1_D2I_FP				 109
+#define ASN1_F_ASN1_DO_ADB				 110
+#define ASN1_F_ASN1_DUP					 111
+#define ASN1_F_ASN1_ENUMERATED_SET			 112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
+#define ASN1_F_ASN1_GET_OBJECT				 114
+#define ASN1_F_ASN1_HEADER_NEW				 115
+#define ASN1_F_ASN1_I2D_BIO				 116
+#define ASN1_F_ASN1_I2D_FP				 117
+#define ASN1_F_ASN1_INTEGER_SET				 118
+#define ASN1_F_ASN1_INTEGER_TO_BN			 119
+#define ASN1_F_ASN1_ITEM_EX_D2I				 120
+#define ASN1_F_ASN1_ITEM_NEW				 121
+#define ASN1_F_ASN1_MBSTRING_COPY			 122
+#define ASN1_F_ASN1_OBJECT_NEW				 123
+#define ASN1_F_ASN1_PACK_STRING				 124
+#define ASN1_F_ASN1_PBE_SET				 125
+#define ASN1_F_ASN1_SEQ_PACK				 126
+#define ASN1_F_ASN1_SEQ_UNPACK				 127
+#define ASN1_F_ASN1_SIGN				 128
+#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
+#define ASN1_F_ASN1_TEMPLATE_D2I			 131
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
+#define ASN1_F_ASN1_TEMPLATE_NEW			 133
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
+#define ASN1_F_ASN1_UNPACK_STRING			 136
+#define ASN1_F_ASN1_VERIFY				 137
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
+#define ASN1_F_BN_TO_ASN1_INTEGER			 139
+#define ASN1_F_COLLECT_DATA				 140
+#define ASN1_F_D2I_ASN1_BIT_STRING			 141
+#define ASN1_F_D2I_ASN1_BOOLEAN				 142
+#define ASN1_F_D2I_ASN1_BYTES				 143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
+#define ASN1_F_D2I_ASN1_HEADER				 145
+#define ASN1_F_D2I_ASN1_INTEGER				 146
+#define ASN1_F_D2I_ASN1_OBJECT				 147
+#define ASN1_F_D2I_ASN1_SET				 148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
+#define ASN1_F_D2I_ASN1_UINTEGER			 150
+#define ASN1_F_D2I_ASN1_UTCTIME				 151
+#define ASN1_F_D2I_NETSCAPE_RSA				 152
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
+#define ASN1_F_D2I_PRIVATEKEY				 154
+#define ASN1_F_D2I_PUBLICKEY				 155
+#define ASN1_F_D2I_X509					 156
+#define ASN1_F_D2I_X509_CINF				 157
+#define ASN1_F_D2I_X509_NAME				 158
+#define ASN1_F_D2I_X509_PKEY				 159
+#define ASN1_F_I2D_ASN1_TIME				 160
+#define ASN1_F_I2D_DSA_PUBKEY				 161
+#define ASN1_F_I2D_NETSCAPE_RSA				 162
+#define ASN1_F_I2D_PRIVATEKEY				 163
+#define ASN1_F_I2D_PUBLICKEY				 164
+#define ASN1_F_I2D_RSA_PUBKEY				 165
+#define ASN1_F_LONG_C2I					 166
+#define ASN1_F_OID_MODULE_INIT				 174
+#define ASN1_F_PKCS5_PBE2_SET				 167
+#define ASN1_F_X509_CINF_NEW				 168
+#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
+#define ASN1_F_X509_INFO_NEW				 170
+#define ASN1_F_X509_NAME_NEW				 171
+#define ASN1_F_X509_NEW					 172
+#define ASN1_F_X509_PKEY_NEW				 173
 
 /* Reason codes. */
-#define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_OBJECT_HEADER			 101
-#define ASN1_R_BAD_PASSWORD_READ			 102
-#define ASN1_R_BAD_PKCS7_CONTENT			 103
-#define ASN1_R_BAD_PKCS7_TYPE				 104
-#define ASN1_R_BAD_TAG					 105
-#define ASN1_R_BAD_TYPE					 106
-#define ASN1_R_BN_LIB					 107
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
-#define ASN1_R_BUFFER_TOO_SMALL				 109
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 166
-#define ASN1_R_DATA_IS_WRONG				 110
-#define ASN1_R_DECODE_ERROR				 155
+#define ASN1_R_ADDING_OBJECT				 171
+#define ASN1_R_AUX_ERROR				 100
+#define ASN1_R_BAD_CLASS				 101
+#define ASN1_R_BAD_OBJECT_HEADER			 102
+#define ASN1_R_BAD_PASSWORD_READ			 103
+#define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BN_LIB					 105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+#define ASN1_R_BUFFER_TOO_SMALL				 107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
+#define ASN1_R_DATA_IS_WRONG				 109
+#define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ENCODE_ERROR				 156
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
-#define ASN1_R_EXPECTING_AN_ENUMERATED			 154
-#define ASN1_R_EXPECTING_AN_INTEGER			 113
-#define ASN1_R_EXPECTING_AN_OBJECT			 114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
-#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_ENCODE_ERROR				 112
+#define ASN1_R_ERROR_LOADING_SECTION			 172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
+#define ASN1_R_EXPECTING_AN_INTEGER			 115
+#define ASN1_R_EXPECTING_AN_OBJECT			 116
 #define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_GENERALIZEDTIME		 151
-#define ASN1_R_EXPECTING_A_NULL				 164
-#define ASN1_R_EXPECTING_A_TIME				 152
-#define ASN1_R_EXPECTING_A_UTCTIME			 118
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
-#define ASN1_R_GENERALIZEDTIME_TOO_LONG			 153
-#define ASN1_R_HEADER_TOO_LONG				 120
-#define ASN1_R_ILLEGAL_CHARACTERS			 158
-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 159
-#define ASN1_R_INVALID_DIGIT				 121
-#define ASN1_R_INVALID_SEPARATOR			 122
-#define ASN1_R_INVALID_TIME_FORMAT			 123
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 160
-#define ASN1_R_INVALID_UTF8STRING			 161
-#define ASN1_R_IV_TOO_LARGE				 124
-#define ASN1_R_LENGTH_ERROR				 125
-#define ASN1_R_MISSING_SECOND_NUMBER			 126
-#define ASN1_R_NON_HEX_CHARACTERS			 127
-#define ASN1_R_NOT_ENOUGH_DATA				 128
-#define ASN1_R_NULL_IS_WRONG_LENGTH			 165
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
-#define ASN1_R_PARSING					 130
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
-#define ASN1_R_SHORT_LINE				 133
-#define ASN1_R_STRING_TOO_LONG				 163
-#define ASN1_R_STRING_TOO_SHORT				 134
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
-#define ASN1_R_TOO_LONG					 137
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
-#define ASN1_R_UNKNOWN_FORMAT				 162
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
-#define ASN1_R_UNSUPPORTED_CIPHER			 144
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
-#define ASN1_R_UTCTIME_TOO_LONG				 147
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
-#define ASN1_R_WRONG_TAG				 149
-#define ASN1_R_WRONG_TYPE				 150
+#define ASN1_R_EXPECTING_A_TIME				 118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
+#define ASN1_R_FIELD_MISSING				 121
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
+#define ASN1_R_HEADER_TOO_LONG				 123
+#define ASN1_R_ILLEGAL_CHARACTERS			 124
+#define ASN1_R_ILLEGAL_NULL				 125
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
+#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
+#define ASN1_R_INVALID_DIGIT				 130
+#define ASN1_R_INVALID_SEPARATOR			 131
+#define ASN1_R_INVALID_TIME_FORMAT			 132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
+#define ASN1_R_INVALID_UTF8STRING			 134
+#define ASN1_R_IV_TOO_LARGE				 135
+#define ASN1_R_LENGTH_ERROR				 136
+#define ASN1_R_MISSING_EOC				 137
+#define ASN1_R_MISSING_SECOND_NUMBER			 138
+#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
+#define ASN1_R_MSTRING_WRONG_TAG			 140
+#define ASN1_R_NON_HEX_CHARACTERS			 141
+#define ASN1_R_NOT_ENOUGH_DATA				 142
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
+#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
+#define ASN1_R_SHORT_LINE				 150
+#define ASN1_R_STRING_TOO_LONG				 151
+#define ASN1_R_STRING_TOO_SHORT				 152
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TOO_LONG					 155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+#define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_UNKNOWN_FORMAT				 160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
+#define ASN1_R_UNSUPPORTED_CIPHER			 165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
+#define ASN1_R_WRONG_TAG				 168
+#define ASN1_R_WRONG_TYPE				 169
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
index cecd555..c4c3d2a 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -63,27 +63,31 @@
 #include <openssl/asn1.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),	"ACCESS_DESCRIPTION_new"},
+{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),	"ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),	"ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0),	"ASN1_GENERALIZEDTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0),	"ASN1_ITEM_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),	"ASN1_item_new"},
 {ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),	"ASN1_mbstring_copy"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
 {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
@@ -91,186 +95,63 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
-{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),	"AUTHORITY_KEYID_new"},
-{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),	"d2i_ACCESS_DESCRIPTION"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"D2I_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),	"d2i_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"d2i_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"D2I_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_NULL,0),	"d2i_ASN1_NULL"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"D2I_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),	"d2i_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),	"d2i_ASN1_UTF8STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),	"d2i_ASN1_VISIBLESTRING"},
-{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),	"d2i_AUTHORITY_KEYID"},
-{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"d2i_BASIC_CONSTRAINTS"},
-{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"d2i_DHparams"},
-{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),	"d2i_DIST_POINT"},
-{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),	"d2i_DIST_POINT_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"d2i_DSAparams"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"d2i_DSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"d2i_DSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0),	"d2i_GENERAL_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),	"d2i_NETSCAPE_CERT_SEQUENCE"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"D2I_ASN1_UTCTIME"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"d2i_Netscape_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
-{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
-{ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
-{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),	"d2i_PBKDF2PARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"d2i_PKCS12"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"d2i_PKCS12_BAGS"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"d2i_PKCS12_MAC_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"d2i_PKCS12_SAFEBAG"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"d2i_PKCS7"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"d2i_PKCS7_DIGEST"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"d2i_PKCS7_ENCRYPT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"d2i_PKCS7_ENC_CONTENT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"d2i_PKCS7_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"d2i_PKCS7_ISSUER_AND_SERIAL"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"d2i_PKCS7_RECIP_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"d2i_PKCS7_SIGNED"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"d2i_PKCS7_SIGNER_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"d2i_PKCS7_SIGN_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),	"d2i_PKCS8_PRIV_KEY_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),	"d2i_PKEY_USAGE_PERIOD"},
-{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),	"d2i_POLICYINFO"},
-{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),	"d2i_POLICYQUALINFO"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"d2i_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"d2i_RSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"d2i_SXNET"},
-{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"d2i_SXNETID"},
-{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),	"d2i_USERNOTICE"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0),	"d2i_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"d2i_X509_ALGOR"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"d2i_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CERT_AUX,0),	"d2i_X509_CERT_AUX"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"d2i_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"d2i_X509_CRL"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"d2i_X509_CRL_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"d2i_X509_EXTENSION"},
-{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"d2i_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"d2i_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"d2i_X509_PUBKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"d2i_X509_REQ"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"d2i_X509_REQ_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"d2i_X509_REVOKED"},
-{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"d2i_X509_SIG"},
-{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"d2i_X509_VAL"},
-{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),	"DIST_POINT_NAME_new"},
-{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),	"DIST_POINT_new"},
-{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0),	"GENERAL_NAME_new"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"i2d_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"i2d_DHparams"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"i2d_DSAparams"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"i2d_DSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"i2d_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"i2d_PKCS7"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"i2d_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"i2d_RSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"i2d_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),	"NETSCAPE_CERT_SEQUENCE_new"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
-{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
-{ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
-{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
-{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
-{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),	"PBKDF2PARAM_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
+{ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
+{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),	"OID_MODULE_INIT"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_new"},
-{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),	"PKCS8_PRIV_KEY_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_new"},
-{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),	"POLICYINFO_new"},
-{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),	"POLICYQUALINFO_new"},
-{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_new"},
-{ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_new"},
-{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),	"USERNOTICE_new"},
-{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_new"},
-{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_new"},
-{ERR_PACK(0,ASN1_F_X509_CERT_AUX_NEW,0),	"X509_CERT_AUX_new"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_new"},
-{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
-{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_new"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
 {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_new"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
 {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
-{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_new"},
-{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_new"},
-{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_new"},
-{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_new"},
-{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_free"},
-{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_new"},
 {0,NULL}
 	};
 
 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
+{ASN1_R_ADDING_OBJECT                    ,"adding object"},
+{ASN1_R_AUX_ERROR                        ,"aux error"},
 {ASN1_R_BAD_CLASS                        ,"bad class"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
-{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
-{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
-{ASN1_R_BAD_TYPE                         ,"bad type"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
@@ -279,22 +160,24 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
-{ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
-{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
-{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
-{ASN1_R_EXPECTING_A_NULL                 ,"expecting a null"},
 {ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
-{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
+{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
+{ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
-{ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
+{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
+{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
+{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
+{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
+{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
@@ -303,32 +186,37 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
+{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
-{ASN1_R_PARSING                          ,"parsing"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
+{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
 {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
-{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}
@@ -343,7 +231,7 @@ void ERR_load_ASN1_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index e4a56a9..0638870 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -304,7 +304,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length;
+		c->slen= *length+ *(c->pp)-c->p;
 	c->eos=0;
 	return(1);
 	}
diff --git a/crypto/openssl/crypto/asn1/asn1_mac.h b/crypto/openssl/crypto/asn1/asn1_mac.h
index af0e664..a48649c 100644
--- a/crypto/openssl/crypto/asn1/asn1_mac.h
+++ b/crypto/openssl/crypto/asn1/asn1_mac.h
@@ -70,14 +70,14 @@ extern "C" {
 #endif 
 
 #define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
 
 #define M_ASN1_D2I_vars(a,type,func) \
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=pp; \
-	c.q= *pp; \
+	c.pp=(unsigned char **)pp; \
+	c.q= *(unsigned char **)pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);
 
 #define M_ASN1_D2I_Init() \
-	c.p= *pp; \
+	c.p= *(unsigned char **)pp; \
 	c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*pp=c.p; \
+	*(unsigned char **)pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
 
@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*pp,(int)(c.q- *pp)); \
+	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
@@ -196,9 +196,6 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
-	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -392,9 +389,6 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
-		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
@@ -458,15 +452,6 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
-		if (a)\
-			{ \
-			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-						 V_ASN1_UNIVERSAL, \
-						 IS_SEQUENCE); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)
 
@@ -551,14 +536,6 @@ err:\
 					       IS_SEQUENCE); \
 			}
 
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
-		if (a) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-					       IS_SEQUENCE); \
-			}
-
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c
index facfdd2..e48532a 100644
--- a/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/crypto/openssl/crypto/asn1/asn1_par.c
@@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 	else
 		p="prim: ";
 	if (BIO_write(bp,p,6) < 6) goto err;
-	if (indent)
-		{
-		if (indent > 128) indent=128;
-		memset(str,' ',indent);
-		if (BIO_write(bp,str,indent) < indent) goto err;
-		}
+	BIO_indent(bp,indent,128);
 
 	p=str;
 	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
diff --git a/crypto/openssl/crypto/asn1/asn1t.h b/crypto/openssl/crypto/asn1/asn1t.h
new file mode 100644
index 0000000..ed372f8
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1t.h
@@ -0,0 +1,846 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+		};
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	const ASN1_ITEM * itname##_it(void) \
+	{ \
+		static const ASN1_ITEM local_it = { \
+
+#define ASN1_ITEM_end(itname) \
+		}; \
+	return &local_it; \
+	}
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+	const static ASN1_TEMPLATE tname##_item_tt 
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_PRIMITIVE,\
+		-1,\
+		&tname##_item_tt,\
+		0,\
+		NULL,\
+		0,\
+		#tname \
+	ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+ 
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ * 	ASN1_SEQUENCE(stname) = {
+ * 		... SEQUENCE components ...
+ * 	} ASN1_SEQUENCE_END(stname)
+ *
+ * 	This will produce an ASN1_ITEM called stname_it
+ *	for a structure called stname.
+ *
+ * 	If you want the same structure but a different
+ *	name then use:
+ *
+ * 	ASN1_SEQUENCE(itname) = {
+ * 		... SEQUENCE components ...
+ * 	} ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *	This will create an item called itname_it using
+ *	a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+	const static ASN1_TEMPLATE tname##_seq_tt[] 
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		&tname##_aux,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ * 	ASN1_CHOICE(chname) = {
+ * 		... CHOICE options ...
+ * 	ASN1_CHOICE_END(chname)
+ *
+ * 	This will produce an ASN1_ITEM called chname_it
+ *	for a structure called chname. The structure
+ *	definition must look like this:
+ *	typedef struct {
+ *		int type;
+ *		union {
+ *			ASN1_SOMETHING *opt1;
+ *			ASN1_SOMEOTHER *opt2;
+ *		} value;
+ *	} chname;
+ *	
+ *	the name of the selector must be 'type'.
+ * 	to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+	const static ASN1_TEMPLATE tname##_ch_tt[] 
+
+#define ASN1_CHOICE_cb(tname, cb) \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_CHOICE,\
+		offsetof(stname,selname) ,\
+		tname##_ch_tt,\
+		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_CHOICE,\
+		offsetof(stname,selname) ,\
+		tname##_ch_tt,\
+		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+		&tname##_aux,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+	(flags), (tag), 0,\
+	#name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+	(flags), (tag), offsetof(stname, field),\
+	#field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+	const static ASN1_ADB_TABLE name##_adbtbl[] 
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	const static ASN1_ADB name##_adb = {\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+	}
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	const static ASN1_ITEM *name##_adb(void) \
+	{ \
+	const static ASN1_ADB internal_adb = \
+		{\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+		}; \
+		return (const ASN1_ITEM *) &internal_adb; \
+	} \
+	void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+	const static ASN1_TEMPLATE name##_tt 
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags;		/* Various flags */
+long tag;			/* tag, not used if no tagging */
+unsigned long offset;		/* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+char *field_name;		/* Field name */
+#endif
+ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+	unsigned long flags;	/* Various flags */
+	unsigned long offset;	/* Offset of selector field */
+	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */
+	long tblcount;		/* Number of entries in tbl */
+	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
+	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+	long value;		/* NID for an object or value for an int */
+	const ASN1_TEMPLATE tt;		/* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL	(0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF	(0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK	(0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG	(0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG	(0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK	(0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These 
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */ 
+#define ASN1_TFLG_UNIVERSAL	(0x0<<6)
+/* Application tag */ 
+#define ASN1_TFLG_APPLICATION	(0x1<<6)
+/* Context specific tag */ 
+#define ASN1_TFLG_CONTEXT	(0x2<<6)
+/* Private tag */ 
+#define ASN1_TFLG_PRIVATE	(0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS	(0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK	(0x3<<8)
+
+#define ASN1_TFLG_ADB_OID	(0x1<<8)
+
+#define ASN1_TFLG_ADB_INT	(0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE	(0x1<<10)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype;			/* underlying type */
+const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
+long tcount;			/* Number of templates if SEQUENCE or CHOICE */
+const void *funcs;		/* functions that handle this type */
+long size;			/* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname;		/* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single 
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions. 
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE	0x0
+
+#define ASN1_ITYPE_SEQUENCE	0x1
+
+#define ASN1_ITYPE_CHOICE	0x2
+
+#define ASN1_ITYPE_COMPAT	0x3
+
+#define ASN1_ITYPE_EXTERN	0x4
+
+#define ASN1_ITYPE_MSTRING	0x5
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+	char valid;	/* Values below are valid */
+	int ret;	/* return value */
+	long plen;	/* length */
+	int ptag;	/* class value */
+	int pclass;	/* class value */
+	int hdrlen;	/* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+	ASN1_new_func *asn1_new;
+	ASN1_free_func *asn1_free;
+	ASN1_d2i_func *asn1_d2i;
+	ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+	void *app_data;
+	ASN1_ex_new_func *asn1_ex_new;
+	ASN1_ex_free_func *asn1_ex_free;
+	ASN1_ex_free_func *asn1_ex_clear;
+	ASN1_ex_d2i *asn1_ex_d2i;
+	ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+	void *app_data;
+	unsigned long flags;
+	ASN1_ex_new_func *prim_new;
+	ASN1_ex_free_func *prim_free;
+	ASN1_ex_free_func *prim_clear;
+	ASN1_primitive_c2i *prim_c2i;
+	ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the 
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+	void *app_data;
+	int flags;
+	int ref_offset;		/* Offset of reference value */
+	int ref_lock;		/* Lock type to use */
+	ASN1_aux_cb *asn1_cb;
+	int enc_offset;		/* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT	1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING	2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN	4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE		0
+#define ASN1_OP_NEW_POST	1
+#define ASN1_OP_FREE_PRE	2
+#define ASN1_OP_FREE_POST	3
+#define ASN1_OP_D2I_PRE		4
+#define ASN1_OP_D2I_POST	5
+#define ASN1_OP_I2D_PRE		6
+#define ASN1_OP_I2D_POST	7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+				ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+				ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+	static const ASN1_COMPAT_FUNCS sname##_ff = { \
+		(ASN1_new_func *)sname##_new, \
+		(ASN1_free_func *)sname##_free, \
+		(ASN1_d2i_func *)d2i_##sname, \
+		(ASN1_i2d_func *)i2d_##sname, \
+	}; \
+	ASN1_ITEM_start(sname) \
+		ASN1_ITYPE_COMPAT, \
+		tag, \
+		NULL, \
+		0, \
+		&sname##_ff, \
+		0, \
+		#sname \
+	ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+	ASN1_ITEM_start(sname) \
+		ASN1_ITYPE_EXTERN, \
+		tag, \
+		NULL, \
+		0, \
+		&fptrs, \
+		0, \
+		#sname \
+	ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+	stname *fname##_new(void) \
+	{ \
+		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+	} \
+	void fname##_free(stname *a) \
+	{ \
+		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+	}
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+	stname *d2i_##fname(stname **a, unsigned char **in, long len) \
+	{ \
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+	} \
+	int i2d_##fname(stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+	} 
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+	{ \
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
+	} \
+	int i2d_##fname(const stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+	} 
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+	stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+				int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/asn1/asn_moid.c b/crypto/openssl/crypto/asn1/asn_moid.c
new file mode 100644
index 0000000..be20db4
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn_moid.c
@@ -0,0 +1,95 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+	{
+	int i;
+	const char *oid_section;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *oval;
+	oid_section = CONF_imodule_get_value(md);
+	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+		{
+		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+		return 0;
+		}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+		{
+		oval = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
+			{
+			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+			return 0;
+			}
+		}
+	return 1;
+}
+
+void ASN1_add_oid_module(void)
+	{
+	CONF_module_add("oid_section", oid_module_init, 0);
+	}
diff --git a/crypto/openssl/crypto/asn1/asn_pack.c b/crypto/openssl/crypto/asn1/asn_pack.c
index bdf5f13..e6051db 100644
--- a/crypto/openssl/crypto/asn1/asn_pack.c
+++ b/crypto/openssl/crypto/asn1/asn_pack.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
+#ifndef NO_ASN1_OLD
+
 /* ASN1 packing and unpacking functions */
 
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
@@ -117,7 +119,7 @@ void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
 
 /* Pack an ASN1 object into an ASN1_STRING */
 
-ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
 {
 	unsigned char *p;
 	ASN1_STRING *octmp;
@@ -143,3 +145,47 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
 	return octmp;
 }
 
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+	ASN1_STRING *octmp;
+
+	if (!oct || !*oct) {
+		if (!(octmp = ASN1_STRING_new ())) {
+			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		if (oct) *oct = octmp;
+	} else octmp = *oct;
+
+	if(octmp->data) {
+		OPENSSL_free(octmp->data);
+		octmp->data = NULL;
+	}
+		
+	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!octmp->data) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+	unsigned char *p;
+	void *ret;
+
+	p = oct->data;
+	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+	return ret;
+}
diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c
index c92b832..2e7d96a 100644
--- a/crypto/openssl/crypto/asn1/d2i_pr.c
+++ b/crypto/openssl/crypto/asn1/d2i_pr.c
@@ -62,6 +62,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -82,18 +88,20 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/openssl/crypto/asn1/d2i_pu.c
index e0d203c..71f2eb3 100644
--- a/crypto/openssl/crypto/asn1/d2i_pu.c
+++ b/crypto/openssl/crypto/asn1/d2i_pu.c
@@ -62,6 +62,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -82,18 +88,20 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
diff --git a/crypto/openssl/crypto/asn1/f_int.c b/crypto/openssl/crypto/asn1/f_int.c
index 6b090f6..9494e59 100644
--- a/crypto/openssl/crypto/asn1/f_int.c
+++ b/crypto/openssl/crypto/asn1/f_int.c
@@ -69,10 +69,16 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 
 	if (a == NULL) return(0);
 
+	if (a->type & V_ASN1_NEG)
+		{
+		if (BIO_write(bp, "-", 1) != 1) goto err;
+		n = 1;
+		}
+
 	if (a->length == 0)
 		{
 		if (BIO_write(bp,"00",2) != 2) goto err;
-		n=2;
+		n += 2;
 		}
 	else
 		{
@@ -163,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 				sp=(unsigned char *)OPENSSL_malloc(
 					(unsigned int)num+i*2);
 			else
-				sp=(unsigned char *)OPENSSL_realloc(s,
-					(unsigned int)num+i*2);
+				sp=OPENSSL_realloc_clean(s,slen,num+i*2);
 			if (sp == NULL)
 				{
 				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/openssl/crypto/asn1/i2d_pr.c b/crypto/openssl/crypto/asn1/i2d_pr.c
index 71d6910..1e951ae 100644
--- a/crypto/openssl/crypto/asn1/i2d_pr.c
+++ b/crypto/openssl/crypto/asn1/i2d_pr.c
@@ -61,17 +61,23 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (a->type == EVP_PKEY_RSA)
 		{
 		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
 		}
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (a->type == EVP_PKEY_DSA)
 		{
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
diff --git a/crypto/openssl/crypto/asn1/i2d_pu.c b/crypto/openssl/crypto/asn1/i2d_pu.c
index 8f73d37..013d19b 100644
--- a/crypto/openssl/crypto/asn1/i2d_pu.c
+++ b/crypto/openssl/crypto/asn1/i2d_pu.c
@@ -61,16 +61,22 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
 	switch (a->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
 		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
 #endif
diff --git a/crypto/openssl/crypto/asn1/n_pkey.c b/crypto/openssl/crypto/asn1/n_pkey.c
index 9840193..766b51c 100644
--- a/crypto/openssl/crypto/asn1/n_pkey.c
+++ b/crypto/openssl/crypto/asn1/n_pkey.c
@@ -56,110 +56,138 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
+#include <openssl/asn1t.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 
 typedef struct netscape_pkey_st
 	{
-	ASN1_INTEGER *version;
+	long version;
 	X509_ALGOR *algor;
 	ASN1_OCTET_STRING *private_key;
 	} NETSCAPE_PKEY;
 
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+typedef struct netscape_encrypted_pkey_st
+	{
+	ASN1_OCTET_STRING *os;
+	/* This is the same structure as DigestInfo so use it:
+	 * although this isn't really anything to do with
+	 * digests.
+	 */
+	X509_SIG *enckey;
+	} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+	     int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
 {
 	return i2d_RSA_NET(a, pp, cb, 0);
 }
 
-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	{
-	int i,j,l[6];
-	NETSCAPE_PKEY *pkey;
+	int i, j, ret = 0;
+	int rsalen, pkeylen, olen;
+	NETSCAPE_PKEY *pkey = NULL;
+	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
 	unsigned char buf[256],*zz;
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *alg=NULL;
-	ASN1_OCTET_STRING os,os2;
-	M_ASN1_I2D_vars(a);
 
 	if (a == NULL) return(0);
 
-#ifdef WIN32
-	r=r; /* shut the damn compiler up :-) */
-#endif
-
-	os.data=os2.data=NULL;
 	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+	pkey->version = 0;
 
-	if (pkey->algor->algorithm != NULL)
-		ASN1_OBJECT_free(pkey->algor->algorithm);
 	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
 	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
 	pkey->algor->parameter->type=V_ASN1_NULL;
 
-	l[0]=i2d_RSAPrivateKey(a,NULL);
-	pkey->private_key->length=l[0];
+	rsalen = i2d_RSAPrivateKey(a, NULL);
 
-	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
-	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+	/* Fake some octet strings just for the initial length
+	 * calculation.
+ 	 */
 
-	if ((alg=X509_ALGOR_new()) == NULL) goto err;
-	if (alg->algorithm != NULL)
-		ASN1_OBJECT_free(alg->algorithm);
-	alg->algorithm=OBJ_nid2obj(NID_rc4);
-	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	alg->parameter->type=V_ASN1_NULL;
+	pkey->private_key->length=rsalen;
 
-	l[2]=i2d_X509_ALGOR(alg,NULL);
-	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
 
-#ifndef CONST_STRICT
-	os.data=(unsigned char *)"private-key";
-#endif
-	os.length=11;
-	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+	enckey->enckey->digest->length = pkeylen;
 
-	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+	enckey->os->length = 11;	/* "private-key" */
+
+	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
 
 	if (pp == NULL)
 		{
-		if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-		if (alg != NULL) X509_ALGOR_free(alg);
-		return(l[5]);
+		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+		NETSCAPE_PKEY_free(pkey);
+		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+		return olen;
 		}
 
-	if (pkey->private_key->data != NULL)
-		OPENSSL_free(pkey->private_key->data);
-	if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
+
+	/* Since its RC4 encrypted length is actual length */
+	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
 		{
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	zz=pkey->private_key->data;
+
+	pkey->private_key->data = zz;
+	/* Write out private key encoding */
 	i2d_RSAPrivateKey(a,&zz);
 
-	if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
+	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
 		{
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	zz=os2.data;
+
+	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	enckey->enckey->digest->data = zz;
 	i2d_NETSCAPE_PKEY(pkey,&zz);
+
+	/* Wipe the private key encoding */
+	OPENSSL_cleanse(pkey->private_key->data, rsalen);
 		
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
@@ -171,109 +199,86 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 		}
 	i = strlen((char *)buf);
 	/* If the key is used for SGC the algorithm is modified a little. */
-	if(sgckey){
-		EVP_MD_CTX mctx;
-		EVP_DigestInit(&mctx, EVP_md5());
-		EVP_DigestUpdate(&mctx, buf, i);
-		EVP_DigestFinal(&mctx, buf, NULL);
+	if(sgckey) {
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
 		memcpy(buf + 16, "SGCKEYSALT", 10);
 		i = 26;
 	}
-		
+
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
+	/* Encrypt private key in place */
+	zz = enckey->enckey->digest->data;
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
-	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
-	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 
-	p= *pp;
-	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(&os,&p);
-	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_X509_ALGOR(alg,&p);
-	i2d_ASN1_OCTET_STRING(&os2,&p);
-	ret=l[5];
+	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
 err:
-	if (os2.data != NULL) OPENSSL_free(os2.data);
-	if (alg != NULL) X509_ALGOR_free(alg);
-	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-	r=r;
+	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+	NETSCAPE_PKEY_free(pkey);
 	return(ret);
 	}
 
 
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
 {
 	return d2i_RSA_NET(a, pp, length, cb, 0);
 }
 
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
 	{
 	RSA *ret=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	ASN1_CTX c;
+	const unsigned char *p, *kp;
+	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+	p = *pp;
 
-	c.pp=pp;
-	c.error=ASN1_R_DECODING_ERROR;
+	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+	if(!enckey) {
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+		return NULL;
+	}
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-	if ((os->length != 11) || (strncmp("private-key",
-		(char *)os->data,os->length) != 0))
+	if ((enckey->os->length != 11) || (strncmp("private-key",
+		(char *)enckey->os->data,11) != 0))
 		{
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-		M_ASN1_BIT_STRING_free(os);
-		goto err;
+		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+		return NULL;
 		}
-	M_ASN1_BIT_STRING_free(os);
-	c.q=c.p;
-	if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
-	/* Note: some versions of IIS key files use length values that are
-	 * too small for the surrounding SEQUENCEs. This following line
-	 * effectively disable length checking.
-	 */
-	c.slen = 0;
-
-	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
+	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+		goto err;
 	}
+	kp = enckey->enckey->digest->data;
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
 
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
-	     int (*cb)())
-{
-	return d2i_RSA_NET_2(a, pp, length, cb, 0);
-}
+	*pp = p;
 
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
+	err:
+	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+	return ret;
+
+	}
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 	     int (*cb)(), int sgckey)
 	{
 	NETSCAPE_PKEY *pkey=NULL;
 	RSA *ret=NULL;
 	int i,j;
-	unsigned char buf[256],*zz;
+	unsigned char buf[256];
+	const unsigned char *zz;
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *alg=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	ASN1_CTX c;
 
-	c.error=ERR_R_NESTED_ASN1_ERROR;
-	c.pp=pp;
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
-	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
-		{
-		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-		goto err;
-		}
-	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
 	i=cb(buf,256,"Enter Private Key password:",0);
 	if (i != 0)
 		{
@@ -283,21 +288,18 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 
 	i = strlen((char *)buf);
 	if(sgckey){
-		EVP_MD_CTX mctx;
-		EVP_DigestInit(&mctx, EVP_md5());
-		EVP_DigestUpdate(&mctx, buf, i);
-		EVP_DigestFinal(&mctx, buf, NULL);
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
 		memcpy(buf + 16, "SGCKEYSALT", 10);
 		i = 26;
 	}
 		
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
 	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	os->length=i+j;
 
@@ -315,71 +317,14 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
 		goto err;
 		}
-	if (!asn1_Finish(&c)) goto err;
-	*pp=c.p;
 err:
-	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-	if (os != NULL) M_ASN1_BIT_STRING_free(os);
-	if (alg != NULL) X509_ALGOR_free(alg);
+	NETSCAPE_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-
-	M_ASN1_I2D_len(a->version,	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->private_key,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->private_key,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
-	}
-
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
-	{
-	NETSCAPE_PKEY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
-	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->private_key,M_ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
-	}
-
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->algor);
-	M_ASN1_OCTET_STRING_free(a->private_key);
-	OPENSSL_free(a);
-	}
-
-#endif /* NO_RC4 */
+#endif /* OPENSSL_NO_RC4 */
 
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/crypto/asn1/nsseq.c b/crypto/openssl/crypto/asn1/nsseq.c
index 6e7f09b..50e2d4d 100644
--- a/crypto/openssl/crypto/asn1/nsseq.c
+++ b/crypto/openssl/crypto/asn1/nsseq.c
@@ -58,61 +58,25 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/err.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 
-/* Netscape certificate sequence structure */
-
-int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp)
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	int v = 0;
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
-					     V_ASN1_SEQUENCE,v);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
-					     V_ASN1_SEQUENCE,v);
-
-	M_ASN1_I2D_finish();
+	if(operation == ASN1_OP_NEW_POST) {
+		NETSCAPE_CERT_SEQUENCE *nsseq;
+		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+	}
+	return 1;
 }
 
-NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void)
-{
-	NETSCAPE_CERT_SEQUENCE *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, NETSCAPE_CERT_SEQUENCE);
-	/* Note hardcoded object type */
-	ret->type = OBJ_nid2obj(NID_netscape_cert_sequence);
-	ret->certs = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW);
-}
+/* Netscape certificate sequence structure */
 
-NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a,
-	     unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,NETSCAPE_CERT_SEQUENCE *,
-					NETSCAPE_CERT_SEQUENCE_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0,
-					V_ASN1_SEQUENCE);
-	M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free,
-			  ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
-}
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
 
-void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
-{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->type);
-	if(a->certs)
-	    sk_X509_pop_free(a->certs, X509_free);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/crypto/openssl/crypto/asn1/p5_pbe.c b/crypto/openssl/crypto/asn1/p5_pbe.c
index b7ed538e..8911506 100644
--- a/crypto/openssl/crypto/asn1/p5_pbe.c
+++ b/crypto/openssl/crypto/asn1/p5_pbe.c
@@ -58,53 +58,18 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 password based encryption structure */
 
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_finish();
-}
-
-PBEPARAM *PBEPARAM_new(void)
-{
-	PBEPARAM *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PBEPARAM);
-	M_ASN1_New(ret->iter,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->salt,M_ASN1_OCTET_STRING_new);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
-}
-
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
-}
+ASN1_SEQUENCE(PBEPARAM) = {
+	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
 
-void PBEPARAM_free (PBEPARAM *a)
-{
-	if(a==NULL) return;
-	M_ASN1_OCTET_STRING_free(a->salt);
-	M_ASN1_INTEGER_free (a->iter);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
diff --git a/crypto/openssl/crypto/asn1/p5_pbev2.c b/crypto/openssl/crypto/asn1/p5_pbev2.c
index 6a7b578..91e1c89 100644
--- a/crypto/openssl/crypto/asn1/p5_pbev2.c
+++ b/crypto/openssl/crypto/asn1/p5_pbev2.c
@@ -58,108 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 v2.0 password based encryption structures */
 
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
-	M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
-
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
-	M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
-
-	M_ASN1_I2D_finish();
-}
-
-PBE2PARAM *PBE2PARAM_new(void)
-{
-	PBE2PARAM *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PBE2PARAM);
-	M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
-	M_ASN1_New(ret->encryption,X509_ALGOR_new);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
-}
+ASN1_SEQUENCE(PBE2PARAM) = {
+	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
 
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
-	M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
-	M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
 
-void PBE2PARAM_free (PBE2PARAM *a)
-{
-	if(a==NULL) return;
-	X509_ALGOR_free(a->keyfunc);
-	X509_ALGOR_free(a->encryption);
-	OPENSSL_free (a);
-}
-
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE);
-	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
 
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE);
-	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
-
-	M_ASN1_I2D_finish();
-}
-
-PBKDF2PARAM *PBKDF2PARAM_new(void)
-{
-	PBKDF2PARAM *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PBKDF2PARAM);
-	M_ASN1_New(ret->salt, ASN1_TYPE_new);
-	M_ASN1_New(ret->iter, M_ASN1_INTEGER_new);
-	ret->keylength = NULL;
-	ret->prf = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
-}
-
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
-	     long length)
-{
-	M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE);
-	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
-	M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
-	M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
-}
-
-void PBKDF2PARAM_free (PBKDF2PARAM *a)
-{
-	if(a==NULL) return;
-	ASN1_TYPE_free(a->salt);
-	M_ASN1_INTEGER_free(a->iter);
-	M_ASN1_INTEGER_free(a->keylength);
-	X509_ALGOR_free(a->prf);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
@@ -197,8 +116,10 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
 		goto err;
 
+	EVP_CIPHER_CTX_init(&ctx);
+
 	/* Dummy cipherinit to just setup the IV */
-	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
 	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
 		ASN1err(ASN1_F_PKCS5_PBE2_SET,
 					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
diff --git a/crypto/openssl/crypto/asn1/p8_pkey.c b/crypto/openssl/crypto/asn1/p8_pkey.c
index fa6cbfb..24b4091 100644
--- a/crypto/openssl/crypto/asn1/p8_pkey.c
+++ b/crypto/openssl/crypto/asn1/p8_pkey.c
@@ -58,70 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
-	M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
-	M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
-					 i2d_X509_ATTRIBUTE, 0);
-	
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
-	M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
-	M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
-					 i2d_X509_ATTRIBUTE, 0);
-
-	M_ASN1_I2D_finish();
+	/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+	if(operation == ASN1_OP_FREE_PRE) {
+		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+		if (key->pkey->value.octet_string)
+		OPENSSL_cleanse(key->pkey->value.octet_string->data,
+			key->pkey->value.octet_string->length);
+	}
+	return 1;
 }
 
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void)
-{
-	PKCS8_PRIV_KEY_INFO *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
-	M_ASN1_New (ret->version, M_ASN1_INTEGER_new);
-	M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
-	M_ASN1_New (ret->pkey, ASN1_TYPE_new);
-	ret->attributes = NULL;
-	ret->broken = PKCS8_OK;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
-}
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
-	     unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
-	M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
-	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes,
-					d2i_X509_ATTRIBUTE,
-					X509_ATTRIBUTE_free, 0);
-	M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
-}
-
-void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
-{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free (a->version);
-	X509_ALGOR_free(a->pkeyalg);
-	/* Clear sensitive data */
-	if (a->pkey->value.octet_string)
-		memset (a->pkey->value.octet_string->data,
-				 0, a->pkey->value.octet_string->length);
-	ASN1_TYPE_free (a->pkey);
-	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/crypto/openssl/crypto/asn1/t_crl.c b/crypto/openssl/crypto/asn1/t_crl.c
index d78e4a8..757c148 100644
--- a/crypto/openssl/crypto/asn1/t_crl.c
+++ b/crypto/openssl/crypto/asn1/t_crl.c
@@ -64,8 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static void ext_print(BIO *out, X509_EXTENSION *ex);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
         {
         BIO *b;
@@ -85,12 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 
 int X509_CRL_print(BIO *out, X509_CRL *x)
 {
-	char buf[256];
-	unsigned char *s;
 	STACK_OF(X509_REVOKED) *rev;
 	X509_REVOKED *r;
 	long l;
-	int i, j, n;
+	int i, n;
+	char *p;
 
 	BIO_printf(out, "Certificate Revocation List (CRL):\n");
 	l = X509_CRL_get_version(x);
@@ -98,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	i = OBJ_obj2nid(x->sig_alg->algorithm);
 	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
 				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
-	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
-	BIO_printf(out,"%8sIssuer: %s\n","",buf);
+	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+	BIO_printf(out,"%8sIssuer: %s\n","",p);
+	OPENSSL_free(p);
 	BIO_printf(out,"%8sLast Update: ","");
 	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
 	BIO_printf(out,"\n%8sNext Update: ","");
@@ -109,15 +108,12 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	BIO_printf(out,"\n");
 
 	n=X509_CRL_get_ext_count(x);
-	if (n > 0) {
-		BIO_printf(out,"%8sCRL extensions:\n","");
-		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
-	}
-
+	X509V3_extensions_print(out, "CRL extensions",
+						x->crl->extensions, 0, 8);
 
 	rev = X509_CRL_get_REVOKED(x);
 
-	if(sk_X509_REVOKED_num(rev))
+	if(sk_X509_REVOKED_num(rev) > 0)
 	    BIO_printf(out, "Revoked Certificates:\n");
 	else BIO_printf(out, "No Revoked Certificates.\n");
 
@@ -128,39 +124,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 		BIO_printf(out,"\n        Revocation Date: ","");
 		ASN1_TIME_print(out,r->revocationDate);
 		BIO_printf(out,"\n");
-		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
-				ext_print(out, X509_REVOKED_get_ext(r, j));
-	}
-
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	BIO_printf(out,"    Signature Algorithm: %s",
-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-
-	s = x->signature->data;
-	n = x->signature->length;
-	for (i=0; i<n; i++, s++)
-	{
-		if ((i%18) == 0) BIO_write(out,"\n        ",9);
-		BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+		X509V3_extensions_print(out, "CRL entry extensions",
+						r->extensions, 0, 8);
 	}
-	BIO_write(out,"\n",1);
+	X509_signature_print(out, x->sig_alg, x->signature);
 
 	return 1;
 
 }
-
-static void ext_print(BIO *out, X509_EXTENSION *ex)
-{
-	ASN1_OBJECT *obj;
-	int j;
-	BIO_printf(out,"%12s","");
-	obj=X509_EXTENSION_get_object(ex);
-	i2a_ASN1_OBJECT(out,obj);
-	j=X509_EXTENSION_get_critical(ex);
-	BIO_printf(out, ": %s\n", j ? "critical":"","");
-	if(!X509V3_EXT_print(out, ex, 0, 16)) {
-		BIO_printf(out, "%16s", "");
-		M_ASN1_OCTET_STRING_print(out,ex->value);
-	}
-	BIO_write(out,"\n",1);
-}
diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/openssl/crypto/asn1/t_pkey.c
index a97341d..4e09c9e 100644
--- a/crypto/openssl/crypto/asn1/t_pkey.c
+++ b/crypto/openssl/crypto/asn1/t_pkey.c
@@ -60,21 +60,21 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
 static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
-#ifndef NO_RSA
-#ifndef NO_FP_API
-int RSA_print_fp(FILE *fp, RSA *x, int off)
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
         {
         BIO *b;
         int ret;
@@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, RSA *x, int off)
         }
 #endif
 
-int RSA_print(BIO *bp, RSA *x, int off)
+int RSA_print(BIO *bp, const RSA *x, int off)
 	{
 	char str[128];
 	const char *s;
@@ -130,14 +130,10 @@ int RSA_print(BIO *bp, RSA *x, int off)
 		goto err;
 		}
 
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
 	if (x->d != NULL)
 		{
-		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if(!BIO_indent(bp,off,128))
+		   goto err;
 		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
 			<= 0) goto err;
 		}
@@ -160,11 +156,11 @@ err:
 	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
-#endif /* NO_RSA */
+#endif /* OPENSSL_NO_RSA */
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSA_print_fp(FILE *fp, DSA *x, int off)
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
 	{
 	BIO *b;
 	int ret;
@@ -181,9 +177,8 @@ int DSA_print_fp(FILE *fp, DSA *x, int off)
 	}
 #endif
 
-int DSA_print(BIO *bp, DSA *x, int off)
+int DSA_print(BIO *bp, const DSA *x, int off)
 	{
-	char str[128];
 	unsigned char *m=NULL;
 	int ret=0;
 	size_t buf_len=0,i;
@@ -210,14 +205,10 @@ int DSA_print(BIO *bp, DSA *x, int off)
 		goto err;
 		}
 
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
 	if (x->priv_key != NULL)
 		{
-		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if(!BIO_indent(bp,off,128))
+		   goto err;
 		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
 			<= 0) goto err;
 		}
@@ -234,23 +225,18 @@ err:
 	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
 
 static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	     int off)
 	{
 	int n,i;
-	char str[128];
 	const char *neg;
 
 	if (num == NULL) return(1);
 	neg=(num->neg)?"-":"";
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		if (BIO_write(bp,str,off) <= 0) return(0);
-		}
+	if(!BIO_indent(bp,off,128))
+		return 0;
 
 	if (BN_num_bytes(num) <= BN_BYTES)
 		{
@@ -274,9 +260,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 			{
 			if ((i%15) == 0)
 				{
-				str[0]='\n';
-				memset(&(str[1]),' ',off+4);
-				if (BIO_write(bp,str,off+1+4) <= 0) return(0);
+				if(BIO_puts(bp,"\n") <= 0
+				   || !BIO_indent(bp,off+4,128))
+				    return 0;
 				}
 			if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
 				<= 0) return(0);
@@ -286,9 +272,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	return(1);
 	}
 
-#ifndef NO_DH
-#ifndef NO_FP_API
-int DHparams_print_fp(FILE *fp, DH *x)
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
         {
         BIO *b;
         int ret;
@@ -305,7 +291,7 @@ int DHparams_print_fp(FILE *fp, DH *x)
         }
 #endif
 
-int DHparams_print(BIO *bp, DH *x)
+int DHparams_print(BIO *bp, const DH *x)
 	{
 	unsigned char *m=NULL;
 	int reason=ERR_R_BUF_LIB,ret=0;
@@ -344,9 +330,9 @@ err:
 	}
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSAparams_print_fp(FILE *fp, DSA *x)
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
         {
         BIO *b;
         int ret;
@@ -363,11 +349,11 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
         }
 #endif
 
-int DSAparams_print(BIO *bp, DSA *x)
+int DSAparams_print(BIO *bp, const DSA *x)
 	{
 	unsigned char *m=NULL;
 	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
+	size_t buf_len=0,i;
 
 	if (x->p)
 		buf_len = (size_t)BN_num_bytes(x->p);
@@ -397,5 +383,5 @@ err:
 	return(ret);
 	}
 
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
 
diff --git a/crypto/openssl/crypto/asn1/t_req.c b/crypto/openssl/crypto/asn1/t_req.c
index ea1af09..740cee8 100644
--- a/crypto/openssl/crypto/asn1/t_req.c
+++ b/crypto/openssl/crypto/asn1/t_req.c
@@ -64,7 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         {
         BIO *b;
@@ -82,173 +82,195 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         }
 #endif
 
-int X509_REQ_print(BIO *bp, X509_REQ *x)
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
 	{
 	unsigned long l;
-	int i,n;
-	char *s;
+	int i;
 	const char *neg;
 	X509_REQ_INFO *ri;
 	EVP_PKEY *pkey;
 	STACK_OF(X509_ATTRIBUTE) *sk;
 	STACK_OF(X509_EXTENSION) *exts;
-	char str[128];
+	char mlch = ' ';
+	int nmindent = 0;
+
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+		mlch = '\n';
+		nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
+
 
 	ri=x->req_info;
-	sprintf(str,"Certificate Request:\n");
-	if (BIO_puts(bp,str) <= 0) goto err;
-	sprintf(str,"%4sData:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-	l=0;
-	for (i=0; i<ri->version->length; i++)
-		{ l<<=8; l+=ri->version->data[i]; }
-	sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
-	if (BIO_puts(bp,str) <= 0) goto err;
-	sprintf(str,"%8sSubject: ","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	X509_NAME_print(bp,ri->subject,16);
-	sprintf(str,"\n%8sSubject Public Key Info:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-	i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
-	sprintf(str,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	pkey=X509_REQ_get_pubkey(x);
-#ifndef NO_RSA
-	if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
 		}
-	else 
-#endif
-#ifndef NO_DSA
-		if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
+	if(!(cflag & X509_FLAG_NO_VERSION))
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+		neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+		l=0;
+		for (i=0; i<ri->version->length; i++)
+			{ l<<=8; l+=ri->version->data[i]; }
+		if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+			      l) <= 0)
+		    goto err;
 		}
-	else
-#endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-	if (pkey != NULL)
-	    EVP_PKEY_free(pkey);
-
-	/* may not be */
-	sprintf(str,"%8sAttributes:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	sk=x->req_info->attributes;
-	if ((sk == NULL) || (sk_X509_ATTRIBUTE_num(sk) == 0))
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
 		{
-		if (!x->req_info->req_kludge)
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
+
+		pkey=X509_REQ_get_pubkey(x);
+		if (pkey == NULL)
+			{
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
 			{
-			sprintf(str,"%12sa0:00\n","");
-			if (BIO_puts(bp,str) <= 0) goto err;
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
 			}
+		else
+#endif
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
+#endif
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+		EVP_PKEY_free(pkey);
 		}
-	else
+
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
 		{
-		for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+		/* may not be */
+		if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+		    goto err;
+
+		sk=x->req_info->attributes;
+		if (sk_X509_ATTRIBUTE_num(sk) == 0)
 			{
-			ASN1_TYPE *at;
-			X509_ATTRIBUTE *a;
-			ASN1_BIT_STRING *bs=NULL;
-			ASN1_TYPE *t;
-			int j,type=0,count=1,ii=0;
-
-			a=sk_X509_ATTRIBUTE_value(sk,i);
-			if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-								continue;
-			sprintf(str,"%12s","");
-			if (BIO_puts(bp,str) <= 0) goto err;
-			if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+			if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+			    goto err;
+			}
+		else
 			{
-			if (a->set)
+			for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+				{
+				ASN1_TYPE *at;
+				X509_ATTRIBUTE *a;
+				ASN1_BIT_STRING *bs=NULL;
+				ASN1_TYPE *t;
+				int j,type=0,count=1,ii=0;
+
+				a=sk_X509_ATTRIBUTE_value(sk,i);
+				if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+									continue;
+				if(BIO_printf(bp,"%12s","") <= 0)
+				    goto err;
+				if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
 				{
-				ii=0;
-				count=sk_ASN1_TYPE_num(a->value.set);
+				if (a->single)
+					{
+					t=a->value.single;
+					type=t->type;
+					bs=t->value.bit_string;
+					}
+				else
+					{
+					ii=0;
+					count=sk_ASN1_TYPE_num(a->value.set);
 get_next:
-				at=sk_ASN1_TYPE_value(a->value.set,ii);
-				type=at->type;
-				bs=at->value.asn1_string;
+					at=sk_ASN1_TYPE_value(a->value.set,ii);
+					type=at->type;
+					bs=at->value.asn1_string;
+					}
 				}
-			else
-				{
-				t=a->value.single;
-				type=t->type;
-				bs=t->value.bit_string;
+				for (j=25-j; j>0; j--)
+					if (BIO_write(bp," ",1) != 1) goto err;
+				if (BIO_puts(bp,":") <= 0) goto err;
+				if (	(type == V_ASN1_PRINTABLESTRING) ||
+					(type == V_ASN1_T61STRING) ||
+					(type == V_ASN1_IA5STRING))
+					{
+					if (BIO_write(bp,(char *)bs->data,bs->length)
+						!= bs->length)
+						goto err;
+					BIO_puts(bp,"\n");
+					}
+				else
+					{
+					BIO_puts(bp,"unable to print attribute\n");
+					}
+				if (++ii < count) goto get_next;
 				}
 			}
-			for (j=25-j; j>0; j--)
-				if (BIO_write(bp," ",1) != 1) goto err;
-			if (BIO_puts(bp,":") <= 0) goto err;
-			if (	(type == V_ASN1_PRINTABLESTRING) ||
-				(type == V_ASN1_T61STRING) ||
-				(type == V_ASN1_IA5STRING))
+		}
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+		{
+		exts = X509_REQ_get_extensions(x);
+		if(exts)
+			{
+			BIO_printf(bp,"%8sRequested Extensions:\n","");
+			for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
 				{
-				if (BIO_write(bp,(char *)bs->data,bs->length)
-					!= bs->length)
+				ASN1_OBJECT *obj;
+				X509_EXTENSION *ex;
+				int j;
+				ex=sk_X509_EXTENSION_value(exts, i);
+				if (BIO_printf(bp,"%12s","") <= 0) goto err;
+				obj=X509_EXTENSION_get_object(ex);
+				i2a_ASN1_OBJECT(bp,obj);
+				j=X509_EXTENSION_get_critical(ex);
+				if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 					goto err;
-				BIO_puts(bp,"\n");
-				}
-			else
-				{
-				BIO_puts(bp,"unable to print attribute\n");
+				if(!X509V3_EXT_print(bp, ex, 0, 16))
+					{
+					BIO_printf(bp, "%16s", "");
+					M_ASN1_OCTET_STRING_print(bp,ex->value);
+					}
+				if (BIO_write(bp,"\n",1) <= 0) goto err;
 				}
-			if (++ii < count) goto get_next;
+			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
 			}
 		}
 
-	exts = X509_REQ_get_extensions(x);
-	if(exts) {
-		BIO_printf(bp,"%8sRequested Extensions:\n","");
-		for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
-			ASN1_OBJECT *obj;
-			X509_EXTENSION *ex;
-			int j;
-			ex=sk_X509_EXTENSION_value(exts, i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-				goto err;
-			if(!X509V3_EXT_print(bp, ex, 0, 16)) {
-				BIO_printf(bp, "%16s", "");
-				M_ASN1_OCTET_STRING_print(bp,ex->value);
-			}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-	}
-
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	sprintf(str,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		if ((i%18) == 0)
-			{
-			sprintf(str,"\n%8s","");
-			if (BIO_puts(bp,str) <= 0) goto err;
-			}
-		sprintf(str,"%02x%s",(unsigned char)s[i],((i+1) == n)?"":":");
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
 		}
-	if (BIO_puts(bp,"\n") <= 0) goto err;
+
 	return(1);
 err:
 	X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
 	return(0);
 	}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+	{
+	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
diff --git a/crypto/openssl/crypto/asn1/t_spki.c b/crypto/openssl/crypto/asn1/t_spki.c
index d708434..5abfbc8 100644
--- a/crypto/openssl/crypto/asn1/t_spki.c
+++ b/crypto/openssl/crypto/asn1/t_spki.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
 /* Print out an SPKI */
 
@@ -76,7 +76,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 	pkey = X509_PUBKEY_get(spki->spkac->pubkey);
 	if(!pkey) BIO_printf(out, "  Unable to load public key\n");
 	else {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			BIO_printf(out,"  RSA Public Key: (%d bit)\n",
@@ -85,7 +85,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 			}
 		else 
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		BIO_printf(out,"  DSA Public Key:\n");
diff --git a/crypto/openssl/crypto/asn1/t_x509.c b/crypto/openssl/crypto/asn1/t_x509.c
index 89ae73a..d1034c4 100644
--- a/crypto/openssl/crypto/asn1/t_x509.c
+++ b/crypto/openssl/crypto/asn1/t_x509.c
@@ -60,18 +60,23 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
+	{
+	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
         {
         BIO *b;
         int ret;
@@ -82,144 +87,165 @@ int X509_print_fp(FILE *fp, X509 *x)
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print(b, x);
+        ret=X509_print_ex(b, x, nmflag, cflag);
         BIO_free(b);
         return(ret);
         }
 #endif
 
 int X509_print(BIO *bp, X509 *x)
+{
+	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
-	int ret=0,i,j,n;
-	char *m=NULL,*s;
+	int ret=0,i;
+	char *m=NULL,mlch = ' ';
+	int nmindent = 0;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
 	const char *neg;
-	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+			mlch = '\n';
+			nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
+
 	ci=x->cert_info;
-	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-	l=X509_get_version(x);
-	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-	bs=X509_get_serialNumber(x);
-	if (bs->length <= 4)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		l=ASN1_INTEGER_get(bs);
-		if (l < 0)
-			{
-			l= -l;
-			neg="-";
-			}
-		else
-			neg="";
-		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-			goto err;
+		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
 		}
-	else
+	if(!(cflag & X509_FLAG_NO_VERSION))
+		{
+		l=X509_get_version(x);
+		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_SERIAL))
 		{
-		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-		for (i=0; i<bs->length; i++)
+		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+		bs=X509_get_serialNumber(x);
+		if (bs->length <= 4)
 			{
-			if (BIO_printf(bp,"%02x%c",bs->data[i],
-				((i+1 == bs->length)?'\n':':')) <= 0)
+			l=ASN1_INTEGER_get(bs);
+			if (l < 0)
+				{
+				l= -l;
+				neg="-";
+				}
+			else
+				neg="";
+			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
 				goto err;
 			}
-		}
+		else
+			{
+			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-	i=OBJ_obj2nid(ci->signature->algorithm);
-	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-		goto err;
+			for (i=0; i<bs->length; i++)
+				{
+				if (BIO_printf(bp,"%02x%c",bs->data[i],
+					((i+1 == bs->length)?'\n':':')) <= 0)
+					goto err;
+				}
+			}
 
-	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-		goto err;
-	i=OBJ_obj2nid(ci->key->algor->algorithm);
-	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+		}
 
-	pkey=X509_get_pubkey(x);
-	if (pkey == NULL)
+	if(!(cflag & X509_FLAG_NO_SIGNAME))
 		{
-		BIO_printf(bp,"%12sUnable to load Public Key\n","");
-		ERR_print_errors(bp);
+		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
 		}
-	else
-#ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+
+	if(!(cflag & X509_FLAG_NO_ISSUER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-		BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
-#endif
-#ifndef NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
+	if(!(cflag & X509_FLAG_NO_VALIDITY))
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
+		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
-#endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-	EVP_PKEY_free(pkey);
-
-	n=X509_get_ext_count(x);
-	if (n > 0)
+	if(!(cflag & X509_FLAG_NO_SUBJECT))
+		{
+		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
 		{
-		BIO_printf(bp,"%8sX509v3 extensions:\n","");
-		for (i=0; i<n; i++)
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
+
+		pkey=X509_get_pubkey(x);
+		if (pkey == NULL)
 			{
-			ASN1_OBJECT *obj;
-			ex=X509_get_ext(x,i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-				goto err;
-			if(!X509V3_EXT_print(bp, ex, 0, 16))
-				{
-				BIO_printf(bp, "%16s", "");
-				M_ASN1_OCTET_STRING_print(bp,ex->value);
-				}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
 			}
+		else
+#endif
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
+#endif
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+		EVP_PKEY_free(pkey);
 		}
 
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+		X509V3_extensions_print(bp, "X509v3 extensions",
+					ci->extensions, cflag, 8);
 
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		if ((i%18) == 0)
-			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-		if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-			((i+1) == n)?"":":") <= 0) goto err;
+		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_AUX))
+		{
+		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 		}
-	if (BIO_write(bp,"\n",1) != 1) goto err;
-	if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 	ret=1;
 err:
 	if (str != NULL) ASN1_STRING_free(str);
@@ -227,6 +253,71 @@ err:
 	return(ret);
 	}
 
+int X509_ocspid_print (BIO *bp, X509 *x)
+	{
+	unsigned char *der=NULL ;
+	unsigned char *dertmp;
+	int derlen;
+	int i;
+	unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+	/* display the hash of the subject as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+		goto err;
+	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+		goto err;
+	i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+		}
+	OPENSSL_free (der);
+	der=NULL;
+
+	/* display the hash of the public key as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+		goto err;
+
+	EVP_Digest(x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+			goto err;
+		}
+	BIO_printf(bp,"\n");
+
+	return (1);
+err:
+	if (der != NULL) OPENSSL_free(der);
+	return(0);
+	}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+	unsigned char *s;
+	int i, n;
+	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+	n=sig->length;
+	s=sig->data;
+	for (i=0; i<n; i++)
+		{
+		if ((i%18) == 0)
+			if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+			if (BIO_printf(bp,"%02x%s",s[i],
+				((i+1) == n)?"":":") <= 0) return 0;
+		}
+	if (BIO_write(bp,"\n",1) != 1) return 0;
+	return 1;
+}
+
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
@@ -342,15 +433,17 @@ err:
 
 int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	{
-	char *s,*c;
+	char *s,*c,*b;
 	int ret=0,l,ll,i,first=1;
-	char buf[256];
 
 	ll=80-2-obase;
 
-	s=X509_NAME_oneline(name,buf,256);
+	b=s=X509_NAME_oneline(name,NULL,0);
 	if (!*s)
+		{
+		OPENSSL_free(b);
 		return 1;
+		}
 	s++; /* skip the first slash */
 
 	l=ll;
@@ -406,6 +499,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 err:
 		X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
 		}
+	OPENSSL_free(b);
 	return(ret);
 	}
 
diff --git a/crypto/openssl/crypto/asn1/t_x509a.c b/crypto/openssl/crypto/asn1/t_x509a.c
index f06af5b5..ffbbfb5 100644
--- a/crypto/openssl/crypto/asn1/t_x509a.c
+++ b/crypto/openssl/crypto/asn1/t_x509a.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 /* X509_CERT_AUX and string set routines
@@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 		for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
 			if(!first) BIO_puts(out, ", ");
 			else first = 0;
-			OBJ_obj2txt(oidstr, 80,
+			OBJ_obj2txt(oidstr, sizeof oidstr,
 				sk_ASN1_OBJECT_value(aux->trust, i), 0);
 			BIO_puts(out, oidstr);
 		}
@@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 		for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
 			if(!first) BIO_puts(out, ", ");
 			else first = 0;
-			OBJ_obj2txt(oidstr, 80,
+			OBJ_obj2txt(oidstr, sizeof oidstr,
 				sk_ASN1_OBJECT_value(aux->reject, i), 0);
 			BIO_puts(out, oidstr);
 		}
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
new file mode 100644
index 0000000..76fc023
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -0,0 +1,958 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+			unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
+static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
+					const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static unsigned long tag2bit[32]={
+0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
+B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+	};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+	if((tag < 0) || (tag > 30)) return 0;
+	return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)	if(c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just 
+ * like a standard 'd2i' function. 'in' points to 
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
+{
+	ASN1_TLC c;
+	ASN1_VALUE *ptmpval = NULL;
+	if(!pval) pval = &ptmpval;
+	asn1_tlc_clear(&c);
+	if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+		return *pval;
+	return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+{
+	ASN1_TLC c;
+	asn1_tlc_clear(&c);
+	return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+				int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	const ASN1_TEMPLATE *tt, *errtt = NULL;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	unsigned char *p, *q, imphack = 0, oclass;
+	char seq_eoc, seq_nolen, cst, isopt;
+	long tmplen;
+	int i;
+	int otag;
+	int ret = 0;
+	ASN1_VALUE *pchval, **pchptr, *ptmpval;
+	if(!pval) return 0;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) {
+			/* tagging or OPTIONAL is currently illegal on an item template
+			 * because the flags can't get passed down. In practice this isn't
+			 * a problem: we include the relevant flags from the item template
+			 * in the template itself.
+			 */
+			if ((tag != -1) || opt) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+				goto err;
+			}
+			return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
+		}
+		return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		p = *in;
+		/* Just read in tag and class */
+		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} 
+		/* Must be UNIVERSAL class */
+		if(oclass != V_ASN1_UNIVERSAL) {
+			/* If OPTIONAL, assume this is OK */
+			if(opt) return -1;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+			goto err;
+		} 
+		/* Check tag matches bit map */
+		if(!(ASN1_tag2bit(otag) & it->utype)) {
+			/* If OPTIONAL, assume this is OK */
+			if(opt) return -1;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+			goto err;
+		} 
+		return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+		case ASN1_ITYPE_EXTERN:
+		/* Use new style d2i */
+		ef = it->funcs;
+		return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+		case ASN1_ITYPE_COMPAT:
+		/* we must resort to old style evil hackery */
+		cf = it->funcs;
+
+		/* If OPTIONAL see if it is there */
+		if(opt) {
+			int exptag;
+			p = *in;
+			if(tag == -1) exptag = it->utype;
+			else exptag = tag;
+			/* Don't care about anything other than presence of expected tag */
+			ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
+			if(!ret) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+			if(ret == -1) return -1;
+		}
+		/* This is the old style evil hack IMPLICIT handling:
+		 * since the underlying code is expecting a tag and
+		 * class other than the one present we change the
+		 * buffer temporarily then change it back afterwards.
+		 * This doesn't and never did work for tags > 30.
+		 *
+		 * Yes this is *horrible* but it is only needed for
+		 * old style d2i which will hopefully not be around
+		 * for much longer.
+		 * FIXME: should copy the buffer then modify it so
+		 * the input buffer can be const: we should *always*
+		 * copy because the old style d2i might modify the
+		 * buffer.
+		 */
+
+		if(tag != -1) {
+			p = *in;
+			imphack = *p;
+			*p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
+		}
+
+		ptmpval = cf->asn1_d2i(pval, in, len);
+
+		if(tag != -1) *p = imphack;
+
+		if(ptmpval) return 1;
+		ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+				goto auxerr;
+
+		/* Allocate structure */
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
+		/* CHOICE type, try each possibility in turn */
+		pchval = NULL;
+		p = *in;
+		for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
+			pchptr = asn1_get_field_ptr(pval, tt);
+			/* We mark field as OPTIONAL so its absence
+			 * can be recognised.
+			 */
+			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+			/* If field not present, try the next one */
+			if(ret == -1) continue;
+			/* If positive return, read OK, break loop */
+			if(ret > 0) break;
+			/* Otherwise must be an ASN1 parsing error */
+			errtt = tt;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		}
+		/* Did we fall off the end without reading anything? */
+		if(i == it->tcount) {
+			/* If OPTIONAL, this is OK */
+			if(opt) {
+				/* Free and zero it */
+				ASN1_item_ex_free(pval, it);
+				return -1;
+			}
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+			goto err;
+		}
+		asn1_set_choice_selector(pval, i, it);
+		*in = p;
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+				goto auxerr;
+		return 1;
+
+		case ASN1_ITYPE_SEQUENCE:
+		p = *in;
+		tmplen = len;
+
+		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+		if(tag == -1) {
+			tag = V_ASN1_SEQUENCE;
+			aclass = V_ASN1_UNIVERSAL;
+		}
+		/* Get SEQUENCE length and update len, p */
+		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+		if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+			len = tmplen - (p - *in);
+			seq_nolen = 1;
+		} else seq_nolen = seq_eoc;	/* If indefinite we don't do a length check */
+		if(!cst) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+			goto err;
+		}
+
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+				goto auxerr;
+
+		/* Get each field entry */
+		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) goto err;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* Have we ran out of data? */
+			if(!len) break;
+			q = p;
+			if(asn1_check_eoc(&p, len)) {
+				if(!seq_eoc) {
+					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+					goto err;
+				}
+				len -= p - q;
+				seq_eoc = 0;
+				q = p;
+				break;
+			}
+			/* This determines the OPTIONAL flag value. The field cannot
+			 * be omitted if it is the last of a SEQUENCE and there is
+			 * still data to be read. This isn't strictly necessary but
+			 * it increases efficiency in some cases.
+			 */
+			if(i == (it->tcount - 1)) isopt = 0;
+			else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+			/* attempt to read in field, allowing each to be OPTIONAL */
+			ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+			if(!ret) {
+				errtt = seqtt;
+				goto err;
+			} else if(ret == -1) {
+				/* OPTIONAL component absent. Free and zero the field
+				 */
+				ASN1_template_free(pseqval, seqtt);
+				continue;
+			}
+			/* Update length */
+			len -= p - q;
+		}
+		/* Check for EOC if expecting one */
+		if(seq_eoc && !asn1_check_eoc(&p, len)) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+			goto err;
+		}
+		/* Check all data read */
+		if(!seq_nolen && len) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+			goto err;
+		}
+
+		/* If we get here we've got no more data in the SEQUENCE,
+		 * however we may not have read all fields so check all
+		 * remaining are OPTIONAL and clear any that are.
+		 */
+		for(; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) goto err;
+			if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
+				ASN1_VALUE **pseqval;
+				pseqval = asn1_get_field_ptr(pval, seqtt);
+				ASN1_template_free(pseqval, seqtt);
+			} else {
+				errtt = seqtt;
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+				goto err;
+			}
+		}
+		/* Save encoding */
+		if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
+		*in = p;
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+				goto auxerr;
+		return 1;
+
+		default:
+		return 0;
+	}
+	auxerr:
+	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+	err:
+	ASN1_item_ex_free(pval, it);
+	if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
+	else ERR_add_error_data(2, "Type=", it->sname);
+	return 0;
+}
+
+/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
+ * rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+	int flags, aclass;
+	int ret;
+	long len;
+	unsigned char *p, *q;
+	char exp_eoc;
+	if(!val) return 0;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+	p = *in;
+
+	/* Check if EXPLICIT tag expected */
+	if(flags & ASN1_TFLG_EXPTAG) {
+		char cst;
+		/* Need to work out amount of data available to the inner content and where it
+		 * starts: so read in EXPLICIT header to get the info.
+		 */
+		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
+		q = p;
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		} else if(ret == -1) return -1;
+		if(!cst) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+			return 0;
+		}
+		/* We've found the field so it can't be OPTIONAL now */
+		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		/* We read the field in OK so update length */
+		len -= p - q;
+		if(exp_eoc) {
+			/* If NDEF we must have an EOC here */
+			if(!asn1_check_eoc(&p, len)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+				goto err;
+			}
+		} else {
+			/* Otherwise we must hit the EXPLICIT tag end or its an error */
+			if(len) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+				goto err;
+			}
+		}
+	} else 
+		return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+	*in = p;
+	return 1;
+
+	err:
+	ASN1_template_free(val, tt);
+	*val = NULL;
+	return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+	int flags, aclass;
+	int ret;
+	unsigned char *p, *q;
+	if(!val) return 0;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+	p = *in;
+	q = p;
+
+	if(flags & ASN1_TFLG_SK_MASK) {
+		/* SET OF, SEQUENCE OF */
+		int sktag, skaclass;
+		char sk_eoc;
+		/* First work out expected inner tag value */
+		if(flags & ASN1_TFLG_IMPTAG) {
+			sktag = tt->tag;
+			skaclass = aclass;
+		} else {
+			skaclass = V_ASN1_UNIVERSAL;
+			if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
+			else sktag = V_ASN1_SEQUENCE;
+		}
+		/* Get the tag */
+		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		} else if(ret == -1) return -1;
+		if(!*val) *val = (ASN1_VALUE *)sk_new_null();
+		else {
+			/* We've got a valid STACK: free up any items present */
+			STACK *sktmp = (STACK *)*val;
+			ASN1_VALUE *vtmp;
+			while(sk_num(sktmp) > 0) {
+				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+				ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+			}
+		}
+				
+		if(!*val) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		/* Read as many items as we can */
+		while(len > 0) {
+			ASN1_VALUE *skfield;
+			q = p;
+			/* See if EOC found */
+			if(asn1_check_eoc(&p, len)) {
+				if(!sk_eoc) {
+					ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
+					goto err;
+				}
+				len -= p - q;
+				sk_eoc = 0;
+				break;
+			}
+			skfield = NULL;
+			if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+			len -= p - q;
+			if(!sk_push((STACK *)*val, (char *)skfield)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
+		}
+		if(sk_eoc) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+			goto err;
+		}
+	} else if(flags & ASN1_TFLG_IMPTAG) {
+		/* IMPLICIT tagging */
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+	} else {
+		/* Nothing special */
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+	}
+
+	*in = p;
+	return 1;
+
+	err:
+	ASN1_template_free(val, tt);
+	*val = NULL;
+	return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
+						const ASN1_ITEM *it,
+						int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	int ret = 0, utype;
+	long plen;
+	char cst, inf, free_cont = 0;
+	unsigned char *p;
+	BUF_MEM buf;
+	unsigned char *cont = NULL;
+	long len; 
+	if(!pval) {
+		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+		return 0; /* Should never happen */
+	}
+
+	if(it->itype == ASN1_ITYPE_MSTRING) {
+		utype = tag;
+		tag = -1;
+	} else utype = it->utype;
+
+	if(utype == V_ASN1_ANY) {
+		/* If type is ANY need to figure out type from tag */
+		unsigned char oclass;
+		if(tag >= 0) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+			return 0;
+		}
+		if(opt) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
+			return 0;
+		}
+		p = *in;
+		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
+	}
+	if(tag == -1) {
+		tag = utype;
+		aclass = V_ASN1_UNIVERSAL;
+	}
+	p = *in;
+	/* Check header */
+	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
+	if(!ret) {
+		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+		return 0;
+	} else if(ret == -1) return -1;
+	/* SEQUENCE, SET and "OTHER" are left in encoded form */
+	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+		/* Clear context cache for type OTHER because the auto clear when
+		 * we have a exact match wont work
+		 */
+		if(utype == V_ASN1_OTHER) {
+			asn1_tlc_clear(ctx);
+		/* SEQUENCE and SET must be constructed */
+		} else if(!cst) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
+			return 0;
+		}
+
+		cont = *in;
+		/* If indefinite length constructed find the real end */
+		if(inf) {
+			if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+			len = p - cont;
+		} else {
+			len = p - cont + plen;
+			p += plen;
+			buf.data = NULL;
+		}
+	} else if(cst) {
+		buf.length = 0;
+		buf.max = 0;
+		buf.data = NULL;
+		/* Should really check the internal tags are correct but
+		 * some things may get this wrong. The relevant specs
+		 * say that constructed string types should be OCTET STRINGs
+		 * internally irrespective of the type. So instead just check
+		 * for UNIVERSAL class and ignore the tag.
+		 */
+		if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
+		len = buf.length;
+		/* Append a final null to string */
+		if(!BUF_MEM_grow_clean(&buf, len + 1)) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		buf.data[len] = 0;
+		cont = (unsigned char *)buf.data;
+		free_cont = 1;
+	} else {
+		cont = p;
+		len = plen;
+		p += plen;
+	}
+
+	/* We now have content length and type: translate into a structure */
+	if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
+
+	*in = p;
+	ret = 1;
+	err:
+	if(free_cont && buf.data) OPENSSL_free(buf.data);
+	return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	ASN1_STRING *stmp;
+	ASN1_TYPE *typ = NULL;
+	int ret = 0;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	ASN1_INTEGER **tint;
+	pf = it->funcs;
+	if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+	/* If ANY type clear type and set pointer to internal value */
+	if(it->utype == V_ASN1_ANY) {
+		if(!*pval) {
+			typ = ASN1_TYPE_new();
+			*pval = (ASN1_VALUE *)typ;
+		} else typ = (ASN1_TYPE *)*pval;
+		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+	}
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
+		break;
+
+		case V_ASN1_NULL:
+		if(len) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
+			goto err;
+		}
+		*pval = (ASN1_VALUE *)1;
+		break;
+
+		case V_ASN1_BOOLEAN:
+		if(len != 1) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+			goto err;
+		} else {
+			ASN1_BOOLEAN *tbool;
+			tbool = (ASN1_BOOLEAN *)pval;
+			*tbool = *cont;
+		}
+		break;
+
+		case V_ASN1_BIT_STRING:
+		if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		tint = (ASN1_INTEGER **)pval;
+		if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
+		/* Fixup type to match the expected form */
+		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+		break;
+
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_OTHER:
+		case V_ASN1_SET:
+		case V_ASN1_SEQUENCE:
+		default:
+		/* All based on ASN1_STRING and handled the same */
+		if(!*pval) {
+			stmp = ASN1_STRING_type_new(utype);
+			if(!stmp) {
+				ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
+			*pval = (ASN1_VALUE *)stmp;
+		} else {
+			stmp = (ASN1_STRING *)*pval;
+			stmp->type = utype;
+		}
+		/* If we've already allocated a buffer use it */
+		if(*free_cont) {
+			if(stmp->data) OPENSSL_free(stmp->data);
+			stmp->data = cont;
+			stmp->length = len;
+			*free_cont = 0;
+		} else {
+			if(!ASN1_STRING_set(stmp, cont, len)) {
+				ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+				ASN1_STRING_free(stmp);	
+				*pval = NULL;
+				goto err;
+			}
+		}
+		break;
+	}
+	/* If ASN1_ANY and NULL type fix up value */
+	if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
+
+	ret = 1;
+	err:
+	if(!ret) ASN1_TYPE_free(typ);
+	return ret;
+}
+
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length. If 'buf' is NULL then we just want
+ * to find the end of the current structure: useful for indefinite
+ * length constructed stuff.
+ */
+
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
+{
+	unsigned char *p, *q;
+	long plen;
+	char cst, ininf;
+	p = *in;
+	inf &= 1;
+	/* If no buffer and not indefinite length constructed just pass over the encoded data */
+	if(!buf && !inf) {
+		*in += len;
+		return 1;
+	}
+	while(len > 0) {
+		q = p;
+		/* Check for EOC */
+		if(asn1_check_eoc(&p, len)) {
+			/* EOC is illegal outside indefinite length constructed form */
+			if(!inf) {
+				ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+				return 0;
+			}
+			inf = 0;
+			break;
+		}
+		if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
+			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		/* If indefinite length constructed update max length */
+		if(cst) {
+			if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+		} else {
+			if(!collect_data(buf, &p, plen)) return 0;
+		}
+		len -= p - q;
+	}
+	if(inf) {
+		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+		return 0;
+	}
+	*in = p;
+	return 1;
+}
+
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
+{
+		int len;
+		if(buf) {
+			len = buf->length;
+			if(!BUF_MEM_grow_clean(buf, len + plen)) {
+				ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+				return 0;
+			}
+			memcpy(buf->data + len, *p, plen);
+		}
+		*p += plen;
+		return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(unsigned char **in, long len)
+{
+	unsigned char *p;
+	if(len < 2) return 0;
+	p = *in;
+	if(!p[0] && !p[1]) {
+		*in += 2;
+		return 1;
+	}
+	return 0;
+}
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+		unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+	int i;
+	int ptag, pclass;
+	long plen;
+	unsigned char *p, *q;
+	p = *in;
+	q = p;
+
+	if(ctx && ctx->valid) {
+		i = ctx->ret;
+		plen = ctx->plen;
+		pclass = ctx->pclass;
+		ptag = ctx->ptag;
+		p += ctx->hdrlen;
+	} else {
+		i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+		if(ctx) {
+			ctx->ret = i;
+			ctx->plen = plen;
+			ctx->pclass = pclass;
+			ctx->ptag = ptag;
+			ctx->hdrlen = p - q;
+			ctx->valid = 1;
+			/* If definite length, and no error, length +
+			 * header can't exceed total amount of data available. 
+			 */
+			if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+				ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+				asn1_tlc_clear(ctx);
+				return 0;
+			}
+		}
+	}
+
+	if(i & 0x80) {
+		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+		asn1_tlc_clear(ctx);
+		return 0;
+	}
+	if(exptag >= 0) {
+		if((exptag != ptag) || (expclass != pclass)) {
+			/* If type is OPTIONAL, not an error, but indicate missing
+			 * type.
+			 */
+			if(opt) return -1;
+			asn1_tlc_clear(ctx);
+			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+			return 0;
+		}
+		/* We have a tag and class match, so assume we are going to do something with it */
+		asn1_tlc_clear(ctx);
+	}
+
+	if(i & 1) plen = len - (p - q);
+
+	if(inf) *inf = i & 1;
+
+	if(cst) *cst = i & V_ASN1_CONSTRUCTED;
+
+	if(olen) *olen = plen;
+	if(oclass) *oclass = pclass;
+	if(otag) *otag = ptag;
+
+	*in = p;
+	return 1;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_enc.c b/crypto/openssl/crypto/asn1/tasn_enc.c
new file mode 100644
index 0000000..f6c8dde
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_enc.c
@@ -0,0 +1,497 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
+
+/* Encode an ASN1 item, this is compatible with the
+ * standard 'i2d' function. 'out' points to 
+ * a buffer to output the data to, in future we will
+ * have more advanced versions that can output data
+ * a piece at a time and this will simply be a special
+ * case.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+	if(out && !*out) {
+		unsigned char *p, *buf;
+		int len;
+		len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
+		if(len <= 0) return len;
+		buf = OPENSSL_malloc(len);
+		if(!buf) return -1;
+		p = buf;
+		ASN1_item_ex_i2d(&val, &p, it, -1, 0);
+		*out = buf;
+		return len;
+	}
+		
+	return ASN1_item_ex_i2d(&val, out, it, -1, 0);
+}
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	const ASN1_TEMPLATE *tt = NULL;
+	unsigned char *p = NULL;
+	int i, seqcontlen, seqlen;
+	ASN1_STRING *strtmp;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates)
+			return ASN1_template_i2d(pval, out, it->templates);
+		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		strtmp = (ASN1_STRING *)*pval;
+		return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+				return 0;
+		i = asn1_get_choice_selector(pval, it);
+		if((i >= 0) && (i < it->tcount)) {
+			ASN1_VALUE **pchval;
+			const ASN1_TEMPLATE *chtt;
+			chtt = it->templates + i;
+			pchval = asn1_get_field_ptr(pval, chtt);
+			return ASN1_template_i2d(pchval, out, chtt);
+		} 
+		/* Fixme: error condition if selector out of range */
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+				return 0;
+		break;
+
+		case ASN1_ITYPE_EXTERN:
+		/* If new style i2d it does all the work */
+		ef = it->funcs;
+		return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+		case ASN1_ITYPE_COMPAT:
+		/* old style hackery... */
+		cf = it->funcs;
+		if(out) p = *out;
+		i = cf->asn1_i2d(*pval, out);
+		/* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+		 * but so did the old code. Tags > 30 are very rare anyway.
+		 */
+		if(out && (tag != -1))
+			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+		return i;
+		
+		case ASN1_ITYPE_SEQUENCE:
+		i = asn1_enc_restore(&seqcontlen, out, pval, it);
+		/* An error occurred */
+		if(i < 0) return 0;
+		/* We have a valid cached encoding... */
+		if(i > 0) return seqcontlen;
+		/* Otherwise carry on */
+		seqcontlen = 0;
+		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+		if(tag == -1) {
+			tag = V_ASN1_SEQUENCE;
+			aclass = V_ASN1_UNIVERSAL;
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+				return 0;
+		/* First work out sequence content length */
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) return 0;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* FIXME: check for errors in enhanced version */
+			/* FIXME: special handling of indefinite length encoding */
+			seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
+		}
+		seqlen = ASN1_object_size(1, seqcontlen, tag);
+		if(!out) return seqlen;
+		/* Output SEQUENCE header */
+		ASN1_put_object(out, 1, seqcontlen, tag, aclass);
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) return 0;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* FIXME: check for errors in enhanced version */
+			ASN1_template_i2d(pseqval, out, seqtt);
+		}
+		if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+				return 0;
+		return seqlen;
+
+		default:
+		return 0;
+	}
+	return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
+{
+	int i, ret, flags, aclass;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+	if(flags & ASN1_TFLG_SK_MASK) {
+		/* SET OF, SEQUENCE OF */
+		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+		int isset, sktag, skaclass;
+		int skcontlen, sklen;
+		ASN1_VALUE *skitem;
+		if(!*pval) return 0;
+		if(flags & ASN1_TFLG_SET_OF) {
+			isset = 1;
+			/* 2 means we reorder */
+			if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
+		} else isset = 0;
+		/* First work out inner tag value */
+		if(flags & ASN1_TFLG_IMPTAG) {
+			sktag = tt->tag;
+			skaclass = aclass;
+		} else {
+			skaclass = V_ASN1_UNIVERSAL;
+			if(isset) sktag = V_ASN1_SET;
+			else sktag = V_ASN1_SEQUENCE;
+		}
+		/* Now work out length of items */
+		skcontlen = 0;
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			skitem = sk_ASN1_VALUE_value(sk, i);
+			skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+		}
+		sklen = ASN1_object_size(1, skcontlen, sktag);
+		/* If EXPLICIT need length of surrounding tag */
+		if(flags & ASN1_TFLG_EXPTAG)
+			ret = ASN1_object_size(1, sklen, tt->tag);
+		else ret = sklen;
+
+		if(!out) return ret;
+
+		/* Now encode this lot... */
+		/* EXPLICIT tag */
+		if(flags & ASN1_TFLG_EXPTAG)
+			ASN1_put_object(out, 1, sklen, tt->tag, aclass);
+		/* SET or SEQUENCE and IMPLICIT tag */
+		ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
+		/* And finally the stuff itself */
+		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
+
+		return ret;
+	}
+			
+	if(flags & ASN1_TFLG_EXPTAG) {
+		/* EXPLICIT tagging */
+		/* Find length of tagged item */
+		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+		if(!i) return 0;
+		/* Find length of EXPLICIT tag */
+		ret = ASN1_object_size(1, i, tt->tag);
+		if(out) {
+			/* Output tag and item */
+			ASN1_put_object(out, 1, i, tt->tag, aclass);
+			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+		}
+		return ret;
+	}
+	if(flags & ASN1_TFLG_IMPTAG) {
+		/* IMPLICIT tagging */
+		return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
+	}
+	/* Nothing special: treat as normal */
+	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef	struct {
+	unsigned char *data;
+	int length;
+	ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+	const DER_ENC *d1 = a, *d2 = b;
+	int cmplen, i;
+	cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+	i = memcmp(d1->data, d2->data, cmplen);
+	if(i) return i;
+	return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
+{
+	int i;
+	ASN1_VALUE *skitem;
+	unsigned char *tmpdat = NULL, *p = NULL;
+	DER_ENC *derlst = NULL, *tder;
+	if(do_sort) {
+		/* Don't need to sort less than 2 items */
+		if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
+		else {
+			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
+			tmpdat = OPENSSL_malloc(skcontlen);
+			if(!derlst || !tmpdat) return 0;
+		}
+	}
+	/* If not sorting just output each item */
+	if(!do_sort) {
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			skitem = sk_ASN1_VALUE_value(sk, i);
+			ASN1_item_i2d(skitem, out, item);
+		}
+		return 1;
+	}
+	p = tmpdat;
+	/* Doing sort: build up a list of each member's DER encoding */
+	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+		skitem = sk_ASN1_VALUE_value(sk, i);
+		tder->data = p;
+		tder->length = ASN1_item_i2d(skitem, &p, item);
+		tder->field = skitem;
+	}
+	/* Now sort them */
+	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+	/* Output sorted DER encoding */	
+	p = *out;
+	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+		memcpy(p, tder->data, tder->length);
+		p += tder->length;
+	}
+	*out = p;
+	/* If do_sort is 2 then reorder the STACK */
+	if(do_sort == 2) {
+		for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+			sk_ASN1_VALUE_set(sk, i, tder->field);
+	}
+	OPENSSL_free(derlst);
+	OPENSSL_free(tmpdat);
+	return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	int len;
+	int utype;
+	int usetag;
+
+	utype = it->utype;
+
+	/* Get length of content octets and maybe find
+	 * out the underlying type.
+	 */
+
+	len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+	/* If SEQUENCE, SET or OTHER then header is
+	 * included in pseudo content octets so don't
+	 * include tag+length. We need to check here
+	 * because the call to asn1_ex_i2c() could change
+	 * utype.
+	 */
+	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+	   (utype == V_ASN1_OTHER))
+		usetag = 0;
+	else usetag = 1;
+
+	/* -1 means omit type */
+
+	if(len == -1) return 0;
+
+	/* If not implicitly tagged get tag from underlying type */
+	if(tag == -1) tag = utype;
+
+	/* Output tag+length followed by content octets */
+	if(out) {
+		if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
+		asn1_ex_i2c(pval, *out, &utype, it);
+		*out += len;
+	}
+
+	if(usetag) return ASN1_object_size(0, len, tag);
+	return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
+{
+	ASN1_BOOLEAN *tbool = NULL;
+	ASN1_STRING *strtmp;
+	ASN1_OBJECT *otmp;
+	int utype;
+	unsigned char *cont, c;
+	int len;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
+
+	/* Should type be omitted? */
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
+		if(!*pval) return -1;
+	}
+
+	if(it->itype == ASN1_ITYPE_MSTRING) {
+		/* If MSTRING type set the underlying type */
+		strtmp = (ASN1_STRING *)*pval;
+		utype = strtmp->type;
+		*putype = utype;
+	} else if(it->utype == V_ASN1_ANY) {
+		/* If ANY set type and pointer to value */
+		ASN1_TYPE *typ;
+		typ = (ASN1_TYPE *)*pval;
+		utype = typ->type;
+		*putype = utype;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+	} else utype = *putype;
+
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		otmp = (ASN1_OBJECT *)*pval;
+		cont = otmp->data;
+		len = otmp->length;
+		break;
+
+		case V_ASN1_NULL:
+		cont = NULL;
+		len = 0;
+		break;
+
+		case V_ASN1_BOOLEAN:
+		tbool = (ASN1_BOOLEAN *)pval;
+		if(*tbool == -1) return -1;
+		/* Default handling if value == size field then omit */
+		if(*tbool && (it->size > 0)) return -1;
+		if(!*tbool && !it->size) return -1;
+		c = (unsigned char)*tbool;
+		cont = &c;
+		len = 1;
+		break;
+
+		case V_ASN1_BIT_STRING:
+		return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		/* These are all have the same content format
+		 * as ASN1_INTEGER
+		 */
+		return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+		break;
+
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_SEQUENCE:
+		case V_ASN1_SET:
+		default:
+		/* All based on ASN1_STRING and handled the same */
+		strtmp = (ASN1_STRING *)*pval;
+		cont = strtmp->data;
+		len = strtmp->length;
+
+		break;
+
+	}
+	if(cout && len) memcpy(cout, cont, len);
+	return len;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_fre.c b/crypto/openssl/crypto/asn1/tasn_fre.c
new file mode 100644
index 0000000..2dd8441
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_fre.c
@@ -0,0 +1,229 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+	asn1_item_combine_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+	const ASN1_TEMPLATE *tt = NULL, *seqtt;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	int i;
+	if(!pval) return;
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) ASN1_template_free(pval, it->templates);
+		else ASN1_primitive_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		ASN1_primitive_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+			if(i == 2) return;
+		}
+		i = asn1_get_choice_selector(pval, it);
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+		if((i >= 0) && (i < it->tcount)) {
+			ASN1_VALUE **pchval;
+			tt = it->templates + i;
+			pchval = asn1_get_field_ptr(pval, tt);
+			ASN1_template_free(pchval, tt);
+		}
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+		if(!combine) {
+			OPENSSL_free(*pval);
+			*pval = NULL;
+		}
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		cf = it->funcs;
+		if(cf && cf->asn1_free) cf->asn1_free(*pval);
+		break;
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_SEQUENCE:
+		if(asn1_do_lock(pval, -1, it) > 0) return;
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+			if(i == 2) return;
+		}		
+		asn1_enc_free(pval, it);
+		/* If we free up as normal we will invalidate any
+		 * ANY DEFINED BY field and we wont be able to 
+		 * determine the type of the field it defines. So
+		 * free up in reverse order.
+		 */
+		tt = it->templates + it->tcount - 1;
+		for(i = 0; i < it->tcount; tt--, i++) {
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 0);
+			if(!seqtt) continue;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			ASN1_template_free(pseqval, seqtt);
+		}
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+		if(!combine) {
+			OPENSSL_free(*pval);
+			*pval = NULL;
+		}
+		break;
+	}
+}
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	int i;
+	if(tt->flags & ASN1_TFLG_SK_MASK) {
+		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			ASN1_VALUE *vtmp;
+			vtmp = sk_ASN1_VALUE_value(sk, i);
+			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+		}
+		sk_ASN1_VALUE_free(sk);
+		*pval = NULL;
+	} else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+						tt->flags & ASN1_TFLG_COMBINE);
+}
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int utype;
+	if(it) {
+		const ASN1_PRIMITIVE_FUNCS *pf;
+		pf = it->funcs;
+		if(pf && pf->prim_free) {
+			pf->prim_free(pval, it);
+			return;
+		}
+	}
+	/* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+	if(!it) {
+		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+		utype = typ->type;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+		if(!*pval) return;
+	} else if(it->itype == ASN1_ITYPE_MSTRING) {
+		utype = -1;
+		if(!*pval) return;
+	} else {
+		utype = it->utype;
+		if((utype != V_ASN1_BOOLEAN) && !*pval) return;
+	}
+
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+		break;
+
+		case V_ASN1_BOOLEAN:
+		if (it)
+			*(ASN1_BOOLEAN *)pval = it->size;
+		else
+			*(ASN1_BOOLEAN *)pval = -1;
+		return;
+
+		case V_ASN1_NULL:
+		break;
+
+		case V_ASN1_ANY:
+		ASN1_primitive_free(pval, NULL);
+		OPENSSL_free(*pval);
+		break;
+
+		default:
+		ASN1_STRING_free((ASN1_STRING *)*pval);
+		*pval = NULL;
+		break;
+	}
+	*pval = NULL;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_new.c b/crypto/openssl/crypto/asn1/tasn_new.c
new file mode 100644
index 0000000..a0e3db5
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_new.c
@@ -0,0 +1,351 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+	ASN1_VALUE *ret = NULL;
+	if(ASN1_item_ex_new(&ret, it) > 0) return ret;
+	return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	return asn1_item_ex_combine_new(pval, it, 0);
+}
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+	const ASN1_TEMPLATE *tt = NULL;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	ASN1_VALUE **pseqval;
+	int i;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	if(!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_new) {
+			if(!ef->asn1_ex_new(pval, it))
+				goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		cf = it->funcs;
+		if(cf && cf->asn1_new) {
+			*pval = cf->asn1_new();
+			if(!*pval) goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) {
+			if(!ASN1_template_new(pval, it->templates))
+				goto memerr;
+		} else {
+			if(!ASN1_primitive_new(pval, it))
+				goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		if(!ASN1_primitive_new(pval, it))
+				goto memerr;
+		break;
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+			if(!i) goto auxerr;
+			if(i==2) {
+#ifdef CRYPTO_MDEBUG
+				if(it->sname) CRYPTO_pop_info();
+#endif
+				return 1;
+			}
+		}
+		if(!combine) {
+			*pval = OPENSSL_malloc(it->size);
+			if(!*pval) goto memerr;
+			memset(*pval, 0, it->size);
+		}
+		asn1_set_choice_selector(pval, -1, it);
+		if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+				goto auxerr;
+		break;
+
+		case ASN1_ITYPE_SEQUENCE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+			if(!i) goto auxerr;
+			if(i==2) {
+#ifdef CRYPTO_MDEBUG
+				if(it->sname) CRYPTO_pop_info();
+#endif
+				return 1;
+			}
+		}
+		if(!combine) {
+			*pval = OPENSSL_malloc(it->size);
+			if(!*pval) goto memerr;
+			memset(*pval, 0, it->size);
+			asn1_do_lock(pval, 0, it);
+			asn1_enc_init(pval, it);
+		}
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			pseqval = asn1_get_field_ptr(pval, tt);
+			if(!ASN1_template_new(pseqval, tt)) goto memerr;
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+				goto auxerr;
+		break;
+	}
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 1;
+
+	memerr:
+	ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 0;
+
+	auxerr:
+	ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
+	ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	const ASN1_EXTERN_FUNCS *ef;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_clear) 
+			ef->asn1_ex_clear(pval, it);
+		else *pval = NULL;
+		break;
+
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) 
+			asn1_template_clear(pval, it->templates);
+		else
+			asn1_primitive_clear(pval, it);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		asn1_primitive_clear(pval, it);
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		case ASN1_ITYPE_CHOICE:
+		case ASN1_ITYPE_SEQUENCE:
+		*pval = NULL;
+		break;
+	}
+}
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+	int ret;
+	if(tt->flags & ASN1_TFLG_OPTIONAL) {
+		asn1_template_clear(pval, tt);
+		return 1;
+	}
+	/* If ANY DEFINED BY nothing to do */
+
+	if(tt->flags & ASN1_TFLG_ADB_MASK) {
+		*pval = NULL;
+		return 1;
+	}
+#ifdef CRYPTO_MDEBUG
+	if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
+	/* If SET OF or SEQUENCE OF, its a STACK */
+	if(tt->flags & ASN1_TFLG_SK_MASK) {
+		STACK_OF(ASN1_VALUE) *skval;
+		skval = sk_ASN1_VALUE_new_null();
+		if(!skval) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+			ret = 0;
+			goto done;
+		}
+		*pval = (ASN1_VALUE *)skval;
+		ret = 1;
+		goto done;
+	}
+	/* Otherwise pass it back to the item routine */
+	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+	done:
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	/* If ADB or STACK just NULL the field */
+	if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+		*pval = NULL;
+	else
+		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
+ * functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_TYPE *typ;
+	int utype;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf && pf->prim_new) return pf->prim_new(pval, it);
+	if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+	else utype = it->utype;
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+		return 1;
+
+		case V_ASN1_BOOLEAN:
+		if (it)
+			*(ASN1_BOOLEAN *)pval = it->size;
+		else
+			*(ASN1_BOOLEAN *)pval = -1;
+		return 1;
+
+		case V_ASN1_NULL:
+		*pval = (ASN1_VALUE *)1;
+		return 1;
+
+		case V_ASN1_ANY:
+		typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+		if(!typ) return 0;
+		typ->value.ptr = NULL;
+		typ->type = -1;
+		*pval = (ASN1_VALUE *)typ;
+		break;
+
+		default:
+		*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+		break;
+	}
+	if(*pval) return 1;
+	return 0;
+}
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int utype;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf) {
+		if(pf->prim_clear)
+			pf->prim_clear(pval, it);
+		else 
+			*pval = NULL;
+		return;
+	}
+	if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+	else utype = it->utype;
+	if(utype == V_ASN1_BOOLEAN)
+		*(ASN1_BOOLEAN *)pval = it->size;
+	else *pval = NULL;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_prn.c b/crypto/openssl/crypto/asn1/tasn_prn.c
new file mode 100644
index 0000000..719639b
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_prn.c
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+	return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+	ASN1_STRING *str;
+	const ASN1_TEMPLATE *tt;
+	void *tmpfld;
+	int i;
+	if(!fld) {
+		BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+		return 1;
+	}
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates)
+			return ASN1_template_print(out, fld, indent, it->templates);
+		return asn1_primitive_print(out, fld, it->utype, indent, name);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		str = fld;
+		return asn1_primitive_print(out, fld, str->type, indent, name);
+
+		case ASN1_ITYPE_EXTERN:
+		BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+		return 1;
+		case ASN1_ITYPE_COMPAT:
+		BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+		return 1;
+
+
+		case ASN1_ITYPE_CHOICE:
+		/* CHOICE type, get selector */
+		i = asn1_get_choice_selector(fld, it);
+		/* This should never happen... */
+		if((i < 0) || (i >= it->tcount)) {
+			BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+			return 1;
+		}
+		tt = it->templates + i;
+		tmpfld = asn1_get_field(fld, tt);
+		return ASN1_template_print(out, tmpfld, indent, tt);
+
+		case ASN1_ITYPE_SEQUENCE:
+		BIO_printf(out, "%*s%s {\n", indent, "", name);
+		/* Get each field entry */
+		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+			tmpfld = asn1_get_field(fld, tt);
+			ASN1_template_print(out, tmpfld, indent + 2, tt);
+		}
+		BIO_printf(out, "%*s}\n", indent, "");
+		return 1;
+
+		default:
+		return 0;
+	}
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+	int i, flags;
+#if 0
+	if(!fld) return 0; 
+#endif
+	flags = tt->flags;
+	if(flags & ASN1_TFLG_SK_MASK) {
+		char *tname;
+		void *skitem;
+		/* SET OF, SEQUENCE OF */
+		if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+		else tname = "SEQUENCE";
+		if(fld) {
+			BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+			for(i = 0; i < sk_num(fld); i++) {
+				skitem = sk_value(fld, i);
+				asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+			}
+			BIO_printf(out, "%*s}\n", indent, "");
+		} else 
+			BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+		return 1;
+	}
+	return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+	ASN1_STRING *str = fld;
+	if(fld) {
+		if(utype == V_ASN1_BOOLEAN) {
+			int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+			BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+		} else if((utype == V_ASN1_INTEGER) 
+			  || (utype == V_ASN1_ENUMERATED)) {
+			char *s, *nm;
+			s = i2s_ASN1_INTEGER(NULL, fld);
+			if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+			else nm = "ENUMERATED";
+			BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+			OPENSSL_free(s);
+		} else if(utype == V_ASN1_NULL) {
+			BIO_printf(out, "%*s%s", indent, "", "NULL");
+		} else if(utype == V_ASN1_UTCTIME) {
+			BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+			ASN1_UTCTIME_print(out, str);
+		} else if(utype == V_ASN1_GENERALIZEDTIME) {
+			BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+			ASN1_GENERALIZEDTIME_print(out, str);
+		} else if(utype == V_ASN1_OBJECT) {
+			char objbuf[80], *ln;
+			ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+			if(!ln) ln = "";
+			OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+			BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+		} else {
+			BIO_printf(out, "%*s%s:", indent, "", name);
+			ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+		}
+		BIO_printf(out, "\n");
+	} else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+	return 1;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_typ.c b/crypto/openssl/crypto/asn1/tasn_typ.c
new file mode 100644
index 0000000..804d2ee
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_typ.c
@@ -0,0 +1,133 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
diff --git a/crypto/openssl/crypto/asn1/tasn_utl.c b/crypto/openssl/crypto/asn1/tasn_utl.c
new file mode 100644
index 0000000..8996ce8
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_utl.c
@@ -0,0 +1,253 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int *sel = offset2ptr(*pval, it->utype);
+	return *sel;
+}
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+{	
+	int *sel, ret;
+	sel = offset2ptr(*pval, it->utype);
+	ret = *sel;
+	*sel = value;
+	return ret;
+}
+
+/* Do reference counting. The value 'op' decides what to do. 
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+	const ASN1_AUX *aux;
+	int *lck, ret;
+	if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
+	aux = it->funcs;
+	if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
+	lck = offset2ptr(*pval, aux->ref_offset);
+	if(op == 0) {
+		*lck = 1;
+		return 1;
+	}
+	ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+	fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+	if(ret < 0) 
+		fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+	return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	const ASN1_AUX *aux;
+	if(!pval || !*pval) return NULL;
+	aux = it->funcs;
+	if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
+	return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(enc) {
+		enc->enc = NULL;
+		enc->len = 0;
+		enc->modified = 1;
+	}
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(enc) {
+		if(enc->enc) OPENSSL_free(enc->enc);
+		enc->enc = NULL;
+		enc->len = 0;
+		enc->modified = 1;
+	}
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(!enc) return 1;
+
+	if(enc->enc) OPENSSL_free(enc->enc);
+	enc->enc = OPENSSL_malloc(inlen);
+	if(!enc->enc) return 0;
+	memcpy(enc->enc, in, inlen);
+	enc->len = inlen;
+	enc->modified = 0;
+
+	return 1;
+}
+		
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(!enc || enc->modified) return 0;
+	if(out) {
+		memcpy(*out, enc->enc, enc->len);
+		*out += enc->len;
+	}
+	if(len) *len = enc->len;
+	return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	ASN1_VALUE **pvaltmp;
+	if(tt->flags & ASN1_TFLG_COMBINE) return pval;
+	pvaltmp = offset2ptr(*pval, tt->offset);
+	/* NOTE for BOOLEAN types the field is just a plain
+ 	 * int so we can't return int **, so settle for
+	 * (int *).
+	 */
+	return pvaltmp;
+}
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
+{
+	const ASN1_ADB *adb;
+	const ASN1_ADB_TABLE *atbl;
+	long selector;
+	ASN1_VALUE **sfld;
+	int i;
+	if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
+
+	/* Else ANY DEFINED BY ... get the table */
+	adb = ASN1_ADB_ptr(tt->item);
+
+	/* Get the selector field */
+	sfld = offset2ptr(*pval, adb->offset);
+
+	/* Check if NULL */
+	if(!sfld) {
+		if(!adb->null_tt) goto err;
+		return adb->null_tt;
+	}
+
+	/* Convert type to a long:
+	 * NB: don't check for NID_undef here because it
+	 * might be a legitimate value in the table
+	 */
+	if(tt->flags & ASN1_TFLG_ADB_OID) 
+		selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+	else 
+		selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+	/* Try to find matching entry in table
+	 * Maybe should check application types first to
+	 * allow application override? Might also be useful
+	 * to have a flag which indicates table is sorted and
+	 * we can do a binary search. For now stick to a
+	 * linear search.
+	 */
+
+	for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+		if(atbl->value == selector) return &atbl->tt;
+
+	/* FIXME: need to search application table too */
+
+	/* No match, return default type */
+	if(!adb->default_tt) goto err;		
+	return adb->default_tt;
+	
+	err:
+	/* FIXME: should log the value or OID of unsupported type */
+	if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+	return NULL;
+}
diff --git a/crypto/openssl/crypto/asn1/x_algor.c b/crypto/openssl/crypto/asn1/x_algor.c
index 853a8df..00b9ea5 100644
--- a/crypto/openssl/crypto/asn1/x_algor.c
+++ b/crypto/openssl/crypto/asn1/x_algor.c
@@ -1,118 +1,73 @@
-/* crypto/asn1/x_algor.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <stddef.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
-	if (a->parameter != NULL)
-		{ M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
-
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
-	if (a->parameter != NULL)
-		{ M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
-	if (!M_ASN1_D2I_end_sequence())
-		{ M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
-	else
-		{
-		ASN1_TYPE_free(ret->parameter);
-		ret->parameter=NULL;
-		}
-	M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
-	}
-
-X509_ALGOR *X509_ALGOR_new(void)
-	{
-	X509_ALGOR *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_ALGOR);
-	ret->algorithm=OBJ_nid2obj(NID_undef);
-	ret->parameter=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
-	}
+ASN1_SEQUENCE(X509_ALGOR) = {
+	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
 
-void X509_ALGOR_free(X509_ALGOR *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->algorithm);
-	ASN1_TYPE_free(a->parameter);
-	OPENSSL_free(a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/crypto/openssl/crypto/asn1/x_attrib.c b/crypto/openssl/crypto/asn1/x_attrib.c
index 14e5ea2..1e3713f 100644
--- a/crypto/openssl/crypto/asn1/x_attrib.c
+++ b/crypto/openssl/crypto/asn1/x_attrib.c
@@ -59,64 +59,42 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-/* sequence */
-int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **pp)
-	{
-	int k=0;
-	int r=0,ret=0;
-	unsigned char **p=NULL;
-
-	if (a == NULL) return(0);
-
-	p=NULL;
-	for (;;)
-		{
-		if (k)
-			{
-			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-			if (pp == NULL) return(r);
-			p=pp;
-			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-				V_ASN1_UNIVERSAL);
-			}
-
-		ret+=i2d_ASN1_OBJECT(a->object,p);
-		if (a->set)
-			ret+=i2d_ASN1_SET_OF_ASN1_TYPE(a->value.set,p,i2d_ASN1_TYPE,
-				V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-		else
-			ret+=i2d_ASN1_TYPE(a->value.single,p);
-		if (k++) return(r);
-		}
-	}
-
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *	{
+ *	ASN1_OBJECT *object;
+ *	int single;
+ *	union	{
+ *		char		*ptr;
+ * 		STACK_OF(ASN1_TYPE) *set;
+ * 		ASN1_TYPE	*single;
+ *		} value;
+ *	} X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+	ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+	ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
 
-	if ((c.slen != 0) &&
-		(M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
-		{
-		ret->set=1;
-		M_ASN1_D2I_get_set_type(ASN1_TYPE,ret->value.set,d2i_ASN1_TYPE,
-					ASN1_TYPE_free);
-		}
-	else
-		{
-		ret->set=0;
-		M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
-		}
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+	ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+	/* CHOICE type merged with parent */
+	ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
 
-	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	{
@@ -126,7 +104,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	if ((ret=X509_ATTRIBUTE_new()) == NULL)
 		return(NULL);
 	ret->object=OBJ_nid2obj(nid);
-	ret->set=1;
+	ret->single=0;
 	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
 	if ((val=ASN1_TYPE_new()) == NULL) goto err;
 	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
@@ -138,28 +116,3 @@ err:
 	if (val != NULL) ASN1_TYPE_free(val);
 	return(NULL);
 	}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void)
-	{
-	X509_ATTRIBUTE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
-	ret->object=OBJ_nid2obj(NID_undef);
-	ret->set=0;
-	ret->value.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
-	}
-	
-void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	if (a->set)
-		sk_ASN1_TYPE_pop_free(a->value.set,ASN1_TYPE_free);
-	else
-		ASN1_TYPE_free(a->value.single);
-	OPENSSL_free(a);
-	}
-
diff --git a/crypto/openssl/crypto/asn1/x_bignum.c b/crypto/openssl/crypto/asn1/x_bignum.c
new file mode 100644
index 0000000..848c7a0
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_bignum.c
@@ -0,0 +1,137 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE	1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+	NULL, 0,
+	bn_new,
+	bn_free,
+	0,
+	bn_c2i,
+	bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*pval = (ASN1_VALUE *)BN_new();
+	if(*pval) return 1;
+	else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(!*pval) return;
+	if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+	else BN_free((BIGNUM *)*pval);
+	*pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+	BIGNUM *bn;
+	int pad;
+	if(!*pval) return -1;
+	bn = (BIGNUM *)*pval;
+	/* If MSB set in an octet we need a padding byte */
+	if(BN_num_bits(bn) & 0x7) pad = 0;
+	else pad = 1;
+	if(cont) {
+		if(pad) *cont++ = 0;
+		BN_bn2bin(bn, cont);
+	}
+	return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	BIGNUM *bn;
+	if(!*pval) bn_new(pval, it);
+	bn  = (BIGNUM *)*pval;
+	if(!BN_bin2bn(cont, len, bn)) {
+		bn_free(pval, it);
+		return 0;
+	}
+	return 1;
+}
+
+
diff --git a/crypto/openssl/crypto/asn1/x_crl.c b/crypto/openssl/crypto/asn1/x_crl.c
index 51518cd..11fce96 100644
--- a/crypto/openssl/crypto/asn1/x_crl.c
+++ b/crypto/openssl/crypto/asn1/x_crl.c
@@ -58,275 +58,76 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
 				const X509_REVOKED * const *b);
 static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
 				const X509_REVOKED * const *b);
-int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					 i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_seq_total();
 
-	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					 i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
-	M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION,ret->extensions,
-				    d2i_X509_EXTENSION,X509_EXTENSION_free);
-	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
-	}
-
-int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
-	{
-	int v1=0;
-	long l=0;
+ASN1_SEQUENCE(X509_REVOKED) = {
+	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+ * mirroring the old behaviour: its purpose is to allow the use of
+ * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * this will zap the original order and the signature so we keep a copy
+ * of the original positions and reorder appropriately before encoding.
+ *
+ * Might want to see if there's a better way of doing this later...
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+	int i;
 	int (*old_cmp)(const X509_REVOKED * const *,
 			const X509_REVOKED * const *);
-	M_ASN1_I2D_vars(a);
-	
-	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
-	sk_X509_REVOKED_sort(a->revoked);
-	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
-
-	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
-		{
-		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
-	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
-					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					     i2d_X509_EXTENSION,0,
-					     V_ASN1_SEQUENCE,v1);
-
-	M_ASN1_I2D_seq_total();
-
-	if ((a->version != NULL) && (l != 0))
-		{
-		M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_TIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
-	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
-					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					     i2d_X509_EXTENSION,0,
-					     V_ASN1_SEQUENCE,v1);
 
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
-	     long length)
-	{
-	int i,ver=0;
-	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
-
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
-	if (ret->version != NULL)
-		ver=ret->version->data[0];
-	
-	if ((ver == 0) && (ret->version != NULL))
-		{
-		M_ASN1_INTEGER_free(ret->version);
-		ret->version=NULL;
-		}
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
-	/* Manually handle the OPTIONAL ASN1_TIME stuff */
-	/* First try UTCTime */
-	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME, V_ASN1_UTCTIME);
-	/* If that doesn't work try GeneralizedTime */
-	if(!ret->nextUpdate) 
-		M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
-							V_ASN1_GENERALIZEDTIME);
-	if (ret->revoked != NULL)
-		{
-		while (sk_X509_REVOKED_num(ret->revoked))
-			X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked));
-		}
-	M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED,
-				    X509_REVOKED_free);
-
-	if (ret->revoked != NULL)
-		{
-		for (i=0; i<sk_X509_REVOKED_num(ret->revoked); i++)
-			{
-			sk_X509_REVOKED_value(ret->revoked,i)->sequence=i;
-			}
-		}
-
-	if (ret->extensions != NULL)
-		{
-		while (sk_X509_EXTENSION_num(ret->extensions))
-			X509_EXTENSION_free(
-			sk_X509_EXTENSION_pop(ret->extensions));
-		}
-		
-	M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
-					d2i_X509_EXTENSION,
-					X509_EXTENSION_free,0,
-					V_ASN1_SEQUENCE);
-
-	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
-	}
-
-int i2d_X509_CRL(X509_CRL *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
-	}
-
-
-X509_REVOKED *X509_REVOKED_new(void)
-	{
-	X509_REVOKED *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REVOKED);
-	M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->revocationDate,M_ASN1_UTCTIME_new);
-	ret->extensions=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
-	}
-
-X509_CRL_INFO *X509_CRL_INFO_new(void)
-	{
-	X509_CRL_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
-	ret->version=NULL;
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->issuer,X509_NAME_new);
-	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
-	ret->nextUpdate=NULL;
-	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	ret->extensions = NULL;
-	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
-	}
-
-X509_CRL *X509_CRL_new(void)
-	{
-	X509_CRL *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_CRL);
-	ret->references=1;
-	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
-	}
-
-void X509_REVOKED_free(X509_REVOKED *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->serialNumber);
-	M_ASN1_UTCTIME_free(a->revocationDate);
-	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-	OPENSSL_free(a);
-	}
-
-void X509_CRL_INFO_free(X509_CRL_INFO *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->sig_alg);
-	X509_NAME_free(a->issuer);
-	M_ASN1_UTCTIME_free(a->lastUpdate);
-	if (a->nextUpdate)
-		M_ASN1_UTCTIME_free(a->nextUpdate);
-	sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
-	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-	OPENSSL_free(a);
-	}
-
-void X509_CRL_free(X509_CRL *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_CRL_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_CRL_INFO_free(a->crl);
-	X509_ALGOR_free(a->sig_alg);
-	M_ASN1_BIT_STRING_free(a->signature);
-	OPENSSL_free(a);
+	if(!a || !a->revoked) return 1;
+	switch(operation) {
+
+		/* Save original order */
+		case ASN1_OP_D2I_POST:
+		for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
+			sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
+		sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+		break;
+
+		/* Restore original order */
+		case ASN1_OP_I2D_PRE:
+		old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+		sk_X509_REVOKED_sort(a->revoked);
+		sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
+		break;
 	}
+	return 1;
+}
+
+
+ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
+	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
 			const X509_REVOKED * const *b)
@@ -342,6 +143,19 @@ static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
 	return((*a)->sequence-(*b)->sequence);
 	}
 
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+	X509_CRL_INFO *inf;
+	inf = crl->crl;
+	if(!inf->revoked)
+		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+	if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
 IMPLEMENT_STACK_OF(X509_REVOKED)
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
 IMPLEMENT_STACK_OF(X509_CRL)
diff --git a/crypto/openssl/crypto/asn1/x_exten.c b/crypto/openssl/crypto/asn1/x_exten.c
index fbfd963..702421b 100644
--- a/crypto/openssl/crypto/asn1/x_exten.c
+++ b/crypto/openssl/crypto/asn1/x_exten.c
@@ -1,139 +1,71 @@
-/* crypto/asn1/x_exten.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <stddef.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **pp)
-	{
-	int k=0;
-	int r=0,ret=0;
-	unsigned char **p=NULL;
-
-	if (a == NULL) return(0);
-
-	p=NULL;
-	for (;;)
-		{
-		if (k)
-			{
-			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-			if (pp == NULL) return(r);
-			p=pp;
-			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-				V_ASN1_UNIVERSAL);
-			}
-
-		ret+=i2d_ASN1_OBJECT(a->object,p);
-		if ((a->critical) || a->netscape_hack)
-			ret+=i2d_ASN1_BOOLEAN(a->critical,p);
-		ret+=i2d_ASN1_OCTET_STRING(a->value,p);
-		if (k++) return(r);
-		}
-	}
-
-X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, unsigned char **pp,
-	     long length)
-	{
-	int i;
-	M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-
-	ret->netscape_hack=0;
-	if ((c.slen != 0) &&
-		(M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
-		{
-		c.q=c.p;
-		if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
-		ret->critical=i;
-		c.slen-=(c.p-c.q);
-		if (ret->critical == 0) ret->netscape_hack=1;
-		}
-	M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
-	}
-
-X509_EXTENSION *X509_EXTENSION_new(void)
-	{
-	X509_EXTENSION *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_EXTENSION);
-	ret->object=OBJ_nid2obj(NID_undef);
-	M_ASN1_New(ret->value,M_ASN1_OCTET_STRING_new);
-	ret->critical=0;
-	ret->netscape_hack=0;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
-	}
-	
-void X509_EXTENSION_free(X509_EXTENSION *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	M_ASN1_OCTET_STRING_free(a->value);
-	OPENSSL_free(a);
-	}
+ASN1_SEQUENCE(X509_EXTENSION) = {
+	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/crypto/openssl/crypto/asn1/x_info.c b/crypto/openssl/crypto/asn1/x_info.c
index 5e62fc2..d44f6cd 100644
--- a/crypto/openssl/crypto/asn1/x_info.c
+++ b/crypto/openssl/crypto/asn1/x_info.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 X509_INFO *X509_INFO_new(void)
diff --git a/crypto/openssl/crypto/asn1/x_long.c b/crypto/openssl/crypto/asn1/x_long.c
new file mode 100644
index 0000000..c04b192
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_long.c
@@ -0,0 +1,163 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+	NULL, 0,
+	long_new,
+	long_free,
+	long_free,	/* Clear should set to initial value */
+	long_c2i,
+	long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*(long *)pval = it->size;
+	return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+	long ltmp;
+	unsigned long utmp;
+	int clen, pad, i;
+	ltmp = *(long *)pval;
+	if(ltmp == it->size) return -1;
+	/* Convert the long to positive: we subtract one if negative so
+	 * we can cleanly handle the padding if only the MSB of the leading
+	 * octet is set. 
+	 */
+	if(ltmp < 0) utmp = -ltmp - 1;
+	else utmp = ltmp;
+	clen = BN_num_bits_word(utmp);
+	/* If MSB of leading octet set we need to pad */
+	if(!(clen & 0x7)) pad = 1;
+	else pad = 0;
+
+	/* Convert number of bits to number of octets */
+	clen = (clen + 7) >> 3;
+
+	if(cont) {
+		if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+		for(i = clen - 1; i >= 0; i--) {
+			cont[i] = (unsigned char)(utmp & 0xff);
+			if(ltmp < 0) cont[i] ^= 0xff;
+			utmp >>= 8;
+		}
+	}
+	return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	int neg, i;
+	long ltmp;
+	unsigned long utmp = 0;
+	if(len > sizeof(long)) {
+		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+		return 0;
+	}
+	/* Is it negative? */
+	if(len && (cont[0] & 0x80)) neg = 1;
+	else neg = 0;
+	utmp = 0;
+	for(i = 0; i < len; i++) {
+		utmp <<= 8;
+		if(neg) utmp |= cont[i] ^ 0xff;
+		else utmp |= cont[i];
+	}
+	ltmp = (long)utmp;
+	if(neg) {
+		ltmp++;
+		ltmp = -ltmp;
+	}
+	if(ltmp == it->size) {
+		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+		return 0;
+	}
+	*(long *)pval = ltmp;
+	return 1;
+}
diff --git a/crypto/openssl/crypto/asn1/x_name.c b/crypto/openssl/crypto/asn1/x_name.c
index 1885d69..caece0f 100644
--- a/crypto/openssl/crypto/asn1/x_name.c
+++ b/crypto/openssl/crypto/asn1/x_name.c
@@ -58,212 +58,203 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-static int i2d_X509_NAME_entries(X509_NAME *a);
-int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx);
 
-	M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
-	M_ASN1_I2D_seq_total();
+static int x509_name_encode(X509_NAME *a);
 
-	M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
 
-	M_ASN1_I2D_finish();
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
-	ret->set=0;
-	M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
-	}
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
-int i2d_X509_NAME(X509_NAME *a, unsigned char **pp)
-	{
-	int ret;
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
-	if (a == NULL) return(0);
-	if (a->modified)
-		{
-		ret=i2d_X509_NAME_entries(a);
-		if (ret < 0) return(ret);
-		}
-
-	ret=a->bytes->length;
-	if (pp != NULL)
-		{
-		memcpy(*pp,a->bytes->data,ret);
-		*pp+=ret;
-		}
-	return(ret);
-	}
-
-static int i2d_X509_NAME_entries(X509_NAME *a)
-	{
-	X509_NAME_ENTRY *ne,*fe=NULL;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-	BUF_MEM *buf=NULL;
-	int set=0,r,ret=0;
-	int i;
-	unsigned char *p;
-	int size=0;
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
 
-	sk=a->entries;
-	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(sk,i);
-		if (fe == NULL)
-			{
-			fe=ne;
-			size=0;
-			}
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+	NULL,
+	x509_name_ex_new,
+	x509_name_ex_free,
+	0,	/* Default clear behaviour is OK */
+	x509_name_ex_d2i,
+	x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+	X509_NAME *ret = NULL;
+	ret = OPENSSL_malloc(sizeof(X509_NAME));
+	if(!ret) goto memerr;
+	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+		goto memerr;
+	if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+	ret->modified=1;
+	*val = (ASN1_VALUE *)ret;
+	return 1;
 
-		if (ne->set != set)
-			{
-			ret+=ASN1_object_size(1,size,V_ASN1_SET);
-			fe->size=size;
-			fe=ne;
-			size=0;
-			set=ne->set;
-			}
-		size+=i2d_X509_NAME_ENTRY(ne,NULL);
-		}
-	if (fe != NULL)
+ memerr:
+	ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
+	if (ret)
 		{
-		/* SET OF needed only if entries is non empty */
-		ret+=ASN1_object_size(1,size,V_ASN1_SET);
-		fe->size=size;
+		if (ret->entries)
+			sk_X509_NAME_ENTRY_free(ret->entries);
+		OPENSSL_free(ret);
 		}
+	return 0;
+}
 
-	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-
-	buf=a->bytes;
-	if (!BUF_MEM_grow(buf,r)) goto err;
-	p=(unsigned char *)buf->data;
-
-	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	set= -1;
-	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(sk,i);
-		if (set != ne->set)
-			{
-			set=ne->set;
-			ASN1_put_object(&p,1,ne->size,
-				V_ASN1_SET,V_ASN1_UNIVERSAL);
-			}
-		i2d_X509_NAME_ENTRY(ne,&p);
-		}
-	a->modified=0;
-	return(r);
-err:
-	return(-1);
-	}
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_NAME *a;
+	if(!pval || !*pval)
+	    return;
+	a = (X509_NAME *)*pval;
 
-X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
-	{
-	int set=0,i;
-	int idx=0;
-	unsigned char *orig;
-	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+	BUF_MEM_free(a->bytes);
+	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+	OPENSSL_free(a);
+	*pval = NULL;
+}
 
-	orig= *pp;
-	if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
-		{
-		while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
-			X509_NAME_ENTRY_free(
-				       sk_X509_NAME_ENTRY_pop(ret->entries));
-		}
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	for (;;)
-		{
-		if (M_ASN1_D2I_end_sequence()) break;
-		M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
-					d2i_X509_NAME_ENTRY,
-					X509_NAME_ENTRY_free);
-		for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
-			{
-			sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
-			}
-		set++;
+static void sk_internal_free(void *a)
+{
+	sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	unsigned char *p = *in, *q;
+	STACK *intname = NULL;
+	int i, j, ret;
+	X509_NAME *nm = NULL;
+	STACK_OF(X509_NAME_ENTRY) *entries;
+	X509_NAME_ENTRY *entry;
+	q = p;
+
+	/* Get internal representation of Name */
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+								tag, aclass, opt, ctx);
+	
+	if(ret <= 0) return ret;
+
+	if(*val) x509_name_ex_free(val, NULL);
+	if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
+	/* We've decoded it: now cache encoding */
+	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+	memcpy(nm->bytes->data, q, p - q);
+
+	/* Convert internal representation to X509_NAME structure */
+	for(i = 0; i < sk_num(intname); i++) {
+		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
+		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+			entry = sk_X509_NAME_ENTRY_value(entries, j);
+			entry->set = i;
+			if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+				goto err;
 		}
-
-	i=(int)(c.p-orig);
-	if (!BUF_MEM_grow(ret->bytes,i)) goto err;
-	memcpy(ret->bytes->data,orig,i);
-	ret->bytes->length=i;
-	ret->modified=0;
-
-	M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+		sk_X509_NAME_ENTRY_free(entries);
 	}
-
-X509_NAME *X509_NAME_new(void)
-	{
-	X509_NAME *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_NAME);
-	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
-		{ c.line=__LINE__; goto err2; }
-	M_ASN1_New(ret->bytes,BUF_MEM_new);
-	ret->modified=1;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+	sk_free(intname);
+	nm->modified = 0;
+	*val = (ASN1_VALUE *)nm;
+	*in = p;
+	return ret;
+	err:
+	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
+	return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	int ret;
+	X509_NAME *a = (X509_NAME *)*val;
+	if(a->modified) {
+		ret = x509_name_encode((X509_NAME *)a);
+		if(ret < 0) return ret;
 	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_new(void)
-	{
-	X509_NAME_ENTRY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
-/*	M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
-	ret->object=NULL;
-	ret->set=0;
-	M_ASN1_New(ret->value,ASN1_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+	ret = a->bytes->length;
+	if(out != NULL) {
+		memcpy(*out,a->bytes->data,ret);
+		*out+=ret;
 	}
+	return ret;
+}
 
-void X509_NAME_free(X509_NAME *a)
-	{
-	if(a == NULL)
-	    return;
-
-	BUF_MEM_free(a->bytes);
-	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-	OPENSSL_free(a);
+static int x509_name_encode(X509_NAME *a)
+{
+	STACK *intname = NULL;
+	int len;
+	unsigned char *p;
+	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+	X509_NAME_ENTRY *entry;
+	int i, set = -1;
+	intname = sk_new_null();
+	if(!intname) goto memerr;
+	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+		if(entry->set != set) {
+			entries = sk_X509_NAME_ENTRY_new_null();
+			if(!entries) goto memerr;
+			if(!sk_push(intname, (char *)entries)) goto memerr;
+			set = entry->set;
+		}
+		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+	p=(unsigned char *)a->bytes->data;
+	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	sk_pop_free(intname, sk_internal_free);
+	a->modified = 0;
+	return len;
+	memerr:
+	sk_pop_free(intname, sk_internal_free);
+	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
+	return -1;
+}
 
-void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	M_ASN1_BIT_STRING_free(a->value);
-	OPENSSL_free(a);
-	}
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	{
 	X509_NAME *in;
 
-	if (*xn == NULL) return(0);
+	if (!xn || !name) return(0);
 
 	if (*xn != name)
 		{
diff --git a/crypto/openssl/crypto/asn1/x_pubkey.c b/crypto/openssl/crypto/asn1/x_pubkey.c
index 914bcda..d958540 100644
--- a/crypto/openssl/crypto/asn1/x_pubkey.c
+++ b/crypto/openssl/crypto/asn1/x_pubkey.c
@@ -58,62 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->public_key,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->public_key,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
-	if (ret->pkey != NULL)
-		{
-		EVP_PKEY_free(ret->pkey);
-		ret->pkey=NULL;
-		}
-	M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+		EVP_PKEY_free(pubkey->pkey);
 	}
+	return 1;
+}
 
-X509_PUBKEY *X509_PUBKEY_new(void)
-	{
-	X509_PUBKEY *ret=NULL;
-	ASN1_CTX c;
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
 
-	M_ASN1_New_Malloc(ret,X509_PUBKEY);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->public_key,M_ASN1_BIT_STRING_new);
-	ret->pkey=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
-	}
-
-void X509_PUBKEY_free(X509_PUBKEY *a)
-	{
-	if (a == NULL) return;
-	X509_ALGOR_free(a->algor);
-	M_ASN1_BIT_STRING_free(a->public_key);
-	if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
-	OPENSSL_free(a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	{
@@ -121,7 +84,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	X509_PUBKEY *pk;
 	X509_ALGOR *a;
 	ASN1_OBJECT *o;
-	unsigned char *s,*p;
+	unsigned char *s,*p = NULL;
 	int i;
 
 	if (x == NULL) return(0);
@@ -146,7 +109,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			}
 		}
 	else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		unsigned char *pp;
@@ -173,7 +136,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		}
 
 	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
+	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
@@ -206,7 +173,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	long j;
 	int type;
 	unsigned char *p;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
+	const unsigned char *cp;
 	X509_ALGOR *a;
 #endif
 
@@ -230,16 +198,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 		}
 	ret->save_parameters=0;
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	a=key->algor;
 	if (ret->type == EVP_PKEY_DSA)
 		{
 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
 			ret->pkey.dsa->write_params=0;
-			p=a->parameter->value.sequence->data;
+			cp=p=a->parameter->value.sequence->data;
 			j=a->parameter->value.sequence->length;
-			if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+			if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
 				goto err;
 			}
 		ret->save_parameters=1;
@@ -289,7 +257,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 /* The following are equivalents but which return RSA and DSA
  * keys
  */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
 	     long length)
 {
@@ -327,7 +295,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 }
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
 	     long length)
 {
diff --git a/crypto/openssl/crypto/asn1/x_req.c b/crypto/openssl/crypto/asn1/x_req.c
index 6dddd4f..b3f18eb 100644
--- a/crypto/openssl/crypto/asn1/x_req.c
+++ b/crypto/openssl/crypto/asn1/x_req.c
@@ -58,200 +58,55 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	if(a->asn1) {
-		if(pp) {
-			memcpy(*pp, a->asn1, a->length);
-			*pp += a->length;
-		}
-		return a->length;
-	}
-
-	M_ASN1_I2D_len(a->version,		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
-	M_ASN1_I2D_len(a->pubkey,		i2d_X509_PUBKEY);
-
-	/* this is a *nasty* hack reported to be required to
-	 * allow some CA Software to accept the cert request.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attributes
-	 * NOTE: no OPTIONAL ... so it *must* be there
-	 */
-	if (a->req_kludge) 
-	        {
-	        M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,i2d_X509_ATTRIBUTE,0);
-		}
-	else
-	        {
-	        M_ASN1_I2D_len_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
-					    i2d_X509_ATTRIBUTE,0);
-		}
-	
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->version,		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
-	M_ASN1_I2D_put(a->pubkey,		i2d_X509_PUBKEY);
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK. 
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
 
-	/* this is a *nasty* hack reported to be required by some CA's.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attributes
-	 * NOTE: no OPTIONAL ... so it *must* be there
-	 */
-	if (a->req_kludge)
-		{
-	        M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,
-						i2d_X509_ATTRIBUTE,0);
-		}
-	else
-		{
-	        M_ASN1_I2D_put_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
-					    i2d_X509_ATTRIBUTE,0);
-		}
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-	M_ASN1_I2D_finish();
+	if(operation == ASN1_OP_NEW_POST) {
+		rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+		if(!rinf->attributes) return 0;
 	}
-
-X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-
-	/* this is a *nasty* hack to allow for some CA's that
-	 * have been reported as requiring it.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attributes
-	 * NOTE: no OPTIONAL ... so it *must* be there
+	return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+	/* This isn't really OPTIONAL but it gets round invalid
+	 * encodings
 	 */
-	if (asn1_Finish(&c))
-		ret->req_kludge=1;
-	else
-		{
-		M_ASN1_D2I_get_IMP_set_type(X509_ATTRIBUTE,ret->attributes,
-					    d2i_X509_ATTRIBUTE,
-					    X509_ATTRIBUTE_free,0);
-		}
-
-	M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
-	}
-
-X509_REQ_INFO *X509_REQ_INFO_new(void)
-	{
-	X509_REQ_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REQ_INFO);
-	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->subject,X509_NAME_new);
-	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
-	ret->req_kludge=0;
-	ret->asn1 = NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
-	}
-	
-void X509_REQ_INFO_free(X509_REQ_INFO *a)
-	{
-	if (a == NULL) return;
-	if(a->asn1) OPENSSL_free(a->asn1);
-	M_ASN1_INTEGER_free(a->version);
-	X509_NAME_free(a->subject);
-	X509_PUBKEY_free(a->pubkey);
-	sk_X509_ATTRIBUTE_pop_free(a->attributes,X509_ATTRIBUTE_free);
-	OPENSSL_free(a);
-	}
+	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
 
-int i2d_X509_REQ(X509_REQ *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len(a->req_info,	i2d_X509_REQ_INFO);
-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->req_info,	i2d_X509_REQ_INFO);
-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
-
-	/* Keep a copy of the original encoding for signature checking */
-	ret->req_info->length = c.p - c.q;
-	if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) {
-		c.line=__LINE__;
-		c.error = ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
-
-	memcpy(ret->req_info->asn1, c.q, ret->req_info->length);
-
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
-	}
-
-X509_REQ *X509_REQ_new(void)
-	{
-	X509_REQ *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REQ);
-	ret->references=1;
-	M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
-	}
-
-void X509_REQ_free(X509_REQ *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
-#ifdef REF_PRINT
-	REF_PRINT("X509_REQ",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_REQ_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_REQ_INFO_free(a->req_info);
-	X509_ALGOR_free(a->sig_alg);
-	M_ASN1_BIT_STRING_free(a->signature);
-	OPENSSL_free(a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
+	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/crypto/openssl/crypto/asn1/x_sig.c b/crypto/openssl/crypto/asn1/x_sig.c
index d79f147..42efa86 100644
--- a/crypto/openssl/crypto/asn1/x_sig.c
+++ b/crypto/openssl/crypto/asn1/x_sig.c
@@ -58,53 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_SIG(X509_SIG *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->digest,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->digest,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
-	}
-
-X509_SIG *X509_SIG_new(void)
-	{
-	X509_SIG *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_SIG);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->digest,M_ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
-	}
-
-void X509_SIG_free(X509_SIG *a)
-	{
-	if (a == NULL) return;
-	X509_ALGOR_free(a->algor);
-	M_ASN1_OCTET_STRING_free(a->digest);
-	OPENSSL_free(a);
-	}
-
+ASN1_SEQUENCE(X509_SIG) = {
+	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/crypto/openssl/crypto/asn1/x_spki.c b/crypto/openssl/crypto/asn1/x_spki.c
index 4f01888..2aece07 100644
--- a/crypto/openssl/crypto/asn1/x_spki.c
+++ b/crypto/openssl/crypto/asn1/x_spki.c
@@ -63,104 +63,19 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 
-int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
 
-	M_ASN1_I2D_len(a->pubkey,	i2d_X509_PUBKEY);
-	M_ASN1_I2D_len(a->challenge,	i2d_ASN1_IA5STRING);
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->pubkey,	i2d_X509_PUBKEY);
-	M_ASN1_I2D_put(a->challenge,	i2d_ASN1_IA5STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-	M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
-	}
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void)
-	{
-	NETSCAPE_SPKAC *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
-	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->challenge,M_ASN1_IA5STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
-	}
-
-void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
-	{
-	if (a == NULL) return;
-	X509_PUBKEY_free(a->pubkey);
-	M_ASN1_IA5STRING_free(a->challenge);
-	OPENSSL_free(a);
-	}
-
-int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->spkac,	i2d_NETSCAPE_SPKAC);
-	M_ASN1_I2D_len(a->sig_algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->spkac,	i2d_NETSCAPE_SPKAC);
-	M_ASN1_I2D_put(a->sig_algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
-	M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
-	}
-
-NETSCAPE_SPKI *NETSCAPE_SPKI_new(void)
-	{
-	NETSCAPE_SPKI *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
-	M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
-	M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
-	}
-
-void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
-	{
-	if (a == NULL) return;
-	NETSCAPE_SPKAC_free(a->spkac);
-	X509_ALGOR_free(a->sig_algor);
-	M_ASN1_BIT_STRING_free(a->signature);
-	OPENSSL_free(a);
-	}
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/crypto/openssl/crypto/asn1/x_val.c b/crypto/openssl/crypto/asn1/x_val.c
index 0f8f020..dc17c67 100644
--- a/crypto/openssl/crypto/asn1/x_val.c
+++ b/crypto/openssl/crypto/asn1/x_val.c
@@ -58,52 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_VAL(X509_VAL *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
-	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
-	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_VAL *d2i_X509_VAL(X509_VAL **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
-	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
-	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
-	}
-
-X509_VAL *X509_VAL_new(void)
-	{
-	X509_VAL *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_VAL);
-	M_ASN1_New(ret->notBefore,M_ASN1_TIME_new);
-	M_ASN1_New(ret->notAfter,M_ASN1_TIME_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
-	}
-
-void X509_VAL_free(X509_VAL *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_TIME_free(a->notBefore);
-	M_ASN1_TIME_free(a->notAfter);
-	OPENSSL_free(a);
-	}
+ASN1_SEQUENCE(X509_VAL) = {
+	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/openssl/crypto/asn1/x_x509.c
index 61ba856..b50167c 100644
--- a/crypto/openssl/crypto/asn1/x_x509.c
+++ b/crypto/openssl/crypto/asn1/x_x509.c
@@ -59,12 +59,71 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
+ASN1_SEQUENCE(X509_CINF) = {
+	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END(X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509 *ret = (X509 *)*pval;
+
+	switch(operation) {
+
+		case ASN1_OP_NEW_POST:
+		ret->valid=0;
+		ret->name = NULL;
+		ret->ex_flags = 0;
+		ret->ex_pathlen = -1;
+		ret->skid = NULL;
+		ret->akid = NULL;
+		ret->aux = NULL;
+		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+		break;
+
+		case ASN1_OP_D2I_POST:
+		if (ret->name != NULL) OPENSSL_free(ret->name);
+		ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+		break;
+
+		case ASN1_OP_FREE_POST:
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+		X509_CERT_AUX_free(ret->aux);
+		ASN1_OCTET_STRING_free(ret->skid);
+		AUTHORITY_KEYID_free(ret->akid);
+
+		if (ret->name != NULL) OPENSSL_free(ret->name);
+		break;
+
+	}
+
+	return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+	ASN1_SIMPLE(X509, cert_info, X509_CINF),
+	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
 static ASN1_METHOD meth={
 	(int (*)())  i2d_X509,
@@ -77,97 +136,11 @@ ASN1_METHOD *X509_asn1_meth(void)
 	return(&meth);
 	}
 
-int i2d_X509(X509 *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509 *d2i_X509(X509 **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509 *,X509_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	if (ret->name != NULL) OPENSSL_free(ret->name);
-	ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-
-	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
-	}
-
-X509 *X509_new(void)
-	{
-	X509 *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509);
-	ret->valid=0;
-	ret->references=1;
-	ret->name = NULL;
-	ret->ex_flags = 0;
-	ret->ex_pathlen = -1;
-	ret->skid = NULL;
-	ret->akid = NULL;
-	ret->aux = NULL;
-	M_ASN1_New(ret->cert_info,X509_CINF_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NEW);
-	}
-
-void X509_free(X509 *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-	REF_PRINT("X509",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	CRYPTO_free_ex_data(x509_meth,a,&a->ex_data);
-	X509_CINF_free(a->cert_info);
-	X509_ALGOR_free(a->sig_alg);
-	M_ASN1_BIT_STRING_free(a->signature);
-	X509_CERT_AUX_free(a->aux);
-	ASN1_OCTET_STRING_free(a->skid);
-	AUTHORITY_KEYID_free(a->akid);
-
-	if (a->name != NULL) OPENSSL_free(a->name);
-	OPENSSL_free(a);
-	}
-
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	x509_meth_num++;
-	return(CRYPTO_get_ex_new_index(x509_meth_num-1,
-		&x509_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+				new_func, dup_func, free_func);
         }
 
 int X509_set_ex_data(X509 *r, int idx, void *arg)
diff --git a/crypto/openssl/crypto/asn1/x_x509a.c b/crypto/openssl/crypto/asn1/x_x509a.c
index ebcce87..f244768 100644
--- a/crypto/openssl/crypto/asn1/x_x509a.c
+++ b/crypto/openssl/crypto/asn1/x_x509a.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
 /* X509_CERT_AUX routines. These are used to encode additional
@@ -71,72 +71,15 @@
 
 static X509_CERT_AUX *aux_get(X509 *x);
 
-X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new);
-	
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-
-	M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust,
-					d2i_ASN1_OBJECT, ASN1_OBJECT_free);
-	M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject,
-					d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0);
-	M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING);
-	M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other,
-					d2i_X509_ALGOR, X509_ALGOR_free, 1);
-
-	M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX);
-}
-
-X509_CERT_AUX *X509_CERT_AUX_new()
-{
-	X509_CERT_AUX *ret = NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, X509_CERT_AUX);
-	ret->trust = NULL;
-	ret->reject = NULL;
-	ret->alias = NULL;
-	ret->keyid = NULL;
-	ret->other = NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW);
-}
-
-void X509_CERT_AUX_free(X509_CERT_AUX *a)
-{
-	if(a == NULL) return;
-	sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free);
-	sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free);
-	ASN1_UTF8STRING_free(a->alias);
-	ASN1_OCTET_STRING_free(a->keyid);
-	sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free);
-	OPENSSL_free(a);
-}
-
-int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
-
-	M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING);
-	M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
 
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
-
-	M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING);
-	M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
-
-	M_ASN1_I2D_finish();
-}
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 static X509_CERT_AUX *aux_get(X509 *x)
 {
diff --git a/crypto/openssl/crypto/bf/Makefile.ssl b/crypto/openssl/crypto/bf/Makefile.ssl
index 2d61ec5..bd3cedc 100644
--- a/crypto/openssl/crypto/bf/Makefile.ssl
+++ b/crypto/openssl/crypto/bf/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -44,8 +45,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -96,7 +96,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -107,13 +107,14 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-bf_cfb64.o: ../../include/openssl/blowfish.h
-bf_cfb64.o: ../../include/openssl/opensslconf.h bf_locl.h
-bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
-bf_ecb.o: ../../include/openssl/opensslv.h bf_locl.h
-bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
-bf_enc.o: bf_locl.h
-bf_ofb64.o: ../../include/openssl/blowfish.h
-bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
-bf_skey.o: bf_locl.h bf_pi.h
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/crypto/openssl/crypto/bf/bf_opts.c b/crypto/openssl/crypto/bf/bf_opts.c
index bbe32b2..171dada 100644
--- a/crypto/openssl/crypto/bf/bf_opts.c
+++ b/crypto/openssl/crypto/bf/bf_opts.c
@@ -59,7 +59,7 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -322,7 +322,7 @@ int main(int argc, char **argv)
 		break;
 		}
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/bf/bf_skey.c b/crypto/openssl/crypto/bf/bf_skey.c
index 4d6a232..3673cde 100644
--- a/crypto/openssl/crypto/bf/bf_skey.c
+++ b/crypto/openssl/crypto/bf/bf_skey.c
@@ -69,7 +69,7 @@ void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
 	const unsigned char *d,*end;
 
 
-	memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY));
+	memcpy(key,&bf_init,sizeof(BF_KEY));
 	p=key->P;
 
 	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
diff --git a/crypto/openssl/crypto/bf/bfspeed.c b/crypto/openssl/crypto/bf/bfspeed.c
index ecc9dff..f346af6 100644
--- a/crypto/openssl/crypto/bf/bfspeed.c
+++ b/crypto/openssl/crypto/bf/bfspeed.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -268,7 +268,7 @@ int main(int argc, char **argv)
 	printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
 	printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/bf/bftest.c b/crypto/openssl/crypto/bf/bftest.c
index cf67cad..24d526b 100644
--- a/crypto/openssl/crypto/bf/bftest.c
+++ b/crypto/openssl/crypto/bf/bftest.c
@@ -63,7 +63,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_BF
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_BF
 int main(int argc, char *argv[])
 {
     printf("No BF support\n");
@@ -275,7 +277,7 @@ int main(int argc, char *argv[])
 	else
 		ret=test();
 
-	exit(ret);
+	EXIT(ret);
 	return(0);
 	}
 
@@ -454,9 +456,9 @@ static int test(void)
 	len=strlen(cbc_data)+1;
 
 	BF_set_key(&key,16,cbc_key);
-	memset(cbc_in,0,40);
-	memset(cbc_out,0,40);
-	memcpy(iv,cbc_iv,8);
+	memset(cbc_in,0,sizeof cbc_in);
+	memset(cbc_out,0,sizeof cbc_out);
+	memcpy(iv,cbc_iv,sizeof iv);
 	BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
 		&key,iv,BF_ENCRYPT);
 	if (memcmp(cbc_out,cbc_ok,32) != 0)
diff --git a/crypto/openssl/crypto/bf/blowfish.h b/crypto/openssl/crypto/bf/blowfish.h
index 78acfd6..cd49e85 100644
--- a/crypto/openssl/crypto/bf/blowfish.h
+++ b/crypto/openssl/crypto/bf/blowfish.h
@@ -59,11 +59,13 @@
 #ifndef HEADER_BLOWFISH_H
 #define HEADER_BLOWFISH_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef NO_BF
+#ifdef OPENSSL_NO_BF
 #error BF is disabled.
 #endif
 
@@ -77,9 +79,9 @@ extern "C" {
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
 
-#if defined(WIN16) || defined(__LP32__)
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
 #define BF_LONG unsigned long
-#elif defined(_CRAY) || defined(__ILP64__)
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define BF_LONG unsigned long
 #define BF_LONG_LOG2 3
 /*
diff --git a/crypto/openssl/crypto/bio/Makefile.ssl b/crypto/openssl/crypto/bio/Makefile.ssl
index 3009873..141a03a 100644
--- a/crypto/openssl/crypto/bio/Makefile.ssl
+++ b/crypto/openssl/crypto/bio/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	bio
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -49,8 +50,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -78,7 +78,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -89,156 +89,128 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-b_dump.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-b_dump.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-b_dump.o: ../cryptlib.h
-b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_dump.o: ../cryptlib.h b_dump.c
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
-b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_print.o: ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-b_sock.o: ../cryptlib.h
-bf_buff.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bf_buff.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-bf_buff.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-bf_buff.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bf_buff.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bf_buff.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-bf_buff.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h
-bf_nbio.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bf_nbio.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-bf_nbio.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-bf_nbio.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bf_nbio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bf_nbio.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-bf_nbio.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-bf_nbio.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+b_sock.o: ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_buff.o: ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bf_nbio.o: ../cryptlib.h
-bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-bf_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-bf_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bf_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bf_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bf_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-bf_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
-bio_cb.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_cb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_null.o: ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_cb.o: ../cryptlib.h
+bio_cb.o: ../cryptlib.h bio_cb.c
 bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-bio_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bio_err.o: bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_lib.o: ../cryptlib.h
-bss_acpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_acpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bio_lib.o: ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_acpt.o: ../cryptlib.h
-bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-bss_bio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bss_acpt.o: ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bss_bio.o: ../../include/openssl/symhacks.h
-bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_conn.o: ../cryptlib.h
-bss_fd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_fd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_conn.o: ../cryptlib.h bss_conn.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_fd.o: ../cryptlib.h bss_sock.c
-bss_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_fd.o: ../cryptlib.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_file.o: ../cryptlib.h
-bss_log.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_log.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_file.o: ../cryptlib.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_log.o: ../cryptlib.h
-bss_mem.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_mem.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_log.o: ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_mem.o: ../cryptlib.h
-bss_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_mem.o: ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_null.o: ../cryptlib.h
-bss_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bss_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_null.o: ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bss_sock.o: ../cryptlib.h
+bss_sock.o: ../cryptlib.h bss_sock.c
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
index fa4e350..3f5d6a7 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -116,7 +116,7 @@
 #endif
 
 #if HAVE_LONG_LONG
-# if defined(WIN32) && !defined(__GNUC__)
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
 # define LLONG _int64
 # else
 # define LLONG long long
@@ -483,7 +483,7 @@ fmtint(
 {
     int signvalue = 0;
     unsigned LLONG uvalue;
-    char convert[20];
+    char convert[DECIMAL_SIZE(value)+1];
     int place = 0;
     int spadlen = 0;
     int zpadlen = 0;
@@ -508,8 +508,8 @@ fmtint(
             (caps ? "0123456789ABCDEF" : "0123456789abcdef")
             [uvalue % (unsigned) base];
         uvalue = (uvalue / (unsigned) base);
-    } while (uvalue && (place < 20));
-    if (place == 20)
+    } while (uvalue && (place < sizeof convert));
+    if (place == sizeof convert)
         place--;
     convert[place] = 0;
 
@@ -641,8 +641,8 @@ fmtfp(
             (caps ? "0123456789ABCDEF"
               : "0123456789abcdef")[intpart % 10];
         intpart = (intpart / 10);
-    } while (intpart && (iplace < 20));
-    if (iplace == 20)
+    } while (intpart && (iplace < sizeof iplace));
+    if (iplace == sizeof iplace)
         iplace--;
     iconvert[iplace] = 0;
 
@@ -653,7 +653,7 @@ fmtfp(
               : "0123456789abcdef")[fracpart % 10];
         fracpart = (fracpart / 10);
     } while (fplace < max);
-    if (fplace == 20)
+    if (fplace == sizeof fplace)
         fplace--;
     fconvert[fplace] = 0;
 
diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c
index 8fb0716..86f3817 100644
--- a/crypto/openssl/crypto/bio/b_sock.c
+++ b/crypto/openssl/crypto/bio/b_sock.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -65,7 +65,7 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL IPPROTO_TCP
@@ -79,10 +79,11 @@
 #define MAX_LISTEN  32
 #endif
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 static int wsa_init_done=0;
 #endif
 
+#if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
 
@@ -93,6 +94,7 @@ static struct ghbn_cache_st
 	struct hostent *ent;
 	unsigned long order;
 	} ghbn_cache[GHBN_NUM];
+#endif
 
 static int get_ip(const char *str,unsigned char *ip);
 #if 0
@@ -230,6 +232,7 @@ int BIO_sock_error(int sock)
 		return(j);
 	}
 
+#if 0
 long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
 	{
 	int i;
@@ -267,6 +270,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
 		}
 	return(1);
 	}
+#endif
 
 #if 0
 static struct hostent *ghbn_dup(struct hostent *a)
@@ -345,6 +349,7 @@ static void ghbn_free(struct hostent *a)
 	if (a->h_name != NULL) OPENSSL_free(a->h_name);
 	OPENSSL_free(a);
 	}
+
 #endif
 
 struct hostent *BIO_gethostbyname(const char *name)
@@ -441,7 +446,7 @@ end:
 
 int BIO_sock_init(void)
 	{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	static struct WSAData wsa_state;
 
 	if (!wsa_init_done)
@@ -461,29 +466,41 @@ int BIO_sock_init(void)
 			return(-1);
 			}
 		}
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WINDOWS */
+#ifdef WATT32
+	extern int _watt_do_exit;
+	_watt_do_exit = 0;    /* don't make sock_init() call exit() */
+	if (sock_init())
+		return (-1);
+#endif
 	return(1);
 	}
 
 void BIO_sock_cleanup(void)
 	{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
 		WSACancelBlockingCall();
+#endif
 		WSACleanup();
 		}
 #endif
 	}
 
-#if !defined(VMS) || __VMS_VER >= 70000000
+#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
 
 int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
 	{
 	int i;
 
+#ifdef __DJGPP__
+	i=ioctlsocket(fd,type,(char *)arg);
+#else
 	i=ioctlsocket(fd,type,arg);
+#endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
 	return(i);
@@ -506,16 +523,16 @@ static int get_ip(const char *str, unsigned char ip[4])
 			{
 			ok=1;
 			tmp[num]=tmp[num]*10+c-'0';
-			if (tmp[num] > 255) return(-1);
+			if (tmp[num] > 255) return(0);
 			}
 		else if (c == '.')
 			{
 			if (!ok) return(-1);
-			if (num == 3) break;
+			if (num == 3) return(0);
 			num++;
 			ok=0;
 			}
-		else if ((num == 3) && ok)
+		else if (c == '\0' && (num == 3) && ok)
 			break;
 		else
 			return(0);
@@ -673,6 +690,7 @@ int BIO_accept(int sock, char **addr)
 	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
+		if(BIO_sock_should_retry(ret)) return -2;
 		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
 		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
 		goto end;
diff --git a/crypto/openssl/crypto/bio/bf_buff.c b/crypto/openssl/crypto/bio/bf_buff.c
index c90238b..1cecd70 100644
--- a/crypto/openssl/crypto/bio/bf_buff.c
+++ b/crypto/openssl/crypto/bio/bf_buff.c
@@ -60,7 +60,6 @@
 #include <errno.h>
 #include "cryptlib.h"
 #include <openssl/bio.h>
-#include <openssl/evp.h>
 
 static int buffer_write(BIO *h, const char *buf,int num);
 static int buffer_read(BIO *h, char *buf, int size);
@@ -483,7 +482,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
 			size-=i;
 			ctx->ibuf_len-=i;
 			ctx->ibuf_off+=i;
-			if ((flag) || (i == size))
+			if (flag || size == 0)
 				{
 				*buf='\0';
 				return(num);
diff --git a/crypto/openssl/crypto/bio/bf_nbio.c b/crypto/openssl/crypto/bio/bf_nbio.c
index 988cd5a..1ce2bfa 100644
--- a/crypto/openssl/crypto/bio/bf_nbio.c
+++ b/crypto/openssl/crypto/bio/bf_nbio.c
@@ -61,7 +61,6 @@
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/bio.h>
-#include <openssl/evp.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
diff --git a/crypto/openssl/crypto/bio/bf_null.c b/crypto/openssl/crypto/bio/bf_null.c
index 2678a1a..c1bf39a 100644
--- a/crypto/openssl/crypto/bio/bf_null.c
+++ b/crypto/openssl/crypto/bio/bf_null.c
@@ -60,7 +60,6 @@
 #include <errno.h>
 #include "cryptlib.h"
 #include <openssl/bio.h>
-#include <openssl/evp.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h
index fd3aaa0..ecd2899 100644
--- a/crypto/openssl/crypto/bio/bio.h
+++ b/crypto/openssl/crypto/bio/bio.h
@@ -59,12 +59,13 @@
 #ifndef HEADER_BIO_H
 #define HEADER_BIO_H
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 # include <stdio.h>
 #endif
 #include <stdarg.h>
 
 #include <openssl/crypto.h>
+#include <openssl/e_os2.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -179,7 +180,7 @@ extern "C" {
 #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
 #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
 
-/* The next two are used in conjunction with the
+/* The next three are used in conjunction with the
  * BIO_should_io_special() condition.  After this returns true,
  * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
  * stack and return the 'reason' for the special and the offending BIO.
@@ -188,6 +189,8 @@ extern "C" {
 #define BIO_RR_SSL_X509_LOOKUP		0x01
 /* Returned from the connect BIO when a connect would have blocked */
 #define BIO_RR_CONNECT			0x02
+/* Returned from the accept BIO when an accept would have blocked */
+#define BIO_RR_ACCEPT			0x03
 
 /* These are passed by the BIO callback */
 #define BIO_CB_FREE	0x01
@@ -215,7 +218,7 @@ typedef struct bio_st BIO;
 
 typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
 
-#ifndef WIN16
+#ifndef OPENSSL_SYS_WIN16
 typedef struct bio_method_st
 	{
 	int type;
@@ -464,8 +467,9 @@ int BIO_read_filename(BIO *b,const char *name);
 size_t BIO_ctrl_pending(BIO *b);
 size_t BIO_ctrl_wpending(BIO *b);
 #define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(bio_info_cb **)(cbp))
-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,(bio_info_cb *)(cb))
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+						   cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
 
 /* For the BIO_f_buffer() type */
 #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
@@ -493,8 +497,8 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
 
-# ifndef NO_FP_API
-#  if defined(WIN16) && defined(_WINDLL)
+# ifndef OPENSSL_NO_FP_API
+#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
 BIO_METHOD *BIO_s_file_internal(void);
 BIO *BIO_new_file_internal(char *filename, char *mode);
 BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
@@ -518,6 +522,7 @@ int	BIO_read(BIO *b, void *data, int len);
 int	BIO_gets(BIO *bp,char *buf, int size);
 int	BIO_write(BIO *b, const void *data, int len);
 int	BIO_puts(BIO *bp,const char *buf);
+int	BIO_indent(BIO *b,int indent,int max);
 long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
 long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
 char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
@@ -536,7 +541,7 @@ int BIO_nread(BIO *bio, char **buf, int num);
 int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
-#ifndef WIN16
+#ifndef OPENSSL_SYS_WIN16
 long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #else
@@ -550,12 +555,14 @@ BIO_METHOD *BIO_s_socket(void);
 BIO_METHOD *BIO_s_connect(void);
 BIO_METHOD *BIO_s_accept(void);
 BIO_METHOD *BIO_s_fd(void);
+#ifndef OPENSSL_SYS_OS2
 BIO_METHOD *BIO_s_log(void);
+#endif
 BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
 BIO_METHOD *BIO_f_buffer(void);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 BIO_METHOD *BIO_f_linebuffer(void);
 #endif
 BIO_METHOD *BIO_f_nbio_test(void);
@@ -602,7 +609,7 @@ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
 
 void BIO_copy_next_retry(BIO *b);
 
-long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
 int BIO_printf(BIO *bio, const char *format, ...);
 int BIO_vprintf(BIO *bio, const char *format, va_list args);
@@ -643,6 +650,7 @@ void ERR_load_BIO_strings(void);
 #define BIO_F_CONN_CTRL					 127
 #define BIO_F_CONN_STATE				 115
 #define BIO_F_FILE_CTRL					 116
+#define BIO_F_FILE_READ					 130
 #define BIO_F_LINEBUFFER_CTRL				 129
 #define BIO_F_MEM_READ					 128
 #define BIO_F_MEM_WRITE					 117
@@ -669,6 +677,7 @@ void ERR_load_BIO_strings(void);
 #define BIO_R_NO_HOSTNAME_SPECIFIED			 112
 #define BIO_R_NO_PORT_DEFINED				 113
 #define BIO_R_NO_PORT_SPECIFIED				 114
+#define BIO_R_NO_SUCH_FILE				 128
 #define BIO_R_NULL_PARAMETER				 115
 #define BIO_R_TAG_MISMATCH				 116
 #define BIO_R_UNABLE_TO_BIND_SOCKET			 117
diff --git a/crypto/openssl/crypto/bio/bio_cb.c b/crypto/openssl/crypto/bio/bio_cb.c
index 37c7c22..0ffa4d2 100644
--- a/crypto/openssl/crypto/bio/bio_cb.c
+++ b/crypto/openssl/crypto/bio/bio_cb.c
@@ -125,7 +125,7 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
 	b=(BIO *)bio->cb_arg;
 	if (b != NULL)
 		BIO_write(b,buf,strlen(buf));
-#if !defined(NO_STDIO) && !defined(WIN16)
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
 	else
 		fputs(buf,stderr);
 #endif
diff --git a/crypto/openssl/crypto/bio/bio_err.c b/crypto/openssl/crypto/bio/bio_err.c
index bb815fb..68a119d 100644
--- a/crypto/openssl/crypto/bio/bio_err.c
+++ b/crypto/openssl/crypto/bio/bio_err.c
@@ -63,7 +63,7 @@
 #include <openssl/bio.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA BIO_str_functs[]=
 	{
 {ERR_PACK(0,BIO_F_ACPT_STATE,0),	"ACPT_STATE"},
@@ -91,6 +91,7 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_CTRL,0),	"CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_FILE_READ,0),	"FILE_READ"},
 {ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),	"LINEBUFFER_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_READ,0),	"MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
@@ -120,6 +121,7 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {BIO_R_NO_HOSTNAME_SPECIFIED             ,"no hostname specified"},
 {BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
 {BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
+{BIO_R_NO_SUCH_FILE                      ,"no such file"},
 {BIO_R_NULL_PARAMETER                    ,"null parameter"},
 {BIO_R_TAG_MISMATCH                      ,"tag mismatch"},
 {BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
@@ -141,7 +143,7 @@ void ERR_load_BIO_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c
index 381afc9..98ce395 100644
--- a/crypto/openssl/crypto/bio/bio_lib.c
+++ b/crypto/openssl/crypto/bio/bio_lib.c
@@ -63,9 +63,6 @@
 #include <openssl/bio.h>
 #include <openssl/stack.h>
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
-static int bio_meth_num=0;
-
 BIO *BIO_new(BIO_METHOD *method)
 	{
 	BIO *ret=NULL;
@@ -100,10 +97,14 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
 	bio->references=1;
 	bio->num_read=0L;
 	bio->num_write=0L;
-	CRYPTO_new_ex_data(bio_meth,bio,&bio->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
 	if (method->create != NULL)
 		if (!method->create(bio))
+			{
+			CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
+					&bio->ex_data);
 			return(0);
+			}
 	return(1);
 	}
 
@@ -129,7 +130,7 @@ int BIO_free(BIO *a)
 		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
 			return(i);
 
-	CRYPTO_free_ex_data(bio_meth,a,&a->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
 	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
 	ret=a->method->destroy(a);
@@ -271,6 +272,18 @@ int BIO_gets(BIO *b, char *in, int inl)
 	return(i);
 	}
 
+int BIO_indent(BIO *b,int indent,int max)
+	{
+	if(indent < 0)
+		indent=0;
+	if(indent > max)
+		indent=max;
+	while(indent--)
+		if(BIO_puts(b," ") != 1)
+			return 0;
+	return 1;
+	}
+
 long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
 	{
 	int i;
@@ -482,7 +495,8 @@ BIO *BIO_dup_chain(BIO *in)
 			}
 
 		/* copy app data */
-		if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+					&bio->ex_data))
 			goto err;
 
 		if (ret == NULL)
@@ -512,9 +526,8 @@ void BIO_copy_next_retry(BIO *b)
 int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 	{
-	bio_meth_num++;
-	return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
-		argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+				new_func, dup_func, free_func);
 	}
 
 int BIO_set_ex_data(BIO *bio, int idx, void *data)
diff --git a/crypto/openssl/crypto/bio/bss_acpt.c b/crypto/openssl/crypto/bio/bss_acpt.c
index 4da5822..8ea1db1 100644
--- a/crypto/openssl/crypto/bio/bss_acpt.c
+++ b/crypto/openssl/crypto/bio/bss_acpt.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <errno.h>
@@ -64,13 +64,13 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
-#if (defined(VMS) && __VMS_VER < 70000000)
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
@@ -236,8 +236,20 @@ again:
 			c->state=ACPT_S_OK;
 			goto again;
 			}
+		BIO_clear_retry_flags(b);
+		b->retry_reason=0;
 		i=BIO_accept(c->accept_sock,&(c->addr));
+
+		/* -2 return means we should retry */
+		if(i == -2)
+			{
+			BIO_set_retry_special(b);
+			b->retry_reason=BIO_RR_ACCEPT;
+			return -1;
+			}
+
 		if (i < 0) return(i);
+
 		bio=BIO_new_socket(i,BIO_CLOSE);
 		if (bio == NULL) goto err;
 
diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/openssl/crypto/bio/bss_bio.c
index 2797049..aa58dab 100644
--- a/crypto/openssl/crypto/bio/bss_bio.c
+++ b/crypto/openssl/crypto/bio/bss_bio.c
@@ -28,16 +28,15 @@
 
 #include <openssl/bio.h>
 #include <openssl/err.h>
-#include <openssl/err.h>
 #include <openssl/crypto.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
-/* VxWorks defines SSiZE_MAX with an empty value causing compile errors */
-#if defined(VXWORKS)
+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
+#if defined(OPENSSL_SYS_VXWORKS)
 # undef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#elif !defined(SSIZE_MAX)
+#endif
+#ifndef SSIZE_MAX
 # define SSIZE_MAX INT_MAX
 #endif
 
diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c
index a6b77a2..743db6f 100644
--- a/crypto/openssl/crypto/bio/bss_conn.c
+++ b/crypto/openssl/crypto/bio/bss_conn.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <errno.h>
@@ -64,13 +64,13 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
-#if (defined(VMS) && __VMS_VER < 70000000)
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
@@ -95,7 +95,7 @@ typedef struct bio_connect_st
 	/* called when the connection is initially made
 	 *  callback(BIO,state,ret);  The callback should return
 	 * 'ret'.  state is for compatibility with the ssl info_callback */
-	int (*info_callback)();
+	int (*info_callback)(const BIO *bio,int state,int ret);
 	} BIO_CONNECT;
 
 static int conn_write(BIO *h, const char *buf, int num);
@@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
 				}
 			c->state=BIO_CONN_S_CONNECT;
 
-#if defined(SO_KEEPALIVE) && !defined(MPE)
+#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
 			i=1;
 			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 			if (i < 0)
@@ -519,7 +519,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 			else if (num == 2)
 				{
 				char buf[16];
-				char *p = ptr;
+				unsigned char *p = ptr;
 
 				sprintf(buf,"%d.%d.%d.%d",
 					p[0],p[1],p[2],p[3]);
@@ -530,7 +530,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 				}
 			else if (num == 3)
 				{
-				char buf[16];
+				char buf[DECIMAL_SIZE(int)+1];
 
 				sprintf(buf,"%d",*(int *)ptr);
 				if (data->param_port != NULL)
@@ -574,7 +574,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 		if (data->param_hostname)
 			BIO_set_conn_hostname(dbio,data->param_hostname);
 		BIO_set_nbio(dbio,data->nbio);
-                (void)BIO_set_info_callback(dbio,data->info_callback);
+		/* FIXME: the cast of the function seems unlikely to be a good idea */
+                (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
 		}
 		break;
 	case BIO_CTRL_SET_CALLBACK:
@@ -613,7 +614,7 @@ static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
 		{
 	case BIO_CTRL_SET_CALLBACK:
 		{
-		data->info_callback=(int (*)())fp;
+		data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
 		}
 		break;
 	default:
diff --git a/crypto/openssl/crypto/bio/bss_fd.c b/crypto/openssl/crypto/bio/bss_fd.c
index 686c4909..5e3e187 100644
--- a/crypto/openssl/crypto/bio/bss_fd.c
+++ b/crypto/openssl/crypto/bio/bss_fd.c
@@ -56,7 +56,227 @@
  * [including the GNU Public Licence.]
  */
 
-#define BIO_FD
-#include "bss_sock.c"
-#undef BIO_FD
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
 
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static BIO_METHOD methods_fdp=
+	{
+	BIO_TYPE_FD,"file descriptor",
+	fd_write,
+	fd_read,
+	fd_puts,
+	NULL, /* fd_gets, */
+	fd_ctrl,
+	fd_new,
+	fd_free,
+	NULL,
+	};
+
+BIO_METHOD *BIO_s_fd(void)
+	{
+	return(&methods_fdp);
+	}
+
+BIO *BIO_new_fd(int fd,int close_flag)
+	{
+	BIO *ret;
+	ret=BIO_new(BIO_s_fd());
+	if (ret == NULL) return(NULL);
+	BIO_set_fd(ret,fd,close_flag);
+	return(ret);
+	}
+
+static int fd_new(BIO *bi)
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	bi->flags=0;
+	return(1);
+	}
+
+static int fd_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if (a->init)
+			{
+			close(a->num);
+			}
+		a->init=0;
+		a->flags=0;
+		}
+	return(1);
+	}
+	
+static int fd_read(BIO *b, char *out,int outl)
+	{
+	int ret=0;
+
+	if (out != NULL)
+		{
+		clear_sys_error();
+		ret=read(b->num,out,outl);
+		BIO_clear_retry_flags(b);
+		if (ret <= 0)
+			{
+			if (BIO_fd_should_retry(ret))
+				BIO_set_retry_read(b);
+			}
+		}
+	return(ret);
+	}
+
+static int fd_write(BIO *b, const char *in, int inl)
+	{
+	int ret;
+	clear_sys_error();
+	ret=write(b->num,in,inl);
+	BIO_clear_retry_flags(b);
+	if (ret <= 0)
+		{
+		if (BIO_fd_should_retry(ret))
+			BIO_set_retry_write(b);
+		}
+	return(ret);
+	}
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+	{
+	long ret=1;
+	int *ip;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		num=0;
+	case BIO_C_FILE_SEEK:
+		ret=(long)lseek(b->num,num,0);
+		break;
+	case BIO_C_FILE_TELL:
+	case BIO_CTRL_INFO:
+		ret=(long)lseek(b->num,0,1);
+		break;
+	case BIO_C_SET_FD:
+		fd_free(b);
+		b->num= *((int *)ptr);
+		b->shutdown=(int)num;
+		b->init=1;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL) *ip=b->num;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		ret=1;
+		break;
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int fd_puts(BIO *bp, const char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=fd_write(bp,str,n);
+	return(ret);
+	}
+
+int BIO_fd_should_retry(int i)
+	{
+	int err;
+
+	if ((i == 0) || (i == -1))
+		{
+		err=get_last_sys_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+		if ((i == -1) && (err == 0))
+			return(1);
+#endif
+
+		return(BIO_fd_non_fatal_error(err));
+		}
+	return(0);
+	}
+
+int BIO_fd_non_fatal_error(int err)
+	{
+	switch (err)
+		{
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+	case EWOULDBLOCK:
+#  endif
+# else
+	case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+	case ENOTCONN:
+#endif
+
+#ifdef EINTR
+	case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+	case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+	case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+	case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+	case EALREADY:
+#endif
+		return(1);
+		/* break; */
+	default:
+		break;
+		}
+	return(0);
+	}
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
index 1f770b3..a66600c 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -71,7 +71,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
-#if !defined(NO_STDIO)
+#if !defined(OPENSSL_NO_STDIO)
 
 static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
 static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
@@ -103,7 +103,10 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 		{
 		SYSerr(SYS_F_FOPEN,get_last_sys_error());
 		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+		if (errno == ENOENT)
+			BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+		else
+			BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
 		return(NULL);
 		}
 	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
@@ -159,6 +162,12 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
 	if (b->init && (out != NULL))
 		{
 		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+		if(ret == 0 && ferror((FILE *)b->ptr))
+			{
+			SYSerr(SYS_F_FREAD,get_last_sys_error());
+			BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
+			ret=-1;
+			}
 		}
 	return(ret);
 	}
@@ -204,12 +213,17 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=(char *)ptr;
 		b->init=1;
-#if defined(MSDOS) || defined(WINDOWS)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
 		/* Set correct text/binary mode */
 		if (num & BIO_FP_TEXT)
 			_setmode(fileno((FILE *)ptr),_O_TEXT);
 		else
 			_setmode(fileno((FILE *)ptr),_O_BINARY);
+#elif defined(OPENSSL_SYS_OS2)
+		if (num & BIO_FP_TEXT)
+			setmode(fileno((FILE *)ptr), O_TEXT);
+		else
+			setmode(fileno((FILE *)ptr), O_BINARY);
 #endif
 		break;
 	case BIO_C_SET_FILENAME:
@@ -233,7 +247,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 			ret=0;
 			break;
 			}
-#if defined(MSDOS) || defined(WINDOWS)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2)
 		if (!(num & BIO_FP_TEXT))
 			strcat(p,"b");
 		else
@@ -303,7 +317,7 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str)
 	return(ret);
 	}
 
-#endif /* NO_STDIO */
+#endif /* OPENSSL_NO_STDIO */
 
 #endif /* HEADER_BSS_FILE_C */
 
diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c
index 7ba2aca..1eb678c 100644
--- a/crypto/openssl/crypto/bio/bss_log.c
+++ b/crypto/openssl/crypto/bio/bss_log.c
@@ -66,26 +66,28 @@
 #include <stdio.h>
 #include <errno.h>
 
-#if defined(WIN32)
+#include "cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
 #  include <process.h>
-#elif defined(VMS) || defined(__VMS)
+#elif defined(OPENSSL_SYS_VMS)
 #  include <opcdef.h>
 #  include <descrip.h>
 #  include <lib$routines.h>
 #  include <starlet.h>
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
-#elif !defined(MSDOS) && !defined(VXWORKS) /* Unix */
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
 #  include <syslog.h>
 #endif
 
-#include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 
 #ifndef NO_SYSLOG
 
-#if defined(WIN32)
+#if defined(OPENSSL_SYS_WIN32)
 #define LOG_EMERG	0
 #define LOG_ALERT	1
 #define LOG_CRIT	2
@@ -96,7 +98,7 @@
 #define LOG_DEBUG	7
 
 #define LOG_DAEMON	(3<<3)
-#elif defined(VMS)
+#elif defined(OPENSSL_SYS_VMS)
 /* On VMS, we don't really care about these, but we need them to compile */
 #define LOG_EMERG	0
 #define LOG_ALERT	1
@@ -118,7 +120,7 @@ static int MS_CALLBACK slg_free(BIO *data);
 static void xopenlog(BIO* bp, char* name, int level);
 static void xsyslog(BIO* bp, int priority, const char* string);
 static void xcloselog(BIO* bp);
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 LONG	(WINAPI *go_for_advapi)()	= RegOpenKeyEx;
 HANDLE	(WINAPI *register_event_source)()	= NULL;
 BOOL	(WINAPI *deregister_event_source)()	= NULL;
@@ -241,7 +243,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 	return(ret);
 	}
 
-#if defined(WIN32)
+#if defined(OPENSSL_SYS_WIN32)
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
@@ -273,7 +275,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 	LPCSTR lpszStrings[2];
 	WORD evtype= EVENTLOG_ERROR_TYPE;
 	int pid = _getpid();
-	char pidbuf[20];
+	char pidbuf[DECIMAL_SIZE(pid)+4];
 
 	switch (priority)
 		{
@@ -313,7 +315,7 @@ static void xcloselog(BIO* bp)
 	bp->ptr= NULL;
 }
 
-#elif defined(VMS)
+#elif defined(OPENSSL_SYS_VMS)
 
 static int VMS_OPC_target = LOG_DAEMON;
 
@@ -372,11 +374,15 @@ static void xcloselog(BIO* bp)
 {
 }
 
-#else /* Unix */
+#else /* Unix/Watt32 */
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
+#ifdef WATT32   /* djgpp/DOS */
+	openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
+#else
 	openlog(name, LOG_PID|LOG_CONS, level);
+#endif
 }
 
 static void xsyslog(BIO *bp, int priority, const char *string)
diff --git a/crypto/openssl/crypto/bio/bss_mem.c b/crypto/openssl/crypto/bio/bss_mem.c
index 28ff758..a4edb71 100644
--- a/crypto/openssl/crypto/bio/bss_mem.c
+++ b/crypto/openssl/crypto/bio/bss_mem.c
@@ -190,7 +190,7 @@ static int mem_write(BIO *b, const char *in, int inl)
 
 	BIO_clear_retry_flags(b);
 	blen=bm->length;
-	if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
+	if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
 		goto end;
 	memcpy(&(bm->data[blen]),in,inl);
 	ret=inl;
@@ -284,7 +284,11 @@ static int mem_gets(BIO *bp, char *buf, int size)
 
 	BIO_clear_retry_flags(bp);
 	j=bm->length;
-	if (j <= 0) return(0);
+	if (j <= 0)
+		{
+		*buf='\0';
+		return 0;
+		}
 	p=bm->data;
 	for (i=0; i<j; i++)
 		{
diff --git a/crypto/openssl/crypto/bio/bss_sock.c b/crypto/openssl/crypto/bio/bss_sock.c
index 50c6744..2c1c405 100644
--- a/crypto/openssl/crypto/bio/bss_sock.c
+++ b/crypto/openssl/crypto/bio/bss_sock.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#if !defined(NO_SOCK) || defined(BIO_FD)
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <errno.h>
@@ -64,7 +64,12 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-#ifndef BIO_FD
+#ifdef WATT32
+#define sock_write SockWrite  /* Watt-32 uses same names */
+#define sock_read  SockRead
+#define sock_puts  SockPuts
+#endif
+
 static int sock_write(BIO *h, const char *buf, int num);
 static int sock_read(BIO *h, char *buf, int size);
 static int sock_puts(BIO *h, const char *str);
@@ -72,18 +77,7 @@ static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int sock_new(BIO *h);
 static int sock_free(BIO *data);
 int BIO_sock_should_retry(int s);
-#else
 
-static int fd_write(BIO *h, const char *buf, int num);
-static int fd_read(BIO *h, char *buf, int size);
-static int fd_puts(BIO *h, const char *str);
-static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int fd_new(BIO *h);
-static int fd_free(BIO *data);
-int BIO_fd_should_retry(int s);
-#endif
-
-#ifndef BIO_FD
 static BIO_METHOD methods_sockp=
 	{
 	BIO_TYPE_SOCKET,
@@ -102,49 +96,18 @@ BIO_METHOD *BIO_s_socket(void)
 	{
 	return(&methods_sockp);
 	}
-#else
-static BIO_METHOD methods_fdp=
-	{
-	BIO_TYPE_FD,"file descriptor",
-	fd_write,
-	fd_read,
-	fd_puts,
-	NULL, /* fd_gets, */
-	fd_ctrl,
-	fd_new,
-	fd_free,
-	NULL,
-	};
 
-BIO_METHOD *BIO_s_fd(void)
-	{
-	return(&methods_fdp);
-	}
-#endif
-
-#ifndef BIO_FD
 BIO *BIO_new_socket(int fd, int close_flag)
-#else
-BIO *BIO_new_fd(int fd,int close_flag)
-#endif
 	{
 	BIO *ret;
 
-#ifndef BIO_FD
 	ret=BIO_new(BIO_s_socket());
-#else
-	ret=BIO_new(BIO_s_fd());
-#endif
 	if (ret == NULL) return(NULL);
 	BIO_set_fd(ret,fd,close_flag);
 	return(ret);
 	}
 
-#ifndef BIO_FD
 static int sock_new(BIO *bi)
-#else
-static int fd_new(BIO *bi)
-#endif
 	{
 	bi->init=0;
 	bi->num=0;
@@ -153,23 +116,14 @@ static int fd_new(BIO *bi)
 	return(1);
 	}
 
-#ifndef BIO_FD
 static int sock_free(BIO *a)
-#else
-static int fd_free(BIO *a)
-#endif
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
 		{
 		if (a->init)
 			{
-#ifndef BIO_FD
 			SHUTDOWN2(a->num);
-#else			/* BIO_FD */
-			close(a->num);
-#endif
-
 			}
 		a->init=0;
 		a->flags=0;
@@ -177,70 +131,40 @@ static int fd_free(BIO *a)
 	return(1);
 	}
 	
-#ifndef BIO_FD
 static int sock_read(BIO *b, char *out, int outl)
-#else
-static int fd_read(BIO *b, char *out,int outl)
-#endif
 	{
 	int ret=0;
 
 	if (out != NULL)
 		{
-#ifndef BIO_FD
 		clear_socket_error();
 		ret=readsocket(b->num,out,outl);
-#else
-		clear_sys_error();
-		ret=read(b->num,out,outl);
-#endif
 		BIO_clear_retry_flags(b);
 		if (ret <= 0)
 			{
-#ifndef BIO_FD
 			if (BIO_sock_should_retry(ret))
-#else
-			if (BIO_fd_should_retry(ret))
-#endif
 				BIO_set_retry_read(b);
 			}
 		}
 	return(ret);
 	}
 
-#ifndef BIO_FD
 static int sock_write(BIO *b, const char *in, int inl)
-#else
-static int fd_write(BIO *b, const char *in, int inl)
-#endif
 	{
 	int ret;
 	
-#ifndef BIO_FD
 	clear_socket_error();
 	ret=writesocket(b->num,in,inl);
-#else
-	clear_sys_error();
-	ret=write(b->num,in,inl);
-#endif
 	BIO_clear_retry_flags(b);
 	if (ret <= 0)
 		{
-#ifndef BIO_FD
 		if (BIO_sock_should_retry(ret))
-#else
-		if (BIO_fd_should_retry(ret))
-#endif
 			BIO_set_retry_write(b);
 		}
 	return(ret);
 	}
 
-#ifndef BIO_FD
 static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
-#else
-static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
-#endif
 	{
 	long ret=1;
 	int *ip;
@@ -250,26 +174,14 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
 	case BIO_CTRL_RESET:
 		num=0;
 	case BIO_C_FILE_SEEK:
-#ifdef BIO_FD
-		ret=(long)lseek(b->num,num,0);
-#else
 		ret=0;
-#endif
 		break;
 	case BIO_C_FILE_TELL:
 	case BIO_CTRL_INFO:
-#ifdef BIO_FD
-		ret=(long)lseek(b->num,0,1);
-#else
 		ret=0;
-#endif
 		break;
 	case BIO_C_SET_FD:
-#ifndef BIO_FD
 		sock_free(b);
-#else
-		fd_free(b);
-#endif
 		b->num= *((int *)ptr);
 		b->shutdown=(int)num;
 		b->init=1;
@@ -305,69 +217,38 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
 	return(ret);
 	}
 
-#ifdef undef
-static int sock_gets(BIO *bp, char *buf,int size)
-	{
-	return(-1);
-	}
-#endif
-
-#ifndef BIO_FD
 static int sock_puts(BIO *bp, const char *str)
-#else
-static int fd_puts(BIO *bp, const char *str)
-#endif
 	{
 	int n,ret;
 
 	n=strlen(str);
-#ifndef BIO_FD
 	ret=sock_write(bp,str,n);
-#else
-	ret=fd_write(bp,str,n);
-#endif
 	return(ret);
 	}
 
-#ifndef BIO_FD
 int BIO_sock_should_retry(int i)
-#else
-int BIO_fd_should_retry(int i)
-#endif
 	{
 	int err;
 
 	if ((i == 0) || (i == -1))
 		{
-#ifndef BIO_FD
 		err=get_last_socket_error();
-#else
-		err=get_last_sys_error();
-#endif
 
-#if defined(WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
 		if ((i == -1) && (err == 0))
 			return(1);
 #endif
 
-#ifndef BIO_FD
 		return(BIO_sock_non_fatal_error(err));
-#else
-		return(BIO_fd_non_fatal_error(err));
-#endif
 		}
 	return(0);
 	}
 
-#ifndef BIO_FD
 int BIO_sock_non_fatal_error(int err)
-#else
-int BIO_fd_non_fatal_error(int err)
-#endif
 	{
 	switch (err)
 		{
-#if !defined(BIO_FD) && defined(WINDOWS)
+#if defined(OPENSSL_SYS_WINDOWS)
 # if defined(WSAEWOULDBLOCK)
 	case WSAEWOULDBLOCK:
 # endif
diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl
index 9e075a2..1d378920 100644
--- a/crypto/openssl/crypto/bn/Makefile.ssl
+++ b/crypto/openssl/crypto/bn/Makefile.ssl
@@ -6,13 +6,14 @@ DIR=	bn
 TOP=	../..
 CC=	cc
 CPP=    $(CC) -E
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -35,15 +36,15 @@ TEST=bntest.c exptest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
+LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
-	bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
-	bn_mpi.c bn_exp2.c
+	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
 
-LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o \
+LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
-	bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
-	bn_mpi.o bn_exp2.o
+	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
 
 SRC= $(LIBSRC)
 
@@ -68,8 +69,7 @@ bnbug: bnbug.c ../../libcrypto.a top
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -124,7 +124,19 @@ asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
 	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
 		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
 
-asm/ia64.o: asm/ia64.S
+
+asm/ia64.o:	asm/ia64.S
+
+# Some compiler drivers (most notably HP-UX and Intel C++) don't
+# understand .S extension:-( I wish I could pipe output from cc -E,
+# but it's too compiler driver/ABI dependent to cover with a single
+# rule...	<appro@fy.chalmers.se>
+asm/ia64-cpp.o:	asm/ia64.S
+	$(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s &&	\
+	$(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s;	\
+	rm -f /tmp/ia64.$$$$.s
+
+asm/x86_64-gcc.o: asm/x86_64-gcc.c
 
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
@@ -159,7 +171,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -170,146 +182,160 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_add.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_asm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_asm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_blind.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_blind.o: ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_blind.o: ../cryptlib.h bn_lcl.h
-bn_ctx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_ctx.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_ctx.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h
-bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_div.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_div.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h
 bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-bn_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_err.o: ../../include/openssl/symhacks.h bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_exp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_exp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_exp2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_gcd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_mont.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_mpi.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_mul.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_mul.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_prime.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_prime.o: ../../include/openssl/opensslconf.h
-bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-bn_prime.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_prime.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_prime.h
-bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_print.o: ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_print.o: ../cryptlib.h bn_lcl.h
-bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_rand.o: ../cryptlib.h bn_lcl.h
-bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_recp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_recp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_shift.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_shift.o: ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_shift.o: ../cryptlib.h bn_lcl.h
-bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_sqr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
-bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_word.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_word.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
diff --git a/crypto/openssl/crypto/bn/asm/README b/crypto/openssl/crypto/bn/asm/README
index a0fe58a..b0f3a68 100644
--- a/crypto/openssl/crypto/bn/asm/README
+++ b/crypto/openssl/crypto/bn/asm/README
@@ -1,3 +1,5 @@
+<OBSOLETE>
+
 All assember in this directory are just version of the file
 crypto/bn/bn_asm.c.
 
@@ -21,3 +23,5 @@ pa-risc.s is the origional one which works fine and generated using gcc :-)
 
 pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
 by Chris Ruemmler from HP (with some help from the HP C compiler).
+
+</OBSOLETE>
diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/openssl/crypto/bn/asm/bn-586.pl
index 5191bed..33f6125 100644
--- a/crypto/openssl/crypto/bn/asm/bn-586.pl
+++ b/crypto/openssl/crypto/bn/asm/bn-586.pl
@@ -11,6 +11,7 @@ require "x86asm.pl";
 &bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
 &bn_sub_words("bn_sub_words");
+&bn_sub_part_words("bn_sub_part_words");
 
 &asm_finish();
 
@@ -300,7 +301,7 @@ sub bn_add_words
 		 &add($tmp1,$tmp2);
 		&adc($c,0);
 		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
 		 &jz(&label("aw_end")) if ($i != 6);
 		}
 	&set_label("aw_end",0);
@@ -372,7 +373,7 @@ sub bn_sub_words
 		 &sub($tmp1,$tmp2);
 		&adc($c,0);
 		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
 		 &jz(&label("aw_end")) if ($i != 6);
 		}
 	&set_label("aw_end",0);
@@ -382,3 +383,211 @@ sub bn_sub_words
 	&function_end($name);
 	}
 
+sub bn_sub_part_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP(0,$a,"",0));	# *a
+		 &mov($tmp2,&DWP(0,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		&mov(&DWP(0,$r,"",0),$tmp1);	# *r
+		&add($a, 4);
+		&add($b, 4);
+		&add($r, 4);
+		 &dec($num) if ($i != 6);
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+	&cmp(&wparam(4),0);
+	&je(&label("pw_end"));
+
+	&mov($num,&wparam(4));	# get dl
+	&cmp($num,0);
+	&je(&label("pw_end"));
+	&jge(&label("pw_pos"));
+
+	&comment("pw_neg");
+	&mov($tmp2,0);
+	&sub($tmp2,$num);
+	&mov($num,$tmp2);
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_neg_finish"));
+
+	&set_label("pw_neg_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl<0 Round $i");
+
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+	}
+	    
+	&comment("");
+	&add($b,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_neg_loop"));
+	    
+	&set_label("pw_neg_finish",0);
+	&mov($tmp2,&wparam(4));	# get dl
+	&mov($num,0);
+	&sub($num,$tmp2);
+	&and($num,7);
+	&jz(&label("pw_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl<0 Tail Round $i");
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &dec($num) if ($i != 6);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+
+	&jmp(&label("pw_end"));
+	
+	&set_label("pw_pos",0);
+	
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_pos_finish"));
+
+	&set_label("pw_pos_loop",0);
+
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl>0 Round $i");
+
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_nc".$i));
+	}
+	    
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_pos_loop"));
+	    
+	&set_label("pw_pos_finish",0);
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl>0 Tail Round $i");
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_tail_nc".$i));
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+	&mov($c,1);
+	&jmp(&label("pw_end"));
+
+	&set_label("pw_nc_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_nc".$i,0);
+	}
+	    
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_nc_loop"));
+	    
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_nc_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_tail_nc".$i,0);
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_nc_end")) if ($i != 6);
+	}
+
+	&set_label("pw_nc_end",0);
+	&mov($c,0);
+
+	&set_label("pw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 0000000..b97b394
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,575 @@
+/*
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ *    versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ *    proof-of-concept hack. As you can see it's implemented with
+ *    inline assembler, which means that you're bound to GCC and that
+ *    there must be a room for fine-tuning.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI I'm not familiar with. Which is why
+ *    I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation.
+ *
+ * Q. How much faster does it get?
+ * A. Unfortunately people sitting on x86_64 hardware are prohibited
+ *    to disclose the performance numbers, so they (SuSE labs to be
+ *    specific) wouldn't tell me. However! Very similar coding technique
+ *    (reaching out for 128-bit result from 64x64-bit multiplication)
+ *    results in >3 times performance improvement on MIPS and I see no
+ *    reason why gain on x86_64 would be so much different:-)
+ */
+
+#define BN_ULONG unsigned long
+
+/*
+ * "m"(a), "+m"(r)	is the way to favor DirectPath µ-code;
+ * "g"(0)		let the compiler to decide where does it
+ *			want to keep the value of zero;
+ */
+#define mul_add(r,a,word,carry) do {	\
+	register BN_ULONG high,low;	\
+	asm ("mulq %3"			\
+		: "=a"(low),"=d"(high)	\
+		: "a"(word),"m"(a)	\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(carry),"+d"(high)\
+		: "a"(low),"g"(0)	\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+m"(r),"+d"(high)	\
+		: "r"(carry),"g"(0)	\
+		: "cc");		\
+	carry=high;			\
+	} while (0)
+
+#define mul(r,a,word,carry) do {	\
+	register BN_ULONG high,low;	\
+	asm ("mulq %3"			\
+		: "=a"(low),"=d"(high)	\
+		: "a"(word),"g"(a)	\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(carry),"+d"(high)\
+		: "a"(low),"g"(0)	\
+		: "cc");		\
+	(r)=carry, carry=high;		\
+	} while (0)
+
+#define sqr(r0,r1,a)			\
+	asm ("mulq %2"			\
+		: "=a"(r0),"=d"(r1)	\
+		: "a"(a)		\
+		: "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c1=0;
+
+	if (num <= 0) return(c1);
+
+	while (num&~3)
+		{
+		mul_add(rp[0],ap[0],w,c1);
+		mul_add(rp[1],ap[1],w,c1);
+		mul_add(rp[2],ap[2],w,c1);
+		mul_add(rp[3],ap[3],w,c1);
+		ap+=4; rp+=4; num-=4;
+		}
+	if (num)
+		{
+		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+		mul_add(rp[2],ap[2],w,c1); return c1;
+		}
+	
+	return(c1);
+	} 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c1=0;
+
+	if (num <= 0) return(c1);
+
+	while (num&~3)
+		{
+		mul(rp[0],ap[0],w,c1);
+		mul(rp[1],ap[1],w,c1);
+		mul(rp[2],ap[2],w,c1);
+		mul(rp[3],ap[3],w,c1);
+		ap+=4; rp+=4; num-=4;
+		}
+	if (num)
+		{
+		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+		mul(rp[2],ap[2],w,c1);
+		}
+	return(c1);
+	} 
+
+void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+        {
+	if (n <= 0) return;
+
+	while (n&~3)
+		{
+		sqr(r[0],r[1],a[0]);
+		sqr(r[2],r[3],a[1]);
+		sqr(r[4],r[5],a[2]);
+		sqr(r[6],r[7],a[3]);
+		a+=4; r+=8; n-=4;
+		}
+	if (n)
+		{
+		sqr(r[0],r[1],a[0]); if (--n == 0) return;
+		sqr(r[2],r[3],a[1]); if (--n == 0) return;
+		sqr(r[4],r[5],a[2]);
+		}
+	}
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{	BN_ULONG ret,waste;
+
+	asm ("divq	%3"
+		: "=a"(ret),"=d"(waste)
+		: "a"(l),"d"(h),"g"(d)
+		: "cc");
+
+	return ret;
+}
+
+BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+{ BN_ULONG ret,i;
+
+	if (n <= 0) return 0;
+
+	asm (
+	"	subq	%2,%2		\n"
+	".align 16			\n"
+	"1:	movq	(%4,%2,8),%0	\n"
+	"	adcq	(%5,%2,8),%0	\n"
+	"	movq	%0,(%3,%2,8)	\n"
+	"	leaq	1(%2),%2	\n"
+	"	loop	1b		\n"
+	"	sbbq	%0,%0		\n"
+		: "+a"(ret),"+c"(n),"+r"(i)
+		: "r"(rp),"r"(ap),"r"(bp)
+		: "cc"
+	);
+
+  return ret&1;
+}
+
+#ifndef SIMICS
+BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+{ BN_ULONG ret,i;
+
+	if (n <= 0) return 0;
+
+	asm (
+	"	subq	%2,%2		\n"
+	".align 16			\n"
+	"1:	movq	(%4,%2,8),%0	\n"
+	"	sbbq	(%5,%2,8),%0	\n"
+	"	movq	%0,(%3,%2,8)	\n"
+	"	leaq	1(%2),%2	\n"
+	"	loop	1b		\n"
+	"	sbbq	%0,%0		\n"
+		: "+a"(ret),"+c"(n),"+r"(i)
+		: "r"(rp),"r"(ap),"r"(bp)
+		: "cc"
+	);
+
+  return ret&1;
+}
+#else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+	BN_ULONG t1,t2;
+	int c=0;
+
+	if (n <= 0) return((BN_ULONG)0);
+
+	for (;;)
+		{
+		t1=a[0]; t2=b[0];
+		r[0]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[1]; t2=b[1];
+		r[1]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[2]; t2=b[2];
+		r[2]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[3]; t2=b[3];
+		r[3]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return(c);
+	}
+#endif
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
+#if 0
+/* original macros are kept for reference purposes */
+#define mul_add_c(a,b,c0,c1,c2) {	\
+	BN_ULONG ta=(a),tb=(b);		\
+	t1 = ta * tb;			\
+	t2 = BN_UMULT_HIGH(ta,tb);	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define mul_add_c2(a,b,c0,c1,c2) {	\
+	BN_ULONG ta=(a),tb=(b),t0;	\
+	t1 = BN_UMULT_HIGH(ta,tb);	\
+	t0 = ta * tb;			\
+	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
+	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+#else
+#define mul_add_c(a,b,c0,c1,c2)	do {	\
+	asm ("mulq %3"			\
+		: "=a"(t1),"=d"(t2)	\
+		: "a"(a),"m"(b)		\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(c0),"+d"(t2)	\
+		: "a"(t1),"g"(0)	\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(c1),"+r"(c2)	\
+		: "d"(t2),"g"(0)	\
+		: "cc");		\
+	} while (0)
+
+#define sqr_add_c(a,i,c0,c1,c2)	do {	\
+	asm ("mulq %2"			\
+		: "=a"(t1),"=d"(t2)	\
+		: "a"(a[i])		\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(c0),"+d"(t2)	\
+		: "a"(t1),"g"(0)	\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(c1),"+r"(c2)	\
+		: "d"(t2),"g"(0)	\
+		: "cc");		\
+	} while (0)
+
+#define mul_add_c2(a,b,c0,c1,c2) do {	\
+	asm ("mulq %3"			\
+		: "=a"(t1),"=d"(t2)	\
+		: "a"(a),"m"(b)		\
+		: "cc");		\
+	asm ("addq %0,%0; adcq %2,%1"	\
+		: "+d"(t2),"+r"(c2)	\
+		: "g"(0)		\
+		: "cc");		\
+	asm ("addq %0,%0; adcq %2,%1"	\
+		: "+a"(t1),"+d"(t2)	\
+		: "g"(0)		\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(c0),"+d"(t2)	\
+		: "a"(t1),"g"(0)	\
+		: "cc");		\
+	asm ("addq %2,%0; adcq %3,%1"	\
+		: "+r"(c1),"+r"(c2)	\
+		: "d"(t2),"g"(0)	\
+		: "cc");		\
+	} while (0)
+#endif
+
+#define sqr_add_c2(a,i,j,c0,c1,c2)	\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+	BN_ULONG bl,bh;
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[4],b[0],c2,c3,c1);
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	mul_add_c(a[0],b[4],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[0],b[5],c3,c1,c2);
+	mul_add_c(a[1],b[4],c3,c1,c2);
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	mul_add_c(a[4],b[1],c3,c1,c2);
+	mul_add_c(a[5],b[0],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[6],b[0],c1,c2,c3);
+	mul_add_c(a[5],b[1],c1,c2,c3);
+	mul_add_c(a[4],b[2],c1,c2,c3);
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	mul_add_c(a[2],b[4],c1,c2,c3);
+	mul_add_c(a[1],b[5],c1,c2,c3);
+	mul_add_c(a[0],b[6],c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	mul_add_c(a[0],b[7],c2,c3,c1);
+	mul_add_c(a[1],b[6],c2,c3,c1);
+	mul_add_c(a[2],b[5],c2,c3,c1);
+	mul_add_c(a[3],b[4],c2,c3,c1);
+	mul_add_c(a[4],b[3],c2,c3,c1);
+	mul_add_c(a[5],b[2],c2,c3,c1);
+	mul_add_c(a[6],b[1],c2,c3,c1);
+	mul_add_c(a[7],b[0],c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	mul_add_c(a[7],b[1],c3,c1,c2);
+	mul_add_c(a[6],b[2],c3,c1,c2);
+	mul_add_c(a[5],b[3],c3,c1,c2);
+	mul_add_c(a[4],b[4],c3,c1,c2);
+	mul_add_c(a[3],b[5],c3,c1,c2);
+	mul_add_c(a[2],b[6],c3,c1,c2);
+	mul_add_c(a[1],b[7],c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	mul_add_c(a[2],b[7],c1,c2,c3);
+	mul_add_c(a[3],b[6],c1,c2,c3);
+	mul_add_c(a[4],b[5],c1,c2,c3);
+	mul_add_c(a[5],b[4],c1,c2,c3);
+	mul_add_c(a[6],b[3],c1,c2,c3);
+	mul_add_c(a[7],b[2],c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	mul_add_c(a[7],b[3],c2,c3,c1);
+	mul_add_c(a[6],b[4],c2,c3,c1);
+	mul_add_c(a[5],b[5],c2,c3,c1);
+	mul_add_c(a[4],b[6],c2,c3,c1);
+	mul_add_c(a[3],b[7],c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	mul_add_c(a[4],b[7],c3,c1,c2);
+	mul_add_c(a[5],b[6],c3,c1,c2);
+	mul_add_c(a[6],b[5],c3,c1,c2);
+	mul_add_c(a[7],b[4],c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	mul_add_c(a[7],b[5],c1,c2,c3);
+	mul_add_c(a[6],b[6],c1,c2,c3);
+	mul_add_c(a[5],b[7],c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	mul_add_c(a[6],b[7],c2,c3,c1);
+	mul_add_c(a[7],b[6],c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	mul_add_c(a[7],b[7],c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+	BN_ULONG bl,bh;
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+	{
+	BN_ULONG bl,bh;
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	sqr_add_c2(a,4,0,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,5,0,c3,c1,c2);
+	sqr_add_c2(a,4,1,c3,c1,c2);
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	sqr_add_c2(a,4,2,c1,c2,c3);
+	sqr_add_c2(a,5,1,c1,c2,c3);
+	sqr_add_c2(a,6,0,c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	sqr_add_c2(a,7,0,c2,c3,c1);
+	sqr_add_c2(a,6,1,c2,c3,c1);
+	sqr_add_c2(a,5,2,c2,c3,c1);
+	sqr_add_c2(a,4,3,c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	sqr_add_c(a,4,c3,c1,c2);
+	sqr_add_c2(a,5,3,c3,c1,c2);
+	sqr_add_c2(a,6,2,c3,c1,c2);
+	sqr_add_c2(a,7,1,c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	sqr_add_c2(a,7,2,c1,c2,c3);
+	sqr_add_c2(a,6,3,c1,c2,c3);
+	sqr_add_c2(a,5,4,c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	sqr_add_c(a,5,c2,c3,c1);
+	sqr_add_c2(a,6,4,c2,c3,c1);
+	sqr_add_c2(a,7,3,c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	sqr_add_c2(a,7,4,c3,c1,c2);
+	sqr_add_c2(a,6,5,c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	sqr_add_c(a,6,c1,c2,c3);
+	sqr_add_c2(a,7,5,c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	sqr_add_c2(a,7,6,c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	sqr_add_c(a,7,c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+	{
+	BN_ULONG bl,bh;
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h
index 2ea9cd7..b40682f 100644
--- a/crypto/openssl/crypto/bn/bn.h
+++ b/crypto/openssl/crypto/bn/bn.h
@@ -59,24 +59,22 @@
 #ifndef HEADER_BN_H
 #define HEADER_BN_H
 
-#ifndef NO_FP_API
+#include <openssl/e_os2.h>
+#ifndef OPENSSL_NO_FP_API
 #include <stdio.h> /* FILE */
 #endif
-#include <openssl/opensslconf.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #undef BN_LLONG /* experimental, so far... */
 #endif
 
 #define BN_MUL_COMBA
 #define BN_SQR_COMBA
 #define BN_RECURSION
-#define RECP_MUL_MOD
-#define MONT_MUL_MOD
 
 /* This next option uses the C libraries (2 word)/(1 word) function.
  * If it is not defined, I use my C version (which is slower).
@@ -89,7 +87,8 @@ extern "C" {
  * For machines with only one compiler (or shared libraries), this should
  * be on.  Again this in only really a problem on machines
  * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
 # ifndef BN_DIV2W
 #  define BN_DIV2W
 # endif
@@ -137,14 +136,14 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000LL)
 #define BN_MASK2h1	(0xffffffff80000000LL)
 #define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000LL)
+#define BN_DEC_CONV	(10000000000000000000ULL)
 #define BN_DEC_FMT1	"%llu"
 #define BN_DEC_FMT2	"%019llu"
 #define BN_DEC_NUM	19
 #endif
 
 #ifdef THIRTY_TWO_BIT
-#if defined(WIN32) && !defined(__GNUC__)
+#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
 #define BN_ULLONG	unsigned _int64
 #else
 #define BN_ULLONG	unsigned long long
@@ -155,7 +154,7 @@ extern "C" {
 #define BN_BYTES	4
 #define BN_BITS2	32
 #define BN_BITS4	16
-#ifdef _MSC_VER
+#ifdef OPENSSL_SYS_WIN32
 /* VC++ doesn't like the LL suffix */
 #define BN_MASK		(0xffffffffffffffffL)
 #else
@@ -240,18 +239,8 @@ typedef struct bignum_st
 	int flags;
 	} BIGNUM;
 
-/* Used for temp variables */
-#define BN_CTX_NUM	16
-#define BN_CTX_NUM_POS	12
-typedef struct bignum_ctx
-	{
-	int tos;
-	BIGNUM bn[BN_CTX_NUM];
-	int flags;
-	int depth;
-	int pos[BN_CTX_NUM_POS];
-	int too_many;
-	} BN_CTX;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
 
 typedef struct bn_blinding_st
 	{
@@ -285,9 +274,6 @@ typedef struct bn_recp_ctx_st
 	int flags;
 	} BN_RECP_CTX;
 
-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
-	r,a,&((mont)->RR),(mont),ctx)
-
 #define BN_prime_checks 0 /* default: select number of iterations
 			     based on the size of the number */
 
@@ -310,17 +296,22 @@ typedef struct bn_recp_ctx_st
                                 /* b >= 100 */ 27)
 
 #define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
-#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
-#define BN_is_zero(a)	(((a)->top == 0) || BN_is_word(a,0))
-#define BN_is_one(a)	(BN_is_word((a),1))
-#define BN_is_odd(a)	(((a)->top > 0) && ((a)->d[0] & 1))
+
+/* Note that BN_abs_is_word does not work reliably for w == 0 */
+#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
+#define BN_is_zero(a)       (((a)->top == 0) || BN_abs_is_word(a,0))
+#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
+#define BN_is_word(a,w)     ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \
+                                   BN_is_zero((a)))
+#define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))
+
 #define BN_one(a)	(BN_set_word((a),1))
 #define BN_zero(a)	(BN_set_word((a),0))
 
 /*#define BN_ascii2bn(a)	BN_hex2bn(a) */
 /*#define BN_bn2ascii(a)	BN_bn2hex(a) */
 
-BIGNUM *BN_value_one(void);
+const BIGNUM *BN_value_one(void);
 char *	BN_options(void);
 BN_CTX *BN_CTX_new(void);
 void	BN_CTX_init(BN_CTX *c);
@@ -338,45 +329,63 @@ BIGNUM *BN_new(void);
 void	BN_init(BIGNUM *);
 void	BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void	BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
 int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
+BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
 int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+
 int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-	       BN_CTX *ctx);
-int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
+	BN_CTX *ctx);
+#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
 int	BN_mul_word(BIGNUM *a, BN_ULONG w);
 int	BN_add_word(BIGNUM *a, BN_ULONG w);
 int	BN_sub_word(BIGNUM *a, BN_ULONG w);
 int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(BIGNUM *a);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
 int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
 void	BN_free(BIGNUM *a);
 int	BN_is_bit_set(const BIGNUM *a, int n);
 int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, BIGNUM *a);
-int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
-int	BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		   const BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
+
+int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
-		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
-	BIGNUM *m,BN_CTX *ctx);
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
+	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m,BN_CTX *ctx);
+
 int	BN_mask_bits(BIGNUM *a,int n);
-int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int	BN_print_fp(FILE *fp, const BIGNUM *a);
 #endif
 #ifdef HEADER_BIO_H
@@ -384,9 +393,9 @@ int	BN_print(BIO *fp, const BIGNUM *a);
 #else
 int	BN_print(void *fp, const BIGNUM *a);
 #endif
-int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, BIGNUM *a);
+int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
 void	BN_clear(BIGNUM *a);
 BIGNUM *BN_dup(const BIGNUM *a);
 int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
@@ -396,24 +405,32 @@ char *	BN_bn2hex(const BIGNUM *a);
 char *	BN_bn2dec(const BIGNUM *a);
 int 	BN_hex2bn(BIGNUM **a, const char *str);
 int 	BN_dec2bn(BIGNUM **a, const char *str);
-int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add,
-		BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
+int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
+int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+	const BIGNUM *add, const BIGNUM *rem,
+	void (*callback)(int,int,void *),void *cb_arg);
 int	BN_is_prime(const BIGNUM *p,int nchecks,
-		void (*callback)(int,int,void *),
-		BN_CTX *ctx,void *cb_arg);
+	void (*callback)(int,int,void *),
+	BN_CTX *ctx,void *cb_arg);
 int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
-		void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
-		int do_trial_division);
+	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+	int do_trial_division);
 
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
-			  BN_CTX *ctx);
-int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
+	BN_MONT_CTX *mont, BN_CTX *ctx);
+#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
+	(r),(a),&((mont)->RR),(mont),(ctx))
+int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
+	BN_MONT_CTX *mont, BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
 
 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
@@ -429,12 +446,12 @@ void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
 BN_RECP_CTX *BN_RECP_CTX_new(void);
 void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
 int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
-		BN_RECP_CTX *recp,BN_CTX *ctx);
+int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+	BN_RECP_CTX *recp,BN_CTX *ctx);
 int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
-		BN_RECP_CTX *recp, BN_CTX *ctx);
+	const BIGNUM *m, BN_CTX *ctx);
+int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+	BN_RECP_CTX *recp, BN_CTX *ctx);
 
 /* library internal functions */
 
@@ -442,6 +459,7 @@ int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
 	(a):bn_expand2((a),(bits)/BN_BITS2+1))
 #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words);
 
 #define bn_fix_top(a) \
         { \
@@ -453,15 +471,15 @@ BIGNUM *bn_expand2(BIGNUM *a, int words);
 		} \
 	}
 
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 
 #ifdef BN_DEBUG
-  void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n);
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n);
 # define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
    fprintf(stderr,"\n");}
 # define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
@@ -491,11 +509,14 @@ void ERR_load_BN_strings(void);
 #define BN_F_BN_CTX_NEW					 106
 #define BN_F_BN_DIV					 107
 #define BN_F_BN_EXPAND2					 108
+#define BN_F_BN_EXPAND_INTERNAL				 120
 #define BN_F_BN_MOD_EXP2_MONT				 118
 #define BN_F_BN_MOD_EXP_MONT				 109
 #define BN_F_BN_MOD_EXP_MONT_WORD			 117
 #define BN_F_BN_MOD_INVERSE				 110
+#define BN_F_BN_MOD_LSHIFT_QUICK			 119
 #define BN_F_BN_MOD_MUL_RECIPROCAL			 111
+#define BN_F_BN_MOD_SQRT				 121
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
@@ -510,10 +531,14 @@ void ERR_load_BN_strings(void);
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
+#define BN_R_INPUT_NOT_REDUCED				 110
 #define BN_R_INVALID_LENGTH				 106
 #define BN_R_INVALID_RANGE				 115
+#define BN_R_NOT_A_SQUARE				 111
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
+#define BN_R_P_IS_NOT_PRIME				 112
+#define BN_R_TOO_MANY_ITERATIONS			 113
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
 
 #ifdef  __cplusplus
diff --git a/crypto/openssl/crypto/bn/bn_add.c b/crypto/openssl/crypto/bn/bn_add.c
index 5d24691..6cba07e 100644
--- a/crypto/openssl/crypto/bn/bn_add.c
+++ b/crypto/openssl/crypto/bn/bn_add.c
@@ -64,6 +64,7 @@
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	{
 	const BIGNUM *tmp;
+	int a_neg = a->neg;
 
 	bn_check_top(a);
 	bn_check_top(b);
@@ -73,10 +74,10 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	 * -a +  b	b-a
 	 * -a + -b	-(a+b)
 	 */
-	if (a->neg ^ b->neg)
+	if (a_neg ^ b->neg)
 		{
 		/* only one is negative */
-		if (a->neg)
+		if (a_neg)
 			{ tmp=a; a=b; b=tmp; }
 
 		/* we are now a - b */
@@ -94,12 +95,11 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 		return(1);
 		}
 
-	if (a->neg) /* both are neg */
+	if (!BN_uadd(r,a,b)) return(0);
+	if (a_neg) /* both are neg */
 		r->neg=1;
 	else
 		r->neg=0;
-
-	if (!BN_uadd(r,a,b)) return(0);
 	return(1);
 	}
 
@@ -160,6 +160,7 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 			*(rp++)= *(ap++);
 		}
 	/* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
+	r->neg = 0;
 	return(1);
 	}
 
@@ -251,6 +252,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 #endif
 
 	r->top=max;
+	r->neg=0;
 	bn_fix_top(r);
 	return(1);
 	}
diff --git a/crypto/openssl/crypto/bn/bn_asm.c b/crypto/openssl/crypto/bn/bn_asm.c
index 44e52a4..be8aa3f 100644
--- a/crypto/openssl/crypto/bn/bn_asm.c
+++ b/crypto/openssl/crypto/bn/bn_asm.c
@@ -68,7 +68,7 @@
 
 #if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
 
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c1=0;
 
@@ -93,7 +93,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	return(c1);
 	} 
 
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c1=0;
 
@@ -117,7 +117,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	return(c1);
 	} 
 
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
         {
 	assert(n >= 0);
 	if (n <= 0) return;
@@ -139,7 +139,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
 
 #else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
 
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c=0;
 	BN_ULONG bl,bh;
@@ -166,7 +166,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	return(c);
 	} 
 
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG carry=0;
 	BN_ULONG bl,bh;
@@ -193,7 +193,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	return(carry);
 	} 
 
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
         {
 	assert(n >= 0);
 	if (n <= 0) return;
@@ -296,7 +296,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 #endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
 
 #ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
         {
 	BN_ULLONG ll=0;
 
@@ -332,7 +332,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 	return((BN_ULONG)ll);
 	}
 #else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
         {
 	BN_ULONG c,l,t;
 
@@ -382,7 +382,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 	}
 #endif /* !BN_LLONG */
 
-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
         {
 	BN_ULONG t1,t2;
 	int c=0;
@@ -673,7 +673,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	r[7]=c2;
 	}
 
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
 	{
 #ifdef BN_LLONG
 	BN_ULLONG t,tt;
@@ -754,7 +754,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
 	r[15]=c1;
 	}
 
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
 	{
 #ifdef BN_LLONG
 	BN_ULLONG t,tt;
diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c
index b1a8d75..7daf19e 100644
--- a/crypto/openssl/crypto/bn/bn_ctx.c
+++ b/crypto/openssl/crypto/bn/bn_ctx.c
@@ -61,8 +61,9 @@
 
 #include <stdio.h>
 #include <assert.h>
+
 #include "cryptlib.h"
-#include <openssl/bn.h>
+#include "bn_lcl.h"
 
 
 BN_CTX *BN_CTX_new(void)
@@ -83,6 +84,7 @@ BN_CTX *BN_CTX_new(void)
 
 void BN_CTX_init(BN_CTX *ctx)
 	{
+#if 0 /* explicit version */
 	int i;
 	ctx->tos = 0;
 	ctx->flags = 0;
@@ -90,6 +92,9 @@ void BN_CTX_init(BN_CTX *ctx)
 	ctx->too_many = 0;
 	for (i = 0; i < BN_CTX_NUM; i++)
 		BN_init(&(ctx->bn[i]));
+#else
+	memset(ctx, 0, sizeof *ctx);
+#endif
 	}
 
 void BN_CTX_free(BN_CTX *ctx)
@@ -112,8 +117,14 @@ void BN_CTX_start(BN_CTX *ctx)
 	ctx->depth++;
 	}
 
+
 BIGNUM *BN_CTX_get(BN_CTX *ctx)
 	{
+	/* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically,
+	 * make sure that if BN_CTX_get fails once it will return NULL again
+	 * until BN_CTX_end is called.  (This is so that callers have to check
+	 * only the last return value.)
+	 */
 	if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
 		{
 		if (!ctx->too_many)
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
index 903ab2e..580d120 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -61,6 +61,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+
 /* The old slow way */
 #if 0
 int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
@@ -126,7 +127,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 
 #else
 
-#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+    && !defined(PEDANTIC) && !defined(BN_DIV3W)
 # if defined(__GNUC__) && __GNUC__>=2
 #  if defined(__i386) || defined (__i386__)
    /*
@@ -148,10 +150,32 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 	    q;					\
 	})
 #  define REMAINDER_IS_ALREADY_CALCULATED
+#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+   /*
+    * Same story here, but it's 128-bit by 64-bit division. Wow!
+    *					<appro@fy.chalmers.se>
+    */
+#  define bn_div_words(n0,n1,d0)		\
+	({  asm volatile (			\
+		"divq	%4"			\
+		: "=a"(q), "=d"(rem)		\
+		: "a"(n1), "d"(n0), "g"(d0)	\
+		: "cc");			\
+	    q;					\
+	})
+#  define REMAINDER_IS_ALREADY_CALCULATED
 #  endif /* __<cpu> */
 # endif /* __GNUC__ */
-#endif /* NO_ASM */
+#endif /* OPENSSL_NO_ASM */
+
 
+/* BN_div computes  dv := num / divisor,  rounding towards zero, and sets up
+ * rm  such that  dv*divisor + rm = num  holds.
+ * Thus:
+ *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
+ *     rm->neg == num->neg                 (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
 int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	   BN_CTX *ctx)
 	{
@@ -185,7 +209,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (sdiv==NULL || res == NULL) goto err;
+	if (sdiv == NULL || res == NULL) goto err;
 	tmp->neg=0;
 
 	/* First we normalise the numbers */
@@ -232,12 +256,14 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		}
 	else
 		res->top--;
+	if (res->top == 0)
+		res->neg = 0;
 	resp--;
 
 	for (i=0; i<loop-1; i++)
 		{
 		BN_ULONG q,l0;
-#if defined(BN_DIV3W) && !defined(NO_ASM)
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
 		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
 		q=bn_div_3_words(wnump,d1,d0);
 #else
@@ -256,6 +282,11 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
 #else
 			q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+				n0, n1, d0, q);
+#endif
 #endif
 
 #ifndef REMAINDER_IS_ALREADY_CALCULATED
@@ -280,11 +311,18 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			BN_ULONG t2l,t2h,ql,qh;
 
 			q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+				n0, n1, d0, q);
+#endif
 #ifndef REMAINDER_IS_ALREADY_CALCULATED
 			rem=(n1-q*d0)&BN_MASK2;
 #endif
 
-#ifdef BN_UMULT_HIGH
+#if defined(BN_UMULT_LOHI)
+			BN_UMULT_LOHI(t2l,t2h,d1,q);
+#elif defined(BN_UMULT_HIGH)
 			t2l = d1 * q;
 			t2h = BN_UMULT_HIGH(d1,q);
 #else
@@ -331,8 +369,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		}
 	if (rm != NULL)
 		{
+		/* Keep a copy of the neg flag in num because if rm==num
+		 * BN_rshift() will overwrite it.
+		 */
+		int neg = num->neg;
 		BN_rshift(rm,snum,norm_shift);
-		rm->neg=num->neg;
+		if (!BN_is_zero(rm))
+			rm->neg = neg;
 		}
 	BN_CTX_end(ctx);
 	return(1);
@@ -342,40 +385,3 @@ err:
 	}
 
 #endif
-
-/* rem != m */
-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-	{
-#if 0 /* The old slow way */
-	int i,nm,nd;
-	BIGNUM *dv;
-
-	if (BN_ucmp(m,d) < 0)
-		return((BN_copy(rem,m) == NULL)?0:1);
-
-	BN_CTX_start(ctx);
-	dv=BN_CTX_get(ctx);
-
-	if (!BN_copy(rem,m)) goto err;
-
-	nm=BN_num_bits(rem);
-	nd=BN_num_bits(d);
-	if (!BN_lshift(dv,d,nm-nd)) goto err;
-	for (i=nm-nd; i>=0; i--)
-		{
-		if (BN_cmp(rem,dv) >= 0)
-			{
-			if (!BN_sub(rem,rem,dv)) goto err;
-			}
-		if (!BN_rshift1(dv,dv)) goto err;
-		}
-	BN_CTX_end(ctx);
-	return(1);
- err:
-	BN_CTX_end(ctx);
-	return(0);
-#else
-	return(BN_div(NULL,rem,m,d,ctx));
-#endif
-	}
-
diff --git a/crypto/openssl/crypto/bn/bn_err.c b/crypto/openssl/crypto/bn/bn_err.c
index adc6a21..fb84ee9 100644
--- a/crypto/openssl/crypto/bn/bn_err.c
+++ b/crypto/openssl/crypto/bn/bn_err.c
@@ -63,7 +63,7 @@
 #include <openssl/bn.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA BN_str_functs[]=
 	{
 {ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0),	"BN_BLINDING_convert"},
@@ -76,11 +76,14 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_CTX_NEW,0),	"BN_CTX_new"},
 {ERR_PACK(0,BN_F_BN_DIV,0),	"BN_div"},
 {ERR_PACK(0,BN_F_BN_EXPAND2,0),	"bn_expand2"},
+{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0),	"BN_EXPAND_INTERNAL"},
 {ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0),	"BN_mod_exp2_mont"},
 {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),	"BN_mod_exp_mont"},
 {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0),	"BN_mod_exp_mont_word"},
 {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),	"BN_mod_inverse"},
+{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0),	"BN_mod_lshift_quick"},
 {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),	"BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_MOD_SQRT,0),	"BN_mod_sqrt"},
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
@@ -98,10 +101,14 @@ static ERR_STRING_DATA BN_str_reasons[]=
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
+{BN_R_INPUT_NOT_REDUCED                  ,"input not reduced"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
 {BN_R_INVALID_RANGE                      ,"invalid range"},
+{BN_R_NOT_A_SQUARE                       ,"not a square"},
 {BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
+{BN_R_P_IS_NOT_PRIME                     ,"p is not prime"},
+{BN_R_TOO_MANY_ITERATIONS                ,"too many iterations"},
 {BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},
 {0,NULL}
 	};
@@ -115,7 +122,7 @@ void ERR_load_BN_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_BN,BN_str_functs);
 		ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
index 8117323..afdfd58 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -110,45 +110,13 @@
  */
 
 
-#include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#ifdef ATALLA
-# include <alloca.h>
-# include <atasi.h>
-# include <assert.h>
-# include <dlfcn.h>
-#endif
-
 
 #define TABLE_SIZE	32
 
-/* slow but works */
-int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-	{
-	BIGNUM *t;
-	int r=0;
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(m);
-
-	BN_CTX_start(ctx);
-	if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-	if (a == b)
-		{ if (!BN_sqr(t,a,ctx)) goto err; }
-	else
-		{ if (!BN_mul(t,a,b,ctx)) goto err; }
-	if (!BN_mod(ret,t,m,ctx)) goto err;
-	r=1;
-err:
-	BN_CTX_end(ctx);
-	return(r);
-	}
-
-
 /* this one works - simple but works */
-int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 	{
 	int i,bits,ret=0;
 	BIGNUM *v,*rr;
@@ -183,175 +151,7 @@ err:
 	}
 
 
-#ifdef ATALLA
-
-/*
- * This routine will dynamically check for the existance of an Atalla AXL-200
- * SSL accelerator module.  If one is found, the variable
- * asi_accelerator_present is set to 1 and the function pointers
- * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
- */
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-					    unsigned int *ret_buf);
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-				     unsigned char *output,
-				     unsigned char *input,
-				     unsigned int modulus_len);
-
-static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
-static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
-static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
-static int asi_accelerator_present;
-static int tried_atalla;
-
-void atalla_initialize_accelerator_handle(void)
-	{
-	void *dl_handle;
-	int status;
-	unsigned int config_buf[1024]; 
-	static int tested;
-
-	if(tested)
-		return;
-
-	tested=1;
-
-	bzero((void *)config_buf, 1024);
-
-	/*
-	 * Check to see if the library is present on the system
-	 */
-	dl_handle = dlopen("atasi.so", RTLD_NOW);
-	if (dl_handle == (void *) NULL)
-		{
-/*		printf("atasi.so library is not present on the system\n");
-		printf("No HW acceleration available\n");*/
-		return;
-	        }
-
-	/*
-	 * The library is present.  Now we'll check to insure that the
-	 * LDM is up and running. First we'll get the address of the
-	 * function in the atasi library that we need to see if the
-	 * LDM is operating.
-	 */
-
-	ptr_ASI_GetHardwareConfig =
-	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
-
-	if (ptr_ASI_GetHardwareConfig)
-		{
-		/*
-		 * We found the call, now we'll get our config
-		 * status.  If we get a non 0 result, the LDM is not
-		 * running and we cannot use the Atalla ASI *
-		 * library.
-		 */
-		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
-		if (status != 0)
-			{
-			printf("atasi.so library is present but not initialized\n");
-			printf("No HW acceleration available\n");
-			return;
-			}    
-	        }
-	else
-		{
-/*		printf("We found the library, but not the function. Very Strange!\n");*/
-		return ;
-	      	}
-
-	/* 
-	 * It looks like we have acceleration capabilities.  Load up the
-	 * pointers to our ASI API calls.
-	 */
-	ptr_ASI_RSAPrivateKeyOpFn=
-	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
-	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
-		{
-/*		printf("We found the library, but no RSA function. Very Strange!\n");*/
-		return;
-	        }
-
-	ptr_ASI_GetPerformanceStatistics =
-	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
-	if (ptr_ASI_GetPerformanceStatistics == NULL)
-		{
-/*		printf("We found the library, but no stat function. Very Strange!\n");*/
-		return;
-	      }
-
-	/*
-	 * Indicate that acceleration is available
-	 */
-	asi_accelerator_present = 1;
-
-/*	printf("This system has acceleration!\n");*/
-
-	return;
-	}
-
-/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
-int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
-	{
-	unsigned char *abin;
-	unsigned char *pbin;
-	unsigned char *mbin;
-	unsigned char *rbin;
-	int an,pn,mn,ret;
-	RSAPrivateKey keydata;
-
-	atalla_initialize_accelerator_handle();
-	if(!asi_accelerator_present)
-		return 0;
-
-
-/* We should be able to run without size testing */
-# define ASIZE	128
-	an=BN_num_bytes(a);
-	pn=BN_num_bytes(p);
-	mn=BN_num_bytes(m);
-
-	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
-	    {
-	    int size=mn;
-
-	    assert(an <= mn);
-	    abin=alloca(size);
-	    memset(abin,'\0',mn);
-	    BN_bn2bin(a,abin+size-an);
-
-	    pbin=alloca(pn);
-	    BN_bn2bin(p,pbin);
-
-	    mbin=alloca(size);
-	    memset(mbin,'\0',mn);
-	    BN_bn2bin(m,mbin+size-mn);
-
-	    rbin=alloca(size);
-
-	    memset(&keydata,'\0',sizeof keydata);
-	    keydata.privateExponent.data=pbin;
-	    keydata.privateExponent.len=pn;
-	    keydata.modulus.data=mbin;
-	    keydata.modulus.len=size;
-
-	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
-/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
-	    if(!ret)
-	        {
-		BN_bin2bn(rbin,keydata.modulus.len,r);
-/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
-		return 1;
-	        }
-	    }
-	return 0;
-        }
-#endif /* def ATALLA */
-
-
-int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
 	int ret;
@@ -360,12 +160,39 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);
 
-#ifdef ATALLA
-	if(BN_mod_exp_atalla(r,a,p,m))
-	    return 1;
-/* If it fails, try the other methods (but don't try atalla again) */
-	tried_atalla=1;
-#endif
+	/* For even modulus  m = 2^k*m_odd,  it might make sense to compute
+	 * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+	 * exponentiation for the odd part), using appropriate exponent
+	 * reductions, and combine the results using the CRT.
+	 *
+	 * For now, we use Montgomery only if the modulus is odd; otherwise,
+	 * exponentiation using the reciprocal-based quick remaindering
+	 * algorithm is used.
+	 *
+	 * (Timing obtained with expspeed.c [computations  a^p mod m
+	 * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+	 * 4096, 8192 bits], compared to the running time of the
+	 * standard algorithm:
+	 *
+	 *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+         *                     55 .. 77 %  [UltraSparc processor, but
+	 *                                  debug-solaris-sparcv8-gcc conf.]
+	 * 
+	 *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+	 *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+	 *
+	 * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+	 * at 2048 and more bits, but at 512 and 1024 bits, it was
+	 * slower even than the standard algorithm!
+	 *
+	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+	 * should be obtained when the new Montgomery reduction code
+	 * has been integrated into OpenSSL.)
+	 */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
 
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
@@ -376,12 +203,14 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 
 	if (BN_is_odd(m))
 		{
-		if (a->top == 1)
+#  ifdef MONT_EXP_WORD
+		if (a->top == 1 && !a->neg)
 			{
 			BN_ULONG A = a->d[0];
 			ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
 			}
 		else
+#  endif
 			ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
 		}
 	else
@@ -392,10 +221,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 
-#ifdef ATALLA
-	tried_atalla=0;
-#endif
-
 	return(ret);
 	}
 
@@ -413,20 +238,35 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
 	if (bits == 0)
 		{
-		BN_one(r);
-		return(1);
+		ret = BN_one(r);
+		return ret;
 		}
 
 	BN_CTX_start(ctx);
 	if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
 
 	BN_RECP_CTX_init(&recp);
-	if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+	if (m->neg)
+		{
+		/* ignore sign of 'm' */
+		if (!BN_copy(aa, m)) goto err;
+		aa->neg = 0;
+		if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
+		}
+	else
+		{
+		if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+		}
 
 	BN_init(&(val[0]));
 	ts=1;
 
-	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (BN_is_zero(&(val[0])))
+		{
+		ret = BN_zero(r);
+		goto err;
+		}
 
 	window = BN_window_bits_for_exponent_size(bits);
 	if (window > 1)
@@ -511,13 +351,13 @@ err:
 	}
 
 
-int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
 	int start=1,ts=0;
 	BIGNUM *d,*r;
-	BIGNUM *aa;
+	const BIGNUM *aa;
 	BIGNUM val[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;
 
@@ -525,12 +365,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);
 
-#ifdef ATALLA
-	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
-	    return 1;
-/* If it fails, try the other methods */
-#endif
-
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -539,9 +373,10 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bits=BN_num_bits(p);
 	if (bits == 0)
 		{
-		BN_one(rr);
-		return(1);
+		ret = BN_one(rr);
+		return ret;
 		}
+
 	BN_CTX_start(ctx);
 	d = BN_CTX_get(ctx);
 	r = BN_CTX_get(ctx);
@@ -560,14 +395,19 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 
 	BN_init(&val[0]);
 	ts=1;
-	if (BN_ucmp(a,m) >= 0)
+	if (a->neg || BN_ucmp(a,m) >= 0)
 		{
-		if (!BN_mod(&(val[0]),a,m,ctx))
+		if (!BN_nnmod(&(val[0]),a,m,ctx))
 			goto err;
 		aa= &(val[0]);
 		}
 	else
 		aa=a;
+	if (BN_is_zero(aa))
+		{
+		ret = BN_zero(rr);
+		goto err;
+		}
 	if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
 
 	window = BN_window_bits_for_exponent_size(bits);
@@ -667,45 +507,45 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
 			(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
 		/* BN_MOD_MUL_WORD is only used with 'w' large,
-		  * so the BN_ucmp test is probably more overhead
-		  * than always using BN_mod (which uses BN_copy if
-		  * a similar test returns true). */
+		 * so the BN_ucmp test is probably more overhead
+		 * than always using BN_mod (which uses BN_copy if
+		 * a similar test returns true). */
+		/* We can use BN_mod and do not need BN_nnmod because our
+		 * accumulator is never negative (the result of BN_mod does
+		 * not depend on the sign of the modulus).
+		 */
 #define BN_TO_MONTGOMERY_WORD(r, w, mont) \
 		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
 
 	bn_check_top(p);
 	bn_check_top(m);
 
-	if (!(m->d[0] & 1))
+	if (m->top == 0 || !(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
 		return(0);
 		}
+	if (m->top == 1)
+		a %= m->d[0]; /* make sure that 'a' is reduced */
+
 	bits = BN_num_bits(p);
 	if (bits == 0)
 		{
-		BN_one(rr);
-		return(1);
+		ret = BN_one(rr);
+		return ret;
+		}
+	if (a == 0)
+		{
+		ret = BN_zero(rr);
+		return ret;
 		}
+
 	BN_CTX_start(ctx);
 	d = BN_CTX_get(ctx);
 	r = BN_CTX_get(ctx);
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;
 
-#ifdef ATALLA
-	if (!tried_atalla)
-		{
-		BN_set_word(t, a);
-		if (BN_mod_exp_atalla(rr, t, p, m))
-			{
-			BN_CTX_end(ctx);
-			return 1;
-			}
-		}
-/* If it fails, try the other methods */
-#endif
-
 	if (in_mont != NULL)
 		mont=in_mont;
 	else
@@ -795,8 +635,9 @@ err:
 
 
 /* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
-	     BN_CTX *ctx)
+int BN_mod_exp_simple(BIGNUM *r,
+	const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+	BN_CTX *ctx)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
 	int start=1;
@@ -807,8 +648,8 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
 
 	if (bits == 0)
 		{
-		BN_one(r);
-		return(1);
+		ret = BN_one(r);
+		return ret;
 		}
 
 	BN_CTX_start(ctx);
@@ -816,7 +657,12 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
 
 	BN_init(&(val[0]));
 	ts=1;
-	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (BN_is_zero(&(val[0])))
+		{
+		ret = BN_zero(r);
+		goto err;
+		}
 
 	window = BN_window_bits_for_exponent_size(bits);
 	if (window > 1)
diff --git a/crypto/openssl/crypto/bn/bn_exp2.c b/crypto/openssl/crypto/bn/bn_exp2.c
index 29029f4..73ccd58 100644
--- a/crypto/openssl/crypto/bn/bn_exp2.c
+++ b/crypto/openssl/crypto/bn/bn_exp2.c
@@ -115,13 +115,14 @@
 
 #define TABLE_SIZE	32
 
-int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
-	     BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+	BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
 	int r_is_one=1,ts1=0,ts2=0;
 	BIGNUM *d,*r;
-	BIGNUM *a_mod_m;
+	const BIGNUM *a_mod_m;
 	BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;
 
@@ -140,9 +141,10 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
 	bits2=BN_num_bits(p2);
 	if ((bits1 == 0) && (bits2 == 0))
 		{
-		BN_one(rr);
-		return(1);
+		ret = BN_one(rr);
+		return ret;
 		}
+	
 	bits=(bits1 > bits2)?bits1:bits2;
 
 	BN_CTX_start(ctx);
@@ -166,7 +168,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
 	 */
 	BN_init(&val1[0]);
 	ts1=1;
-	if (BN_ucmp(a1,m) >= 0)
+	if (a1->neg || BN_ucmp(a1,m) >= 0)
 		{
 		if (!BN_mod(&(val1[0]),a1,m,ctx))
 			goto err;
@@ -174,6 +176,12 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
 		}
 	else
 		a_mod_m = a1;
+	if (BN_is_zero(a_mod_m))
+		{
+		ret = BN_zero(rr);
+		goto err;
+		}
+
 	if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
 	if (window1 > 1)
 		{
@@ -195,7 +203,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
 	 */
 	BN_init(&val2[0]);
 	ts2=1;
-	if (BN_ucmp(a2,m) >= 0)
+	if (a2->neg || BN_ucmp(a2,m) >= 0)
 		{
 		if (!BN_mod(&(val2[0]),a2,m,ctx))
 			goto err;
@@ -203,6 +211,11 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
 		}
 	else
 		a_mod_m = a2;
+	if (BN_is_zero(a_mod_m))
+		{
+		ret = BN_zero(rr);
+		goto err;
+		}
 	if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
 	if (window2 > 1)
 		{
diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c
index e8cc6c5..7649f63 100644
--- a/crypto/openssl/crypto/bn/bn_gcd.c
+++ b/crypto/openssl/crypto/bn/bn_gcd.c
@@ -55,14 +55,66 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
-#include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
 
-int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*t;
 	int ret=0;
@@ -77,6 +129,8 @@ int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
 
 	if (BN_copy(a,in_a) == NULL) goto err;
 	if (BN_copy(b,in_b) == NULL) goto err;
+	a->neg = 0;
+	b->neg = 0;
 
 	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
 	t=euclid(a,b);
@@ -97,10 +151,10 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
 	bn_check_top(a);
 	bn_check_top(b);
 
-	for (;;)
+	/* 0 <= b <= a */
+	while (!BN_is_zero(b))
 		{
-		if (BN_is_zero(b))
-			break;
+		/* 0 < b <= a */
 
 		if (BN_is_odd(a))
 			{
@@ -133,7 +187,9 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
 				shifts++;
 				}
 			}
+		/* 0 <= b <= a */
 		}
+
 	if (shifts)
 		{
 		if (!BN_lshift(a,a,shifts)) goto err;
@@ -143,11 +199,13 @@ err:
 	return(NULL);
 	}
 
+
 /* solves ax == 1 (mod n) */
-BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 	{
-	BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL;
-	BIGNUM *T,*ret=NULL;
+	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+	BIGNUM *ret=NULL;
 	int sign;
 
 	bn_check_top(a);
@@ -160,7 +218,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 	D = BN_CTX_get(ctx);
 	M = BN_CTX_get(ctx);
 	Y = BN_CTX_get(ctx);
-	if (Y == NULL) goto err;
+	T = BN_CTX_get(ctx);
+	if (T == NULL) goto err;
 
 	if (in == NULL)
 		R=BN_new();
@@ -168,34 +227,256 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 		R=in;
 	if (R == NULL) goto err;
 
-	if (!BN_zero(X)) goto err;
-	if (!BN_one(Y)) goto err;
-	if (BN_copy(A,a) == NULL) goto err;
-	if (BN_copy(B,n) == NULL) goto err;
-	sign=1;
+	BN_one(X);
+	BN_zero(Y);
+	if (BN_copy(B,a) == NULL) goto err;
+	if (BN_copy(A,n) == NULL) goto err;
+	A->neg = 0;
+	if (B->neg || (BN_ucmp(B, A) >= 0))
+		{
+		if (!BN_nnmod(B, B, A, ctx)) goto err;
+		}
+	sign = -1;
+	/* From  B = a mod |n|,  A = |n|  it follows that
+	 *
+	 *      0 <= B < A,
+	 *     -sign*X*a  ==  B   (mod |n|),
+	 *      sign*Y*a  ==  A   (mod |n|).
+	 */
 
-	while (!BN_is_zero(B))
+	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
 		{
-		if (!BN_div(D,M,A,B,ctx)) goto err;
-		T=A;
-		A=B;
-		B=M;
-		/* T has a struct, M does not */
-
-		if (!BN_mul(T,D,X,ctx)) goto err;
-		if (!BN_add(T,T,Y)) goto err;
-		M=Y;
-		Y=X;
-		X=T;
-		sign= -sign;
+		/* Binary inversion algorithm; requires odd modulus.
+		 * This is faster than the general algorithm if the modulus
+		 * is sufficiently small (about 400 .. 500 bits on 32-bit
+		 * sytems, but much more on 64-bit systems) */
+		int shift;
+		
+		while (!BN_is_zero(B))
+			{
+			/*
+			 *      0 < B < |n|,
+			 *      0 < A <= |n|,
+			 * (1) -sign*X*a  ==  B   (mod |n|),
+			 * (2)  sign*Y*a  ==  A   (mod |n|)
+			 */
+
+			/* Now divide  B  by the maximum possible power of two in the integers,
+			 * and divide  X  by the same value mod |n|.
+			 * When we're done, (1) still holds. */
+			shift = 0;
+			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
+				{
+				shift++;
+				
+				if (BN_is_odd(X))
+					{
+					if (!BN_uadd(X, X, n)) goto err;
+					}
+				/* now X is even, so we can easily divide it by two */
+				if (!BN_rshift1(X, X)) goto err;
+				}
+			if (shift > 0)
+				{
+				if (!BN_rshift(B, B, shift)) goto err;
+				}
+
+
+			/* Same for  A  and  Y.  Afterwards, (2) still holds. */
+			shift = 0;
+			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
+				{
+				shift++;
+				
+				if (BN_is_odd(Y))
+					{
+					if (!BN_uadd(Y, Y, n)) goto err;
+					}
+				/* now Y is even */
+				if (!BN_rshift1(Y, Y)) goto err;
+				}
+			if (shift > 0)
+				{
+				if (!BN_rshift(A, A, shift)) goto err;
+				}
+
+			
+			/* We still have (1) and (2).
+			 * Both  A  and  B  are odd.
+			 * The following computations ensure that
+			 *
+			 *     0 <= B < |n|,
+			 *      0 < A < |n|,
+			 * (1) -sign*X*a  ==  B   (mod |n|),
+			 * (2)  sign*Y*a  ==  A   (mod |n|),
+			 *
+			 * and that either  A  or  B  is even in the next iteration.
+			 */
+			if (BN_ucmp(B, A) >= 0)
+				{
+				/* -sign*(X + Y)*a == B - A  (mod |n|) */
+				if (!BN_uadd(X, X, Y)) goto err;
+				/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+				 * actually makes the algorithm slower */
+				if (!BN_usub(B, B, A)) goto err;
+				}
+			else
+				{
+				/*  sign*(X + Y)*a == A - B  (mod |n|) */
+				if (!BN_uadd(Y, Y, X)) goto err;
+				/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
+				if (!BN_usub(A, A, B)) goto err;
+				}
+			}
+		}
+	else
+		{
+		/* general inversion algorithm */
+
+		while (!BN_is_zero(B))
+			{
+			BIGNUM *tmp;
+			
+			/*
+			 *      0 < B < A,
+			 * (*) -sign*X*a  ==  B   (mod |n|),
+			 *      sign*Y*a  ==  A   (mod |n|)
+			 */
+			
+			/* (D, M) := (A/B, A%B) ... */
+			if (BN_num_bits(A) == BN_num_bits(B))
+				{
+				if (!BN_one(D)) goto err;
+				if (!BN_sub(M,A,B)) goto err;
+				}
+			else if (BN_num_bits(A) == BN_num_bits(B) + 1)
+				{
+				/* A/B is 1, 2, or 3 */
+				if (!BN_lshift1(T,B)) goto err;
+				if (BN_ucmp(A,T) < 0)
+					{
+					/* A < 2*B, so D=1 */
+					if (!BN_one(D)) goto err;
+					if (!BN_sub(M,A,B)) goto err;
+					}
+				else
+					{
+					/* A >= 2*B, so D=2 or D=3 */
+					if (!BN_sub(M,A,T)) goto err;
+					if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
+					if (BN_ucmp(A,D) < 0)
+						{
+						/* A < 3*B, so D=2 */
+						if (!BN_set_word(D,2)) goto err;
+						/* M (= A - 2*B) already has the correct value */
+						}
+					else
+						{
+						/* only D=3 remains */
+						if (!BN_set_word(D,3)) goto err;
+						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
+						if (!BN_sub(M,M,B)) goto err;
+						}
+					}
+				}
+			else
+				{
+				if (!BN_div(D,M,A,B,ctx)) goto err;
+				}
+			
+			/* Now
+			 *      A = D*B + M;
+			 * thus we have
+			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+			 */
+			
+			tmp=A; /* keep the BIGNUM object, the value does not matter */
+			
+			/* (A, B) := (B, A mod B) ... */
+			A=B;
+			B=M;
+			/* ... so we have  0 <= B < A  again */
+			
+			/* Since the former  M  is now  B  and the former  B  is now  A,
+			 * (**) translates into
+			 *       sign*Y*a  ==  D*A + B    (mod |n|),
+			 * i.e.
+			 *       sign*Y*a - D*A  ==  B    (mod |n|).
+			 * Similarly, (*) translates into
+			 *      -sign*X*a  ==  A          (mod |n|).
+			 *
+			 * Thus,
+			 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+			 * i.e.
+			 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+			 *
+			 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+			 *      -sign*X*a  ==  B   (mod |n|),
+			 *       sign*Y*a  ==  A   (mod |n|).
+			 * Note that  X  and  Y  stay non-negative all the time.
+			 */
+			
+			/* most of the time D is very small, so we can optimize tmp := D*X+Y */
+			if (BN_is_one(D))
+				{
+				if (!BN_add(tmp,X,Y)) goto err;
+				}
+			else
+				{
+				if (BN_is_word(D,2))
+					{
+					if (!BN_lshift1(tmp,X)) goto err;
+					}
+				else if (BN_is_word(D,4))
+					{
+					if (!BN_lshift(tmp,X,2)) goto err;
+					}
+				else if (D->top == 1)
+					{
+					if (!BN_copy(tmp,X)) goto err;
+					if (!BN_mul_word(tmp,D->d[0])) goto err;
+					}
+				else
+					{
+					if (!BN_mul(tmp,D,X,ctx)) goto err;
+					}
+				if (!BN_add(tmp,tmp,Y)) goto err;
+				}
+			
+			M=Y; /* keep the BIGNUM object, the value does not matter */
+			Y=X;
+			X=tmp;
+			sign = -sign;
+			}
 		}
+		
+	/*
+	 * The while loop (Euclid's algorithm) ends when
+	 *      A == gcd(a,n);
+	 * we have
+	 *       sign*Y*a  ==  A  (mod |n|),
+	 * where  Y  is non-negative.
+	 */
+
 	if (sign < 0)
 		{
 		if (!BN_sub(Y,n,Y)) goto err;
 		}
+	/* Now  Y*a  ==  A  (mod |n|).  */
+	
 
 	if (BN_is_one(A))
-		{ if (!BN_mod(R,Y,n,ctx)) goto err; }
+		{
+		/* Y*a == 1  (mod |n|) */
+		if (!Y->neg && BN_ucmp(Y,n) < 0)
+			{
+			if (!BN_copy(R,Y)) goto err;
+			}
+		else
+			{
+			if (!BN_nnmod(R,Y,n,ctx)) goto err;
+			}
+		}
 	else
 		{
 		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
@@ -207,4 +488,3 @@ err:
 	BN_CTX_end(ctx);
 	return(ret);
 	}
-
diff --git a/crypto/openssl/crypto/bn/bn_kron.c b/crypto/openssl/crypto/bn/bn_kron.c
new file mode 100644
index 0000000..49f7559
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_kron.c
@@ -0,0 +1,182 @@
+/* crypto/bn/bn_kron.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "bn_lcl.h"
+
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	int i;
+	int ret = -2; /* avoid 'uninitialized' warning */
+	int err = 0;
+	BIGNUM *A, *B, *tmp;
+	/* In 'tab', only odd-indexed entries are relevant:
+	 * For any odd BIGNUM n,
+	 *     tab[BN_lsw(n) & 7]
+	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+	 * Note that the sign of n does not matter.
+	 */
+	static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
+
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
+	B = BN_CTX_get(ctx);
+	if (B == NULL) goto end;
+	
+	err = !BN_copy(A, a);
+	if (err) goto end;
+	err = !BN_copy(B, b);
+	if (err) goto end;
+
+	/*
+	 * Kronecker symbol, imlemented according to Henri Cohen,
+	 * "A Course in Computational Algebraic Number Theory"
+	 * (algorithm 1.4.10).
+	 */
+
+	/* Cohen's step 1: */
+
+	if (BN_is_zero(B))
+		{
+		ret = BN_abs_is_word(A, 1);
+		goto end;
+ 		}
+	
+	/* Cohen's step 2: */
+
+	if (!BN_is_odd(A) && !BN_is_odd(B))
+		{
+		ret = 0;
+		goto end;
+		}
+
+	/* now  B  is non-zero */
+	i = 0;
+	while (!BN_is_bit_set(B, i))
+		i++;
+	err = !BN_rshift(B, B, i);
+	if (err) goto end;
+	if (i & 1)
+		{
+		/* i is odd */
+		/* (thus  B  was even, thus  A  must be odd!)  */
+
+		/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+		ret = tab[BN_lsw(A) & 7];
+		}
+	else
+		{
+		/* i is even */
+		ret = 1;
+		}
+	
+	if (B->neg)
+		{
+		B->neg = 0;
+		if (A->neg)
+			ret = -ret;
+		}
+
+	/* now  B  is positive and odd, so what remains to be done is
+	 * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */
+
+	while (1)
+		{
+		/* Cohen's step 3: */
+
+		/*  B  is positive and odd */
+
+		if (BN_is_zero(A))
+			{
+			ret = BN_is_one(B) ? ret : 0;
+			goto end;
+			}
+
+		/* now  A  is non-zero */
+		i = 0;
+		while (!BN_is_bit_set(A, i))
+			i++;
+		err = !BN_rshift(A, A, i);
+		if (err) goto end;
+		if (i & 1)
+			{
+			/* i is odd */
+			/* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+			ret = ret * tab[BN_lsw(B) & 7];
+			}
+	
+		/* Cohen's step 4: */
+		/* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+		if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+			ret = -ret;
+		
+		/* (A, B) := (B mod |A|, |A|) */
+		err = !BN_nnmod(B, B, A, ctx);
+		if (err) goto end;
+		tmp = A; A = B; B = tmp;
+		tmp->neg = 0;
+		}
+	
+ end:
+	BN_CTX_end(ctx);
+	if (err)
+		return -2;
+	else
+		return ret;
+	}
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h
index 9c95992..bf7c124 100644
--- a/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/crypto/openssl/crypto/bn/bn_lcl.h
@@ -119,6 +119,20 @@ extern "C" {
 #endif
 
 
+/* Used for temp variables */
+#define BN_CTX_NUM	32
+#define BN_CTX_NUM_POS	12
+struct bignum_ctx
+	{
+	int tos;
+	BIGNUM bn[BN_CTX_NUM];
+	int flags;
+	int depth;
+	int pos[BN_CTX_NUM_POS];
+	int too_many;
+	} /* BN_CTX */;
+
+
 /*
  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
  *
@@ -171,7 +185,7 @@ extern "C" {
 #define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
 #define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
 
-#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC)
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
 /*
  * BN_UMULT_HIGH section.
  *
@@ -216,8 +230,23 @@ extern "C" {
 	     : "r"(a), "r"(b));		\
 	ret;			})
 #  endif	/* compiler */
+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+#  if defined(__GNUC__)
+#   define BN_UMULT_HIGH(a,b)	({	\
+	register BN_ULONG ret,discard;	\
+	asm ("mulq	%3"		\
+	     : "=a"(discard),"=d"(ret)	\
+	     : "a"(a), "g"(b)		\
+	     : "cc");			\
+	ret;			})
+#   define BN_UMULT_LOHI(low,high,a,b)	\
+	asm ("mulq	%3"		\
+		: "=a"(low),"=d"(high)	\
+		: "a"(a),"g"(b)		\
+		: "cc");
+#  endif
 # endif		/* cpu */
-#endif		/* NO_ASM */
+#endif		/* OPENSSL_NO_ASM */
 
 /*************************************************************
  * Using the long long type
@@ -323,7 +352,7 @@ extern "C" {
 
 #define LBITS(a)	((a)&BN_MASK2l)
 #define HBITS(a)	(((a)>>BN_BITS4)&BN_MASK2l)
-#define	L2HBITS(a)	((BN_ULONG)((a)&BN_MASK2l)<<BN_BITS4)
+#define	L2HBITS(a)	(((a)<<BN_BITS4)&BN_MASK2)
 
 #define LLBITS(a)	((a)&BN_MASKl)
 #define LHBITS(a)	(((a)>>BN_BITS2)&BN_MASKl)
@@ -339,7 +368,7 @@ extern "C" {
 	lt=(bl)*(lt); \
 	m1=(bl)*(ht); \
 	ht =(bh)*(ht); \
-	m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS(1L); \
+	m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
 	ht+=HBITS(m); \
 	m1=L2HBITS(m); \
 	lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
@@ -398,19 +427,29 @@ extern "C" {
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a);
-int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl);
+#if 0
+/* bn_mul.c rollback <appro> */
+void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+	int dna,int dnb,BN_ULONG *t);
 void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
-	int tn, int n,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t);
+	int n,int tna,int tnb,BN_ULONG *t);
+#endif
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
 void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
 void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
 	BN_ULONG *t);
 void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
 	BN_ULONG *t);
+BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index 7767d65..fa0ff48 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -128,7 +128,7 @@ int BN_get_params(int which)
 	else return(0);
 	}
 
-BIGNUM *BN_value_one(void)
+const BIGNUM *BN_value_one(void)
 	{
 	static BN_ULONG data_one=1L;
 	static BIGNUM const_one={&data_one,1,1,0};
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	memset(a,0,sizeof(BIGNUM));
+	OPENSSL_cleanse(a,sizeof(BIGNUM));
 	if (i)
 		OPENSSL_free(a);
 	}
@@ -305,172 +305,174 @@ BIGNUM *BN_new(void)
 	return(ret);
 	}
 
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number number.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 	{
-	BN_ULONG *A,*a;
+	BN_ULONG *A,*a = NULL;
 	const BN_ULONG *B;
 	int i;
 
-	bn_check_top(b);
+	if (words > (INT_MAX/(4*BN_BITS2)))
+		{
+		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+		return NULL;
+		}
 
-	if (words > b->dmax)
+	bn_check_top(b);	
+	if (BN_get_flags(b,BN_FLG_STATIC_DATA))
 		{
-		if (words > (INT_MAX/(4*BN_BITS2)))
-			{
-			BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
-			return NULL;
-			}
-			
-		bn_check_top(b);	
-		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+		return(NULL);
+		}
+	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
+	if (A == NULL)
+		{
+		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+#if 1
+	B=b->d;
+	/* Check if the previous number needs to be copied */
+	if (B != NULL)
+		{
+		for (i=b->top>>2; i>0; i--,A+=4,B+=4)
 			{
-			BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-			return(NULL);
+			/*
+			 * The fact that the loop is unrolled
+			 * 4-wise is a tribute to Intel. It's
+			 * the one that doesn't have enough
+			 * registers to accomodate more data.
+			 * I'd unroll it 8-wise otherwise:-)
+			 *
+			 *		<appro@fy.chalmers.se>
+			 */
+			BN_ULONG a0,a1,a2,a3;
+			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
 			}
-		a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
-		if (A == NULL)
+		switch (b->top&3)
 			{
-			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
-			return(NULL);
+		case 3:	A[2]=B[2];
+		case 2:	A[1]=B[1];
+		case 1:	A[0]=B[0];
+		case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
+		         * the switch table by doing a=top&3; a--; goto jump_table[a];
+		         * which fails for top== 0 */
+			;
 			}
-#if 1
-		B=b->d;
-		/* Check if the previous number needs to be copied */
-		if (B != NULL)
-			{
-#if 0
-			/* This lot is an unrolled loop to copy b->top 
-			 * BN_ULONGs from B to A
-			 */
-/*
- * I have nothing against unrolling but it's usually done for
- * several reasons, namely:
- * - minimize percentage of decision making code, i.e. branches;
- * - avoid cache trashing;
- * - make it possible to schedule loads earlier;
- * Now let's examine the code below. The cornerstone of C is
- * "programmer is always right" and that's what we love it for:-)
- * For this very reason C compilers have to be paranoid when it
- * comes to data aliasing and assume the worst. Yeah, but what
- * does it mean in real life? This means that loop body below will
- * be compiled to sequence of loads immediately followed by stores
- * as compiler assumes the worst, something in A==B+1 style. As a
- * result CPU pipeline is going to starve for incoming data. Secondly
- * if A and B happen to share same cache line such code is going to
- * cause severe cache trashing. Both factors have severe impact on
- * performance of modern CPUs and this is the reason why this
- * particular piece of code is #ifdefed away and replaced by more
- * "friendly" version found in #else section below. This comment
- * also applies to BN_copy function.
- *
- *					<appro@fy.chalmers.se>
- */
-			for (i=b->top&(~7); i>0; i-=8)
-				{
-				A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
-				A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
-				A+=8;
-				B+=8;
-				}
-			switch (b->top&7)
-				{
-			case 7:
-				A[6]=B[6];
-			case 6:
-				A[5]=B[5];
-			case 5:
-				A[4]=B[4];
-			case 4:
-				A[3]=B[3];
-			case 3:
-				A[2]=B[2];
-			case 2:
-				A[1]=B[1];
-			case 1:
-				A[0]=B[0];
-			case 0:
-				/* I need the 'case 0' entry for utrix cc.
-				 * If the optimizer is turned on, it does the
-				 * switch table by doing
-				 * a=top&7
-				 * a--;
-				 * goto jump_table[a];
-				 * If top is 0, this makes us jump to 0xffffffc 
-				 * which is rather bad :-(.
-				 * eric 23-Apr-1998
-				 */
-				;
-				}
+		}
+
+	/* Now need to zero any data between b->top and b->max */
+	/* XXX Why? */
+
+	A= &(a[b->top]);
+	for (i=(words - b->top)>>3; i>0; i--,A+=8)
+		{
+		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+		}
+	for (i=(words - b->top)&7; i>0; i--,A++)
+		A[0]=0;
 #else
-			for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+	memset(A,0,sizeof(BN_ULONG)*(words+1));
+	memcpy(A,b->d,sizeof(b->d[0])*b->top);
+#endif
+		
+	return(a);
+	}
+
+/* This is an internal function that can be used instead of bn_expand2()
+ * when there is a need to copy BIGNUMs instead of only expanding the
+ * data part, while still expanding them.
+ * Especially useful when needing to expand BIGNUMs that are declared
+ * 'const' and should therefore not be changed.
+ * The reason to use this instead of a BN_dup() followed by a bn_expand2()
+ * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
+ * will allocate new memory for the BIGNUM data twice, and free it once,
+ * while bn_dup_expand() makes sure allocation is made only once.
+ */
+
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
+	{
+	BIGNUM *r = NULL;
+
+	/* This function does not work if
+	 *      words <= b->dmax && top < words
+	 * because BN_dup() does not preserve 'dmax'!
+	 * (But bn_dup_expand() is not used anywhere yet.)
+	 */
+	
+	if (words > b->dmax)
+		{
+		BN_ULONG *a = bn_expand_internal(b, words);
+
+		if (a)
+			{
+			r = BN_new();
+			if (r)
 				{
-				/*
-				 * The fact that the loop is unrolled
-				 * 4-wise is a tribute to Intel. It's
-				 * the one that doesn't have enough
-				 * registers to accomodate more data.
-				 * I'd unroll it 8-wise otherwise:-)
-				 *
-				 *		<appro@fy.chalmers.se>
-				 */
-				BN_ULONG a0,a1,a2,a3;
-				a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-				A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+				r->top = b->top;
+				r->dmax = words;
+				r->neg = b->neg;
+				r->d = a;
 				}
-			switch (b->top&3)
+			else
 				{
-				case 3:	A[2]=B[2];
-				case 2:	A[1]=B[1];
-				case 1:	A[0]=B[0];
-				case 0:	; /* ultrix cc workaround, see above */
+				/* r == NULL, BN_new failure */
+				OPENSSL_free(a);
 				}
-#endif
-			OPENSSL_free(b->d);
 			}
+		/* If a == NULL, there was an error in allocation in
+		   bn_expand_internal(), and NULL should be returned */
+		}
+	else
+		{
+		r = BN_dup(b);
+		}
 
-		b->d=a;
-		b->dmax=words;
+	return r;
+	}
 
-		/* Now need to zero any data between b->top and b->max */
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number number.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
 
-		A= &(b->d[b->top]);
-		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+	{
+	if (words > b->dmax)
+		{
+		BN_ULONG *a = bn_expand_internal(b, words);
+
+		if (a)
 			{
-			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-			}
-		for (i=(b->dmax - b->top)&7; i>0; i--,A++)
-			A[0]=0;
-#else
-			memset(A,0,sizeof(BN_ULONG)*(words+1));
-			memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			if (b->d)
+				OPENSSL_free(b->d);
 			b->d=a;
-			b->max=words;
-#endif
-		
-/*		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
-/*	{ int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
-
+			b->dmax=words;
+			}
+		else
+			b = NULL;
 		}
-	return(b);
+	return b;
 	}
 
 BIGNUM *BN_dup(const BIGNUM *a)
 	{
-	BIGNUM *r;
+	BIGNUM *r, *t;
 
 	if (a == NULL) return NULL;
 
 	bn_check_top(a);
 
-	r=BN_new();
-	if (r == NULL) return(NULL);
-	return((BIGNUM *)BN_copy(r,a));
+	t = BN_new();
+	if (t == NULL) return(NULL);
+	r = BN_copy(t, a);
+	/* now  r == t || r == NULL */
+	if (r == NULL)
+		BN_free(t);
+	return r;
 	}
 
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
@@ -498,7 +500,7 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 		case 3: A[2]=B[2];
 		case 2: A[1]=B[1];
 		case 1: A[0]=B[0];
-		case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
+		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
 		}
 #else
 	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
@@ -512,6 +514,35 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 	return(a);
 	}
 
+void BN_swap(BIGNUM *a, BIGNUM *b)
+	{
+	int flags_old_a, flags_old_b;
+	BN_ULONG *tmp_d;
+	int tmp_top, tmp_dmax, tmp_neg;
+	
+	flags_old_a = a->flags;
+	flags_old_b = b->flags;
+
+	tmp_d = a->d;
+	tmp_top = a->top;
+	tmp_dmax = a->dmax;
+	tmp_neg = a->neg;
+	
+	a->d = b->d;
+	a->top = b->top;
+	a->dmax = b->dmax;
+	a->neg = b->neg;
+	
+	b->d = tmp_d;
+	b->top = tmp_top;
+	b->dmax = tmp_dmax;
+	b->neg = tmp_neg;
+	
+	a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+	b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+	}
+
+
 void BN_clear(BIGNUM *a)
 	{
 	if (a->d != NULL)
@@ -520,7 +551,7 @@ void BN_clear(BIGNUM *a)
 	a->neg=0;
 	}
 
-BN_ULONG BN_get_word(BIGNUM *a)
+BN_ULONG BN_get_word(const BIGNUM *a)
 	{
 	int i,n;
 	BN_ULONG ret=0;
@@ -568,7 +599,6 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
 	return(1);
 	}
 
-/* ignore negative */
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
 	{
 	unsigned int i,m;
@@ -589,6 +619,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
 	i=((n-1)/BN_BYTES)+1;
 	m=((n-1)%(BN_BYTES));
 	ret->top=i;
+	ret->neg=0;
 	while (n-- > 0)
 		{
 		l=(l<<8L)| *(s++);
@@ -743,7 +774,7 @@ int BN_mask_bits(BIGNUM *a, int n)
 	return(1);
 	}
 
-int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
 	{
 	int i;
 	BN_ULONG aa,bb;
@@ -760,3 +791,34 @@ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
 	return(0);
 	}
 
+/* Here follows a specialised variants of bn_cmp_words().  It has the
+   property of performing the operation on arrays of different sizes.
+   The sizes of those arrays is expressed through cl, which is the
+   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
+   delta between the two lengths, calculated as len(a)-len(b).
+   All lengths are the number of BN_ULONGs...  */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl)
+	{
+	int n,i;
+	n = cl-1;
+
+	if (dl < 0)
+		{
+		for (i=dl; i<0; i++)
+			{
+			if (b[n-i] != 0)
+				return -1; /* a < b */
+			}
+		}
+	if (dl > 0)
+		{
+		for (i=dl; i>0; i--)
+			{
+			if (a[n+i] != 0)
+				return 1; /* a > b */
+			}
+		}
+	return bn_cmp_words(a,b,cl);
+	}
diff --git a/crypto/openssl/crypto/bn/bn_mod.c b/crypto/openssl/crypto/bn/bn_mod.c
new file mode 100644
index 0000000..5cf8248
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_mod.c
@@ -0,0 +1,296 @@
+/* crypto/bn/bn_mod.c */
+/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+#if 0 /* now just a #define */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+	{
+	return(BN_div(NULL,rem,m,d,ctx));
+	/* note that  rem->neg == m->neg  (unless the remainder is zero) */
+	}
+#endif
+
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+	{
+	/* like BN_mod, but returns non-negative remainder
+	 * (i.e.,  0 <= r < |d|  always holds) */
+
+	if (!(BN_mod(r,m,d,ctx)))
+		return 0;
+	if (!r->neg)
+		return 1;
+	/* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+	return (d->neg ? BN_sub : BN_add)(r, r, d);
+}
+
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_add(r, a, b)) return 0;
+	return BN_nnmod(r, r, m, ctx);
+	}
+
+
+/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
+ * and less than  m */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+	{
+	if (!BN_add(r, a, b)) return 0;
+	if (BN_ucmp(r, m) >= 0)
+		return BN_usub(r, r, m);
+	return 1;
+	}
+
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_sub(r, a, b)) return 0;
+	return BN_nnmod(r, r, m, ctx);
+	}
+
+
+/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
+ * and less than  m */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+	{
+	if (!BN_sub(r, a, b)) return 0;
+	if (r->neg)
+		return BN_add(r, r, m);
+	return 1;
+	}
+
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+	BN_CTX *ctx)
+	{
+	BIGNUM *t;
+	int ret=0;
+
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(m);
+
+	BN_CTX_start(ctx);
+	if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+	if (a == b)
+		{ if (!BN_sqr(t,a,ctx)) goto err; }
+	else
+		{ if (!BN_mul(t,a,b,ctx)) goto err; }
+	if (!BN_nnmod(r,t,m,ctx)) goto err;
+	ret=1;
+err:
+	BN_CTX_end(ctx);
+	return(ret);
+	}
+
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_sqr(r, a, ctx)) return 0;
+	/* r->neg == 0,  thus we don't need BN_nnmod */
+	return BN_mod(r, r, m, ctx);
+	}
+
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_lshift1(r, a)) return 0;
+	return BN_nnmod(r, r, m, ctx);
+	}
+
+
+/* BN_mod_lshift1 variant that may be used if  a  is non-negative
+ * and less than  m */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+	{
+	if (!BN_lshift1(r, a)) return 0;
+	if (BN_cmp(r, m) >= 0)
+		return BN_sub(r, r, m);
+	return 1;
+	}
+
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
+	{
+	BIGNUM *abs_m = NULL;
+	int ret;
+
+	if (!BN_nnmod(r, a, m, ctx)) return 0;
+
+	if (m->neg)
+		{
+		abs_m = BN_dup(m);
+		if (abs_m == NULL) return 0;
+		abs_m->neg = 0;
+		}
+	
+	ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+
+	if (abs_m)
+		BN_free(abs_m);
+	return ret;
+	}
+
+
+/* BN_mod_lshift variant that may be used if  a  is non-negative
+ * and less than  m */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+	{
+	if (r != a)
+		{
+		if (BN_copy(r, a) == NULL) return 0;
+		}
+
+	while (n > 0)
+		{
+		int max_shift;
+		
+		/* 0 < r < m */
+		max_shift = BN_num_bits(m) - BN_num_bits(r);
+		/* max_shift >= 0 */
+
+		if (max_shift < 0)
+			{
+			BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+			return 0;
+			}
+
+		if (max_shift > n)
+			max_shift = n;
+
+		if (max_shift)
+			{
+			if (!BN_lshift(r, r, max_shift)) return 0;
+			n -= max_shift;
+			}
+		else
+			{
+			if (!BN_lshift1(r, r)) return 0;
+			--n;
+			}
+
+		/* BN_num_bits(r) <= BN_num_bits(m) */
+
+		if (BN_cmp(r, m) >= 0) 
+			{
+			if (!BN_sub(r, r, m)) return 0;
+			}
+		}
+	
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c
index 1daf507..c9ebdba 100644
--- a/crypto/openssl/crypto/bn/bn_mont.c
+++ b/crypto/openssl/crypto/bn/bn_mont.c
@@ -69,20 +69,17 @@
 
 #define MONT_WORD /* use the faster word-based algorithm */
 
-int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
-	BIGNUM *tmp,*tmp2;
+	BIGNUM *tmp;
 	int ret=0;
 
 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
-	tmp2 = BN_CTX_get(ctx);
-	if (tmp == NULL || tmp2 == NULL) goto err;
+	if (tmp == NULL) goto err;
 
 	bn_check_top(tmp);
-	bn_check_top(tmp2);
-
 	if (a == b)
 		{
 		if (!BN_sqr(tmp,a,ctx)) goto err;
@@ -99,7 +96,7 @@ err:
 	return(ret);
 	}
 
-int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 	     BN_CTX *ctx)
 	{
 	int retn=0;
@@ -144,7 +141,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 	n0=mont->n0;
 
 #ifdef BN_COUNT
-	printf("word BN_from_montgomery %d * %d\n",nl,nl);
+	fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
 #endif
 	for (i=0; i<nl; i++)
 		{
@@ -229,7 +226,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 
 	if (BN_ucmp(ret, &(mont->N)) >= 0)
 		{
-		BN_usub(ret,ret,&(mont->N));
+		if (!BN_usub(ret,ret,&(mont->N))) goto err;
 		}
 	retn=1;
  err:
@@ -277,6 +274,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 	BN_init(&Ri);
 	R= &(mont->RR);					/* grab RR as a temp */
 	BN_copy(&(mont->N),mod);			/* Set N */
+	mont->N.neg = 0;
 
 #ifdef MONT_WORD
 		{
@@ -292,48 +290,45 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		tmod.d=buf;
 		tmod.top=1;
 		tmod.dmax=2;
-		tmod.neg=mod->neg;
+		tmod.neg=0;
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
 			goto err;
-		/* R*Ri */
-		if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
+		if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */
 		if (!BN_is_zero(&Ri))
 			{
-		   	if (!BN_sub_word(&Ri,1)) goto err;
+			if (!BN_sub_word(&Ri,1)) goto err;
 			}
 		else /* if N mod word size == 1 */
-		   	/* Ri-- (mod word size) */
 			{
-			if (!BN_set_word(&Ri,BN_MASK2)) goto err;
+			if (!BN_set_word(&Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
 			}
-		/* Ni = (R*Ri-1)/N, keep only least significant word: */
-                if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
-		mont->n0=Ri.d[0];
+		if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err;
+		/* Ni = (R*Ri-1)/N,
+		 * keep only least significant word: */
+		mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0;
 		BN_free(&Ri);
 		}
 #else /* !MONT_WORD */
 		{ /* bignum version */
-		mont->ri=BN_num_bits(mod);
-		if (!(BN_zero(R))) goto err;
-		/* R = 2^ri */
-		if (!(BN_set_bit(R,mont->ri))) goto err;
-							/* Ri = R^-1 mod N*/
-		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+		mont->ri=BN_num_bits(&mont->N);
+		if (!BN_zero(R)) goto err;
+		if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
+		                                        /* Ri = R^-1 mod N*/
+		if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
 			goto err;
-		/* R*Ri */
-		if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
-		if (!(BN_sub_word(&Ri,1))) goto err;
+		if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */
+		if (!BN_sub_word(&Ri,1)) goto err;
 							/* Ni = (R*Ri-1) / N */
-		if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
+		if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err;
 		BN_free(&Ri);
 		}
 #endif
 
 	/* setup RR for conversions */
-	if (!(BN_zero(&(mont->RR)))) goto err;
-	if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
-	if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
+	if (!BN_zero(&(mont->RR))) goto err;
+	if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
+	if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
 
 	return(1);
 err:
@@ -344,9 +339,9 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	{
 	if (to == from) return(to);
 
-	if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
-	if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
-	if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
+	if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
+	if (!BN_copy(&(to->N),&(from->N))) return NULL;
+	if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
 	to->ri=from->ri;
 	to->n0=from->n0;
 	return(to);
diff --git a/crypto/openssl/crypto/bn/bn_mpi.c b/crypto/openssl/crypto/bn/bn_mpi.c
index 80e1dca..05fa9d1 100644
--- a/crypto/openssl/crypto/bn/bn_mpi.c
+++ b/crypto/openssl/crypto/bn/bn_mpi.c
@@ -88,7 +88,7 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 	return(num+4+ext);
 	}
 
-BIGNUM *BN_mpi2bn(unsigned char *d, int n, BIGNUM *a)
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
 	{
 	long len;
 	int neg=0;
diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/openssl/crypto/bn/bn_mul.c
index 9059271..cb93ac3 100644
--- a/crypto/openssl/crypto/bn/bn_mul.c
+++ b/crypto/openssl/crypto/bn/bn_mul.c
@@ -608,7 +608,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 	}
 #endif /* BN_RECURSION */
 
-int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	{
 	int top,al,bl;
 	BIGNUM *rr;
@@ -675,16 +675,20 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 #ifdef BN_RECURSION
 	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
 		{
-		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax)
 			{
+#if 0	/* tribute to const-ification, bl<b->dmax above covers for this */
 			if (bn_wexpand(b,al) == NULL) goto err;
+#endif
 			b->d[bl]=0;
 			bl++;
 			i--;
 			}
-		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax)
 			{
+#if 0	/* tribute to const-ification, al<a->dmax above covers for this */
 			if (bn_wexpand(a,bl) == NULL) goto err;
+#endif
 			a->d[al]=0;
 			al++;
 			i++;
@@ -702,7 +706,10 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 				if (bn_wexpand(t,k*2) == NULL) goto err;
 				if (bn_wexpand(rr,k*2) == NULL) goto err;
 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+				rr->top=top;
+				goto end;
 				}
+#if 0	/* tribute to const-ification, rsa/dsa performance is not affected */
 			else
 				{
 				if (bn_wexpand(a,k) == NULL ) goto err;
@@ -717,6 +724,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 				}
 			rr->top=top;
 			goto end;
+#endif
 			}
 		}
 #endif /* BN_RECURSION */
diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c
index 8b782fa..918b923 100644
--- a/crypto/openssl/crypto/bn/bn_prime.c
+++ b/crypto/openssl/crypto/bn/bn_prime.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -125,12 +125,13 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
 	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
-	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
 static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
-	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
 
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
-	     BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+	const BIGNUM *add, const BIGNUM *rem,
+	void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *rnd=NULL;
 	BIGNUM t;
@@ -376,8 +377,8 @@ again:
 	return(1);
 	}
 
-static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
-	     BN_CTX *ctx)
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1;
@@ -413,8 +414,8 @@ err:
 	return(ret);
 	}
 
-static int probable_prime_dh_safe(BIGNUM *p, int bits, BIGNUM *padd,
-	     BIGNUM *rem, BN_CTX *ctx)
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+	const BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1,*qadd,*q;
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
index 532e66b..5f46b18 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -277,8 +277,8 @@ err:
 	return(0);
 	}
 
-#ifndef NO_BIO
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_BIO
+#ifndef OPENSSL_NO_FP_API
 int BN_print_fp(FILE *fp, const BIGNUM *a)
 	{
 	BIO *b;
@@ -321,7 +321,7 @@ end:
 #endif
 
 #ifdef BN_DEBUG
-void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n)
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n)
 	{
 	int i;
 	fprintf(o, "%s=", a);
diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c
index 4944ffb..893c9d2 100644
--- a/crypto/openssl/crypto/bn/bn_rand.c
+++ b/crypto/openssl/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
 	if (buf != NULL)
 		{
-		memset(buf,0,bytes);
+		OPENSSL_cleanse(buf,bytes);
 		OPENSSL_free(buf);
 		}
 	return(ret);
@@ -224,6 +224,7 @@ int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	}
 #endif
 
+
 /* random number r:  0 <= r < range */
 static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
 	{
diff --git a/crypto/openssl/crypto/bn/bn_recp.c b/crypto/openssl/crypto/bn/bn_recp.c
index d019941..ef5fdd4 100644
--- a/crypto/openssl/crypto/bn/bn_recp.c
+++ b/crypto/openssl/crypto/bn/bn_recp.c
@@ -93,18 +93,19 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 	{
-	BN_copy(&(recp->N),d);
-	BN_zero(&(recp->Nr));
+	if (!BN_copy(&(recp->N),d)) return 0;
+	if (!BN_zero(&(recp->Nr))) return 0;
 	recp->num_bits=BN_num_bits(d);
 	recp->shift=0;
 	return(1);
 	}
 
-int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
-	     BN_CTX *ctx)
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+	BN_RECP_CTX *recp, BN_CTX *ctx)
 	{
 	int ret=0;
 	BIGNUM *a;
+	const BIGNUM *ca;
 
 	BN_CTX_start(ctx);
 	if ((a = BN_CTX_get(ctx)) == NULL) goto err;
@@ -114,19 +115,19 @@ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
 			{ if (!BN_sqr(a,x,ctx)) goto err; }
 		else
 			{ if (!BN_mul(a,x,y,ctx)) goto err; }
+		ca = a;
 		}
 	else
-		a=x; /* Just do the mod */
+		ca=x; /* Just do the mod */
 
-	BN_div_recp(NULL,r,a,recp,ctx);
-	ret=1;
+	ret = BN_div_recp(NULL,r,ca,recp,ctx);
 err:
 	BN_CTX_end(ctx);
 	return(ret);
 	}
 
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
-	     BN_CTX *ctx)
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+	BN_RECP_CTX *recp, BN_CTX *ctx)
 	{
 	int i,j,ret=0;
 	BIGNUM *a,*b,*d,*r;
@@ -146,8 +147,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
 
 	if (BN_ucmp(m,&(recp->N)) < 0)
 		{
-		BN_zero(d);
-		BN_copy(r,m);
+		if (!BN_zero(d)) return 0;
+		if (!BN_copy(r,m)) return 0;
 		BN_CTX_end(ctx);
 		return(1);
 		}
@@ -157,20 +158,28 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
 	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab
 	 *
 	 */
-	i=BN_num_bits(m);
 
+	/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+	i=BN_num_bits(m);
 	j=recp->num_bits<<1;
 	if (j>i) i=j;
-	j>>=1;
 
+	/* Nr := round(2^i / N) */
 	if (i != recp->shift)
 		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
-			i,ctx);
+			i,ctx); /* BN_reciprocal returns i, or -1 for an error */
+	if (recp->shift == -1) goto err;
 
-	if (!BN_rshift(a,m,j)) goto err;
+	/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+	 *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+	 *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+	 *    = |m/N|
+	 */
+	if (!BN_rshift(a,m,recp->num_bits)) goto err;
 	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
-	if (!BN_rshift(d,b,i-j)) goto err;
+	if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
 	d->neg=0;
+
 	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
 	if (!BN_usub(r,m,b)) goto err;
 	r->neg=0;
@@ -201,20 +210,21 @@ err:
  * We actually calculate with an extra word of precision, so
  * we can do faster division if the remainder is not required.
  */
-int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx)
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
 	{
 	int ret= -1;
 	BIGNUM t;
 
 	BN_init(&t);
 
-	BN_zero(&t);
+	if (!BN_zero(&t)) goto err;
 	if (!BN_set_bit(&t,len)) goto err;
 
 	if (!BN_div(r,NULL,&t,m,ctx)) goto err;
+
 	ret=len;
 err:
 	BN_free(&t);
 	return(ret);
 	}
-
diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/openssl/crypto/bn/bn_shift.c
index c2608f9..70f785e 100644
--- a/crypto/openssl/crypto/bn/bn_shift.c
+++ b/crypto/openssl/crypto/bn/bn_shift.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_lshift1(BIGNUM *r, BIGNUM *a)
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 	{
 	register BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -92,7 +92,7 @@ int BN_lshift1(BIGNUM *r, BIGNUM *a)
 	return(1);
 	}
 
-int BN_rshift1(BIGNUM *r, BIGNUM *a)
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 	{
 	BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -128,8 +128,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 	BN_ULONG l;
 
 	r->neg=a->neg;
-	if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0);
 	nw=n/BN_BITS2;
+	if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
 	lb=n%BN_BITS2;
 	rb=BN_BITS2-lb;
 	f=a->d;
@@ -153,7 +153,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 	return(1);
 	}
 
-int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
 	{
 	int i,j,nw,lb,rb;
 	BN_ULONG *t,*f;
diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/openssl/crypto/bn/bn_sqr.c
index 09bd337..c1d0cca 100644
--- a/crypto/openssl/crypto/bn/bn_sqr.c
+++ b/crypto/openssl/crypto/bn/bn_sqr.c
@@ -62,14 +62,14 @@
 
 /* r must not be a */
 /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 	{
 	int max,al;
 	int ret = 0;
 	BIGNUM *tmp,*rr;
 
 #ifdef BN_COUNT
-printf("BN_sqr %d * %d\n",a->top,a->top);
+	fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
 #endif
 	bn_check_top(a);
 
@@ -88,7 +88,6 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 	max=(al+al);
 	if (bn_wexpand(rr,max+1) == NULL) goto err;
 
-	r->neg=0;
 	if (al == 4)
 		{
 #ifndef BN_SQR_COMBA
@@ -124,7 +123,6 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 			k=j+j;
 			if (al == j)
 				{
-				if (bn_wexpand(a,k*2) == NULL) goto err;
 				if (bn_wexpand(tmp,k*2) == NULL) goto err;
 				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
 				}
@@ -141,6 +139,7 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 		}
 
 	rr->top=max;
+	rr->neg=0;
 	if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
 	if (rr != r) BN_copy(r,rr);
 	ret = 1;
@@ -150,10 +149,11 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 	}
 
 /* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
 	{
 	int i,j,max;
-	BN_ULONG *ap,*rp;
+	const BN_ULONG *ap;
+	BN_ULONG *rp;
 
 	max=n*2;
 	ap=a;
@@ -197,14 +197,14 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
  * a[1]*b[1]
  */
-void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
 	{
 	int n=n2/2;
 	int zero,c1;
 	BN_ULONG ln,lo,*p;
 
 #ifdef BN_COUNT
-printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+	fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
 #endif
 	if (n2 == 4)
 		{
diff --git a/crypto/openssl/crypto/bn/bn_sqrt.c b/crypto/openssl/crypto/bn/bn_sqrt.c
new file mode 100644
index 0000000..e2a1105
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_sqrt.c
@@ -0,0 +1,387 @@
+/* crypto/bn/bn_mod.c */
+/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * and Bodo Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
+/* Returns 'ret' such that
+ *      ret^2 == a (mod p),
+ * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
+ * in Algebraic Computational Number Theory", algorithm 1.5.1).
+ * 'p' must be prime!
+ * If 'a' is not a square, this is not necessarily detected by
+ * the algorithms; a bogus result must be expected in this case.
+ */
+	{
+	BIGNUM *ret = in;
+	int err = 1;
+	int r;
+	BIGNUM *b, *q, *t, *x, *y;
+	int e, i, j;
+	
+	if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
+		{
+		if (BN_abs_is_word(p, 2))
+			{
+			if (ret == NULL)
+				ret = BN_new();
+			if (ret == NULL)
+				goto end;
+			if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
+				{
+				BN_free(ret);
+				return NULL;
+				}
+			return ret;
+			}
+
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+		return(NULL);
+		}
+
+	if (BN_is_zero(a) || BN_is_one(a))
+		{
+		if (ret == NULL)
+			ret = BN_new();
+		if (ret == NULL)
+			goto end;
+		if (!BN_set_word(ret, BN_is_one(a)))
+			{
+			BN_free(ret);
+			return NULL;
+			}
+		return ret;
+		}
+
+#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */
+	r = BN_kronecker(a, p, ctx);
+	if (r < -1) return NULL;
+	if (r == -1)
+		{
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+		return(NULL);
+		}
+#endif
+
+	BN_CTX_start(ctx);
+	b = BN_CTX_get(ctx);
+	q = BN_CTX_get(ctx);
+	t = BN_CTX_get(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto end;
+	
+	if (ret == NULL)
+		ret = BN_new();
+	if (ret == NULL) goto end;
+
+	/* now write  |p| - 1  as  2^e*q  where  q  is odd */
+	e = 1;
+	while (!BN_is_bit_set(p, e))
+		e++;
+	/* we'll set  q  later (if needed) */
+
+	if (e == 1)
+		{
+		/* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+		 * modulo  (|p|-1)/2,  and square roots can be computed
+		 * directly by modular exponentiation.
+		 * We have
+		 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+		 */
+		if (!BN_rshift(q, p, 2)) goto end;
+		q->neg = 0;
+		if (!BN_add_word(q, 1)) goto end;
+		if (!BN_mod_exp(ret, a, q, p, ctx)) goto end;
+		err = 0;
+		goto end;
+		}
+	
+	if (e == 2)
+		{
+		/* |p| == 5  (mod 8)
+		 *
+		 * In this case  2  is always a non-square since
+		 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+		 * So if  a  really is a square, then  2*a  is a non-square.
+		 * Thus for
+		 *      b := (2*a)^((|p|-5)/8),
+		 *      i := (2*a)*b^2
+		 * we have
+		 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+		 *         = (2*a)^((p-1)/2)
+		 *         = -1;
+		 * so if we set
+		 *      x := a*b*(i-1),
+		 * then
+		 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+		 *         = a^2 * b^2 * (-2*i)
+		 *         = a*(-i)*(2*a*b^2)
+		 *         = a*(-i)*i
+		 *         = a.
+		 *
+		 * (This is due to A.O.L. Atkin, 
+		 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+		 * November 1992.)
+		 */
+
+		/* make sure that  a  is reduced modulo p */
+		if (a->neg || BN_ucmp(a, p) >= 0)
+			{
+			if (!BN_nnmod(x, a, p, ctx)) goto end;
+			a = x; /* use x as temporary variable */
+			}
+
+		/* t := 2*a */
+		if (!BN_mod_lshift1_quick(t, a, p)) goto end;
+
+		/* b := (2*a)^((|p|-5)/8) */
+		if (!BN_rshift(q, p, 3)) goto end;
+		q->neg = 0;
+		if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
+
+		/* y := b^2 */
+		if (!BN_mod_sqr(y, b, p, ctx)) goto end;
+
+		/* t := (2*a)*b^2 - 1*/
+		if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
+		if (!BN_sub_word(t, 1)) goto end;
+
+		/* x = a*b*t */
+		if (!BN_mod_mul(x, a, b, p, ctx)) goto end;
+		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+
+		if (!BN_copy(ret, x)) goto end;
+		err = 0;
+		goto end;
+		}
+	
+	/* e > 2, so we really have to use the Tonelli/Shanks algorithm.
+	 * First, find some  y  that is not a square. */
+	if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
+	q->neg = 0;
+	i = 2;
+	do
+		{
+		/* For efficiency, try small numbers first;
+		 * if this fails, try random numbers.
+		 */
+		if (i < 22)
+			{
+			if (!BN_set_word(y, i)) goto end;
+			}
+		else
+			{
+			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
+			if (BN_ucmp(y, p) >= 0)
+				{
+				if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
+				}
+			/* now 0 <= y < |p| */
+			if (BN_is_zero(y))
+				if (!BN_set_word(y, i)) goto end;
+			}
+		
+		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+		if (r < -1) goto end;
+		if (r == 0)
+			{
+			/* m divides p */
+			BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+			goto end;
+			}
+		}
+	while (r == 1 && ++i < 82);
+	
+	if (r != -1)
+		{
+		/* Many rounds and still no non-square -- this is more likely
+		 * a bug than just bad luck.
+		 * Even if  p  is not prime, we should have found some  y
+		 * such that r == -1.
+		 */
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+		goto end;
+		}
+
+	/* Here's our actual 'q': */
+	if (!BN_rshift(q, q, e)) goto end;
+
+	/* Now that we have some non-square, we can find an element
+	 * of order  2^e  by computing its q'th power. */
+	if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
+	if (BN_is_one(y))
+		{
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+		goto end;
+		}
+
+	/* Now we know that (if  p  is indeed prime) there is an integer
+	 * k,  0 <= k < 2^e,  such that
+	 *
+	 *      a^q * y^k == 1   (mod p).
+	 *
+	 * As  a^q  is a square and  y  is not,  k  must be even.
+	 * q+1  is even, too, so there is an element
+	 *
+	 *     X := a^((q+1)/2) * y^(k/2),
+	 *
+	 * and it satisfies
+	 *
+	 *     X^2 = a^q * a     * y^k
+	 *         = a,
+	 *
+	 * so it is the square root that we are looking for.
+	 */
+	
+	/* t := (q-1)/2  (note that  q  is odd) */
+	if (!BN_rshift1(t, q)) goto end;
+	
+	/* x := a^((q-1)/2) */
+	if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
+		{
+		if (!BN_nnmod(t, a, p, ctx)) goto end;
+		if (BN_is_zero(t))
+			{
+			/* special case: a == 0  (mod p) */
+			if (!BN_zero(ret)) goto end;
+			err = 0;
+			goto end;
+			}
+		else
+			if (!BN_one(x)) goto end;
+		}
+	else
+		{
+		if (!BN_mod_exp(x, a, t, p, ctx)) goto end;
+		if (BN_is_zero(x))
+			{
+			/* special case: a == 0  (mod p) */
+			if (!BN_zero(ret)) goto end;
+			err = 0;
+			goto end;
+			}
+		}
+
+	/* b := a*x^2  (= a^q) */
+	if (!BN_mod_sqr(b, x, p, ctx)) goto end;
+	if (!BN_mod_mul(b, b, a, p, ctx)) goto end;
+	
+	/* x := a*x    (= a^((q+1)/2)) */
+	if (!BN_mod_mul(x, x, a, p, ctx)) goto end;
+
+	while (1)
+		{
+		/* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+		 * where  E  refers to the original value of  e,  which we
+		 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+		 *
+		 * We have  a*b = x^2,
+		 *    y^2^(e-1) = -1,
+		 *    b^2^(e-1) = 1.
+		 */
+
+		if (BN_is_one(b))
+			{
+			if (!BN_copy(ret, x)) goto end;
+			err = 0;
+			goto end;
+			}
+
+
+		/* find smallest  i  such that  b^(2^i) = 1 */
+		i = 1;
+		if (!BN_mod_sqr(t, b, p, ctx)) goto end;
+		while (!BN_is_one(t))
+			{
+			i++;
+			if (i == e)
+				{
+				BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+				goto end;
+				}
+			if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
+			}
+		
+
+		/* t := y^2^(e - i - 1) */
+		if (!BN_copy(t, y)) goto end;
+		for (j = e - i - 1; j > 0; j--)
+			{
+			if (!BN_mod_sqr(t, t, p, ctx)) goto end;
+			}
+		if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
+		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+		if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
+		e = i;
+		}
+
+ end:
+	if (err)
+		{
+		if (ret != NULL && ret != in)
+			{
+			BN_clear_free(ret);
+			}
+		ret = NULL;
+		}
+	BN_CTX_end(ctx);
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/bn/bn_word.c b/crypto/openssl/crypto/bn/bn_word.c
index cd59baa..988e0ca 100644
--- a/crypto/openssl/crypto/bn/bn_word.c
+++ b/crypto/openssl/crypto/bn/bn_word.c
@@ -123,7 +123,10 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
 	i=0;
 	for (;;)
 		{
-		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+		if (i >= a->top)
+			l=w;
+		else
+			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
 		a->d[i]=l;
 		if (w > l)
 			w=1;
diff --git a/crypto/openssl/crypto/bn/bnspeed.c b/crypto/openssl/crypto/bn/bnspeed.c
index 20fc7e0..b554ac8 100644
--- a/crypto/openssl/crypto/bn/bnspeed.c
+++ b/crypto/openssl/crypto/bn/bnspeed.c
@@ -71,7 +71,7 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -87,7 +87,7 @@
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
index af0c262..3aae945 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/bio.h>
 #include <openssl/bn.h>
@@ -68,7 +68,7 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
@@ -91,10 +91,12 @@ int test_mod(BIO *bp,BN_CTX *ctx);
 int test_mod_mul(BIO *bp,BN_CTX *ctx);
 int test_mod_exp(BIO *bp,BN_CTX *ctx);
 int test_exp(BIO *bp,BN_CTX *ctx);
+int test_kron(BIO *bp,BN_CTX *ctx);
+int test_sqrt(BIO *bp,BN_CTX *ctx);
 int rand_neg(void);
 static int results=0;
 
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #include "bss_file.c"
 #endif
@@ -139,10 +141,10 @@ int main(int argc, char *argv[])
 
 
 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -152,7 +154,7 @@ int main(int argc, char *argv[])
 		if (!BIO_write_filename(out,outfile))
 			{
 			perror(outfile);
-			exit(1);
+			EXIT(1);
 			}
 		}
 
@@ -224,18 +226,26 @@ int main(int argc, char *argv[])
 	if (!test_exp(out,ctx)) goto err;
 	BIO_flush(out);
 
+	message(out,"BN_kronecker");
+	if (!test_kron(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_mod_sqrt");
+	if (!test_sqrt(out,ctx)) goto err;
+	BIO_flush(out);
+
 	BN_CTX_free(ctx);
 	BIO_free(out);
 
 /**/
-	exit(0);
+	EXIT(0);
 err:
 	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
 	                      * the failure, see test_bn in test/Makefile.ssl*/
 	BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}
 
@@ -243,7 +253,6 @@ int test_add(BIO *bp)
 	{
 	BIGNUM a,b,c;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&b);
@@ -255,9 +264,6 @@ int test_add(BIO *bp)
 		BN_bntest_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<10000; j++)
-				BN_add(&c,&a,&b);
 		BN_add(&c,&a,&b);
 		if (bp != NULL)
 			{
@@ -291,7 +297,6 @@ int test_sub(BIO *bp)
 	{
 	BIGNUM a,b,c;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&b);
@@ -312,9 +317,6 @@ int test_sub(BIO *bp)
 			a.neg=rand_neg();
 			b.neg=rand_neg();
 			}
-		if (bp == NULL)
-			for (j=0; j<10000; j++)
-				BN_sub(&c,&a,&b);
 		BN_sub(&c,&a,&b);
 		if (bp != NULL)
 			{
@@ -346,7 +348,6 @@ int test_div(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM a,b,c,d,e;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&b);
@@ -367,9 +368,6 @@ int test_div(BIO *bp, BN_CTX *ctx)
 			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_div(&d,&c,&a,&b,ctx);
 		BN_div(&d,&c,&a,&b,ctx);
 		if (bp != NULL)
 			{
@@ -415,7 +413,6 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 	BIGNUM a,b,c,d,e;
 	BN_RECP_CTX recp;
 	int i;
-	int j;
 
 	BN_RECP_CTX_init(&recp);
 	BN_init(&a);
@@ -438,9 +435,6 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_div_recp(&d,&c,&a,&recp,ctx);
 		BN_div_recp(&d,&c,&a,&recp,ctx);
 		if (bp != NULL)
 			{
@@ -491,10 +485,11 @@ int test_mul(BIO *bp)
 	{
 	BIGNUM a,b,c,d,e;
 	int i;
-	int j;
-	BN_CTX ctx;
+	BN_CTX *ctx;
 
-	BN_CTX_init(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) EXIT(1);
+	
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
@@ -512,10 +507,7 @@ int test_mul(BIO *bp)
 			BN_bntest_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mul(&c,&a,&b,&ctx);
-		BN_mul(&c,&a,&b,&ctx);
+		BN_mul(&c,&a,&b,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
@@ -528,7 +520,7 @@ int test_mul(BIO *bp)
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
-		BN_div(&d,&e,&c,&a,&ctx);
+		BN_div(&d,&e,&c,&a,ctx);
 		BN_sub(&d,&d,&b);
 		if(!BN_is_zero(&d) || !BN_is_zero(&e))
 		    {
@@ -541,7 +533,7 @@ int test_mul(BIO *bp)
 	BN_free(&c);
 	BN_free(&d);
 	BN_free(&e);
-	BN_CTX_free(&ctx);
+	BN_CTX_free(ctx);
 	return(1);
 	}
 
@@ -549,7 +541,6 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM a,c,d,e;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&c);
@@ -560,9 +551,6 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
 		{
 		BN_bntest_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_sqr(&c,&a,ctx);
 		BN_sqr(&c,&a,ctx);
 		if (bp != NULL)
 			{
@@ -596,7 +584,6 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 	BIGNUM a,b,c,d,A,B;
 	BIGNUM n;
 	int i;
-	int j;
 	BN_MONT_CTX *mont;
 
 	BN_init(&a);
@@ -620,12 +607,12 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 		BN_bntest_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);
 
+		BN_nnmod(&a,&a,&n,ctx);
+		BN_nnmod(&b,&b,&n,ctx);
+
 		BN_to_montgomery(&A,&a,mont,ctx);
 		BN_to_montgomery(&B,&b,mont,ctx);
 
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
 		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
 		BN_from_montgomery(&A,&c,mont,ctx);/**/
 		if (bp != NULL)
@@ -671,7 +658,6 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*c,*d,*e;
 	int i;
-	int j;
 
 	a=BN_new();
 	b=BN_new();
@@ -685,9 +671,6 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 		BN_bntest_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mod(c,a,b,ctx);/**/
 		BN_mod(c,a,b,ctx);/**/
 		if (bp != NULL)
 			{
@@ -720,7 +703,7 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*c,*d,*e;
-	int i;
+	int i,j;
 
 	a=BN_new();
 	b=BN_new();
@@ -728,6 +711,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
+	for (j=0; j<3; j++) {
 	BN_bntest_rand(c,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
@@ -735,10 +719,6 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 		BN_bntest_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
-	/*	if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mod_mul(d,a,b,c,ctx);*/ /**/
-
 		if (!BN_mod_mul(e,a,b,c,ctx))
 			{
 			unsigned long l;
@@ -746,7 +726,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 			while ((l=ERR_get_error()))
 				fprintf(stderr,"ERROR:%s\n",
 					ERR_error_string(l,NULL));
-			exit(1);
+			EXIT(1);
 			}
 		if (bp != NULL)
 			{
@@ -757,6 +737,16 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 				BN_print(bp,b);
 				BIO_puts(bp," % ");
 				BN_print(bp,c);
+				if ((a->neg ^ b->neg) && !BN_is_zero(e))
+					{
+					/* If  (a*b) % c  is negative,  c  must be added
+					 * in order to obtain the normalized remainder
+					 * (new with OpenSSL 0.9.7, previous versions of
+					 * BN_mod_mul could generate negative results)
+					 */
+					BIO_puts(bp," + ");
+					BN_print(bp,c);
+					}
 				BIO_puts(bp," - ");
 				}
 			BN_print(bp,e);
@@ -768,9 +758,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 		if(!BN_is_zero(b))
 		    {
 		    fprintf(stderr,"Modulo multiply test failed!\n");
+		    ERR_print_errors_fp(stderr);
 		    return 0;
 		    }
 		}
+	}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
@@ -880,6 +872,183 @@ int test_exp(BIO *bp, BN_CTX *ctx)
 	return(1);
 	}
 
+static void genprime_cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	putc(c, stderr);
+	fflush(stderr);
+	(void)n;
+	(void)arg;
+	}
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*r,*t;
+	int i;
+	int legendre, kronecker;
+	int ret = 0;
+
+	a = BN_new();
+	b = BN_new();
+	r = BN_new();
+	t = BN_new();
+	if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
+	
+	/* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).
+	 * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)
+	 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
+	 * So we generate a random prime  b  and compare these values
+	 * for a number of random  a's.  (That is, we run the Solovay-Strassen
+	 * primality test to confirm that  b  is prime, except that we
+	 * don't want to test whether  b  is prime but whether BN_kronecker
+	 * works.) */
+
+	if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err;
+	b->neg = rand_neg();
+	putc('\n', stderr);
+
+	for (i = 0; i < num0; i++)
+		{
+		if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
+		a->neg = rand_neg();
+
+		/* t := (|b|-1)/2  (note that b is odd) */
+		if (!BN_copy(t, b)) goto err;
+		t->neg = 0;
+		if (!BN_sub_word(t, 1)) goto err;
+		if (!BN_rshift1(t, t)) goto err;
+		/* r := a^t mod b */
+		b->neg=0;
+		
+		if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
+		b->neg=1;
+
+		if (BN_is_word(r, 1))
+			legendre = 1;
+		else if (BN_is_zero(r))
+			legendre = 0;
+		else
+			{
+			if (!BN_add_word(r, 1)) goto err;
+			if (0 != BN_ucmp(r, b))
+				{
+				fprintf(stderr, "Legendre symbol computation failed\n");
+				goto err;
+				}
+			legendre = -1;
+			}
+		
+		kronecker = BN_kronecker(a, b, ctx);
+		if (kronecker < -1) goto err;
+		/* we actually need BN_kronecker(a, |b|) */
+		if (a->neg && b->neg)
+			kronecker = -kronecker;
+		
+		if (legendre != kronecker)
+			{
+			fprintf(stderr, "legendre != kronecker; a = ");
+			BN_print_fp(stderr, a);
+			fprintf(stderr, ", b = ");
+			BN_print_fp(stderr, b);
+			fprintf(stderr, "\n");
+			goto err;
+			}
+
+		putc('.', stderr);
+		fflush(stderr);
+		}
+
+	putc('\n', stderr);
+	fflush(stderr);
+	ret = 1;
+ err:
+	if (a != NULL) BN_free(a);
+	if (b != NULL) BN_free(b);
+	if (r != NULL) BN_free(r);
+	if (t != NULL) BN_free(t);
+	return ret;
+	}
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*p,*r;
+	int i, j;
+	int ret = 0;
+
+	a = BN_new();
+	p = BN_new();
+	r = BN_new();
+	if (a == NULL || p == NULL || r == NULL) goto err;
+	
+	for (i = 0; i < 16; i++)
+		{
+		if (i < 8)
+			{
+			unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+			
+			if (!BN_set_word(p, primes[i])) goto err;
+			}
+		else
+			{
+			if (!BN_set_word(a, 32)) goto err;
+			if (!BN_set_word(r, 2*i + 1)) goto err;
+		
+			if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err;
+			putc('\n', stderr);
+			}
+		p->neg = rand_neg();
+
+		for (j = 0; j < num2; j++)
+			{
+			/* construct 'a' such that it is a square modulo p,
+			 * but in general not a proper square and not reduced modulo p */
+			if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
+			if (!BN_nnmod(r, r, p, ctx)) goto err;
+			if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+			if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
+			if (!BN_nnmod(a, a, p, ctx)) goto err;
+			if (!BN_mod_sqr(a, a, p, ctx)) goto err;
+			if (!BN_mul(a, a, r, ctx)) goto err;
+			if (rand_neg())
+				if (!BN_sub(a, a, p)) goto err;
+
+			if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
+			if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+
+			if (!BN_nnmod(a, a, p, ctx)) goto err;
+
+			if (BN_cmp(a, r) != 0)
+				{
+				fprintf(stderr, "BN_mod_sqrt failed: a = ");
+				BN_print_fp(stderr, a);
+				fprintf(stderr, ", r = ");
+				BN_print_fp(stderr, r);
+				fprintf(stderr, ", p = ");
+				BN_print_fp(stderr, p);
+				fprintf(stderr, "\n");
+				goto err;
+				}
+
+			putc('.', stderr);
+			fflush(stderr);
+			}
+		
+		putc('\n', stderr);
+		fflush(stderr);
+		}
+	ret = 1;
+ err:
+	if (a != NULL) BN_free(a);
+	if (p != NULL) BN_free(p);
+	if (r != NULL) BN_free(r);
+	return ret;
+	}
+
 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	{
 	BIGNUM *a,*b,*c,*d;
@@ -1052,7 +1221,7 @@ int test_rshift1(BIO *bp)
 			}
 		BN_sub(c,a,b);
 		BN_sub(c,c,b);
-		if(!BN_is_zero(c) && !BN_is_one(c))
+		if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
 		    {
 		    fprintf(stderr,"Right shift one test failed!\n");
 		    return 0;
diff --git a/crypto/openssl/crypto/bn/divtest.c b/crypto/openssl/crypto/bn/divtest.c
index 13ba86e..d3fc688 100644
--- a/crypto/openssl/crypto/bn/divtest.c
+++ b/crypto/openssl/crypto/bn/divtest.c
@@ -1,7 +1,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 
-static int rand(n)
+static int Rand(n)
 {
     unsigned char x[2];
     RAND_pseudo_bytes(x,2);
@@ -26,8 +26,8 @@ main()
     BN_CTX *ctx=BN_CTX_new();
 
     for(;;) {
-	BN_pseudo_rand(a,rand(),0,0);
-	BN_pseudo_rand(b,rand(),0,0);
+	BN_pseudo_rand(a,Rand(),0,0);
+	BN_pseudo_rand(b,Rand(),0,0);
 	if (BN_is_zero(b)) continue;
 
 	BN_RECP_CTX_set(recp,b,ctx);
diff --git a/crypto/openssl/crypto/bn/expspeed.c b/crypto/openssl/crypto/bn/expspeed.c
index 2044ab9..07a1bcf 100644
--- a/crypto/openssl/crypto/bn/expspeed.c
+++ b/crypto/openssl/crypto/bn/expspeed.c
@@ -61,6 +61,31 @@
 /* most of this code has been pilfered from my libdes speed.c program */
 
 #define BASENUM	5000
+#define NUM_START 0
+
+
+/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
+ * modular inverse, or modular square roots */
+#define TEST_EXP
+#undef TEST_MUL
+#undef TEST_SQR
+#undef TEST_GCD
+#undef TEST_KRON
+#undef TEST_INV
+#undef TEST_SQRT
+#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
+
+#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
+#  error "choose one test"
+#endif
+
+#if defined(TEST_INV) || defined(TEST_SQRT)
+#  define C_PRIME
+static void genprime_cb(int p, int n, void *arg);
+#endif
+
+
+
 #undef PROG
 #define PROG bnspeed_main
 
@@ -70,8 +95,9 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -87,7 +113,7 @@
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -161,11 +187,16 @@ static double Time_F(int s)
 #endif
 	}
 
-#define NUM_SIZES	6
-static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192};
-static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+#define NUM_SIZES	7
+#if NUM_START > NUM_SIZES
+#   error "NUM_START > NUM_SIZES"
+#endif
+static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
 /*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
 
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+
 void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
 
 int main(int argc, char **argv)
@@ -173,13 +204,23 @@ int main(int argc, char **argv)
 	BN_CTX *ctx;
 	BIGNUM *a,*b,*c,*r;
 
+#if 1
+	if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
+		abort();
+#endif
+
 	ctx=BN_CTX_new();
 	a=BN_new();
 	b=BN_new();
 	c=BN_new();
 	r=BN_new();
 
+	while (!RAND_status())
+		/* not enough bits */
+		RAND_SEED("I demand a manual recount!");
+
 	do_mul_exp(r,a,b,c,ctx);
+	return 0;
 	}
 
 void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
@@ -187,29 +228,126 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
 	int i,k;
 	double tm;
 	long num;
-	BN_MONT_CTX m;
-
-	memset(&m,0,sizeof(m));
 
 	num=BASENUM;
-	for (i=0; i<NUM_SIZES; i++)
+	for (i=NUM_START; i<NUM_SIZES; i++)
 		{
-		BN_rand(a,sizes[i],1,0);
-		BN_rand(b,sizes[i],1,0);
-		BN_rand(c,sizes[i],1,1);
-		BN_mod(a,a,c,ctx);
-		BN_mod(b,b,c,ctx);
-
-		BN_MONT_CTX_set(&m,c,ctx);
+#ifdef C_PRIME
+#  ifdef TEST_SQRT
+		if (!BN_set_word(a, 64)) goto err;
+		if (!BN_set_word(b, P_MOD_64)) goto err;
+#    define ADD a
+#    define REM b
+#  else
+#    define ADD NULL
+#    define REM NULL
+#  endif
+		if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
+		putc('\n', stderr);
+		fflush(stderr);
+#endif
 
-		Time_F(START);
 		for (k=0; k<num; k++)
-			BN_mod_exp_mont(r,a,b,c,ctx,&m);
+			{
+			if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
+				{
+				if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
+
+				if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
+
+#ifndef C_PRIME
+				if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
+#endif
+
+#ifdef TEST_SQRT				
+				if (!BN_mod_sqr(a,a,c,ctx)) goto err;
+				if (!BN_mod_sqr(b,b,c,ctx)) goto err;
+#else
+				if (!BN_nnmod(a,a,c,ctx)) goto err;
+				if (!BN_nnmod(b,b,c,ctx)) goto err;
+#endif
+
+				if (k == 0)
+					Time_F(START);
+				}
+
+#if defined(TEST_EXP)
+			if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
+#elif defined(TEST_MUL)
+			{
+			int i = 0;
+			for (i = 0; i < 50; i++)
+				if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
+			}
+#elif defined(TEST_SQR)
+			{
+			int i = 0;
+			for (i = 0; i < 50; i++)
+				{
+				if (!BN_mod_sqr(r,a,c,ctx)) goto err;
+				if (!BN_mod_sqr(r,b,c,ctx)) goto err;
+				}
+			}
+#elif defined(TEST_GCD)
+			if (!BN_gcd(r,a,b,ctx)) goto err;
+			if (!BN_gcd(r,b,c,ctx)) goto err;
+			if (!BN_gcd(r,c,a,ctx)) goto err;
+#elif defined(TEST_KRON)
+			if (-2 == BN_kronecker(a,b,ctx)) goto err;
+			if (-2 == BN_kronecker(b,c,ctx)) goto err;
+			if (-2 == BN_kronecker(c,a,ctx)) goto err;
+#elif defined(TEST_INV)
+			if (!BN_mod_inverse(r,a,c,ctx)) goto err;
+			if (!BN_mod_inverse(r,b,c,ctx)) goto err;
+#else /* TEST_SQRT */
+			if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
+			if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
+#endif
+			}
 		tm=Time_F(STOP);
-		printf("mul %4d ^ %4d %% %d -> %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num);
+		printf(
+#if defined(TEST_EXP)
+			"modexp %4d ^ %4d %% %4d"
+#elif defined(TEST_MUL)
+			"50*modmul %4d %4d %4d"
+#elif defined(TEST_SQR)
+			"100*modsqr %4d %4d %4d"
+#elif defined(TEST_GCD)
+			"3*gcd %4d %4d %4d"
+#elif defined(TEST_KRON)
+			"3*kronecker %4d %4d %4d"
+#elif defined(TEST_INV)
+			"2*inv %4d %4d mod %4d"
+#else /* TEST_SQRT */
+			"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
+#endif
+			" -> %8.3fms %5.1f (%ld)\n",
+#ifdef TEST_SQRT
+			P_MOD_64,
+#endif
+			sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
 		num/=7;
 		if (num <= 0) num=1;
 		}
+	return;
 
+ err:
+	ERR_print_errors_fp(stderr);
 	}
 
+
+#ifdef C_PRIME
+static void genprime_cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	putc(c, stderr);
+	fflush(stderr);
+	(void)n;
+	(void)arg;
+	}
+#endif
diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c
index 3e86f2e..621e6a9 100644
--- a/crypto/openssl/crypto/bn/exptest.c
+++ b/crypto/openssl/crypto/bn/exptest.c
@@ -59,11 +59,14 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
@@ -86,7 +89,7 @@ int main(int argc, char *argv[])
 	ERR_load_BN_strings();
 
 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 	r_mont=BN_new();
 	r_recp=BN_new();
 	r_simple=BN_new();
@@ -99,7 +102,7 @@ int main(int argc, char *argv[])
 
 	out=BIO_new(BIO_s_file());
 
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	for (i=0; i<200; i++)
@@ -124,7 +127,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_mont() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
@@ -132,7 +135,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_recp() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
@@ -140,7 +143,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_simple() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		if (BN_cmp(r_simple, r_mont) == 0
@@ -163,7 +166,7 @@ int main(int argc, char *argv[])
 			printf("\nrecp     =");	BN_print(out,r_recp);
 			printf("\nmont     ="); BN_print(out,r_mont);
 			printf("\n");
-			exit(1);
+			EXIT(1);
 			}
 		}
 	BN_free(r_mont);
@@ -177,11 +180,11 @@ int main(int argc, char *argv[])
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
 	printf(" done\n");
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors(out);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}
 
diff --git a/crypto/openssl/crypto/buffer/Makefile.ssl b/crypto/openssl/crypto/buffer/Makefile.ssl
index c088ec6..e8b6c96 100644
--- a/crypto/openssl/crypto/buffer/Makefile.ssl
+++ b/crypto/openssl/crypto/buffer/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	buffer
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -80,14 +80,15 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-buf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-buf_err.o: ../../include/openssl/symhacks.h
-buffer.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-buffer.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+buf_err.o: ../../include/openssl/symhacks.h buf_err.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-buffer.o: ../cryptlib.h
+buffer.o: ../cryptlib.h buffer.c
diff --git a/crypto/openssl/crypto/buffer/buf_err.c b/crypto/openssl/crypto/buffer/buf_err.c
index 2f971a5..5eee653 100644
--- a/crypto/openssl/crypto/buffer/buf_err.c
+++ b/crypto/openssl/crypto/buffer/buf_err.c
@@ -63,7 +63,7 @@
 #include <openssl/buffer.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA BUF_str_functs[]=
 	{
 {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),	"BUF_MEM_grow"},
@@ -86,7 +86,7 @@ void ERR_load_BUF_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
 		ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/buffer/buffer.c b/crypto/openssl/crypto/buffer/buffer.c
index b76ff3a..d96487e 100644
--- a/crypto/openssl/crypto/buffer/buffer.c
+++ b/crypto/openssl/crypto/buffer/buffer.c
@@ -118,8 +118,46 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
 	else
 		{
 		str->data=ret;
+		str->max=n;
+		memset(&str->data[str->length],0,len-str->length);
 		str->length=len;
+		}
+	return(len);
+	}
+
+int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+	{
+	char *ret;
+	unsigned int n;
+
+	if (str->length >= len)
+		{
+		memset(&str->data[len],0,str->length-len);
+		str->length=len;
+		return(len);
+		}
+	if (str->max >= len)
+		{
+		memset(&str->data[str->length],0,len-str->length);
+		str->length=len;
+		return(len);
+		}
+	n=(len+3)/3*4;
+	if (str->data == NULL)
+		ret=OPENSSL_malloc(n);
+	else
+		ret=OPENSSL_realloc_clean(str->data,str->max,n);
+	if (ret == NULL)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		len=0;
+		}
+	else
+		{
+		str->data=ret;
 		str->max=n;
+		memset(&str->data[str->length],0,len-str->length);
+		str->length=len;
 		}
 	return(len);
 	}
@@ -142,3 +180,23 @@ char *BUF_strdup(const char *str)
 	return(ret);
 	}
 
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+	{
+	size_t l = 0;
+	for(; size > 1 && *src; size--)
+		{
+		*dst++ = *src++;
+		l++;
+		}
+	if (size)
+		*dst = '\0';
+	return l + strlen(src);
+	}
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+	{
+	size_t l = 0;
+	for(; size > 0 && *dst; size--, dst++)
+		l++;
+	return l + BUF_strlcpy(dst, src, size);
+	}
diff --git a/crypto/openssl/crypto/buffer/buffer.h b/crypto/openssl/crypto/buffer/buffer.h
index 11e2d035..465dc34 100644
--- a/crypto/openssl/crypto/buffer/buffer.h
+++ b/crypto/openssl/crypto/buffer/buffer.h
@@ -63,6 +63,9 @@
 extern "C" {
 #endif
 
+#include <stddef.h>
+#include <sys/types.h>
+
 typedef struct buf_mem_st
 	{
 	int length;	/* current number of bytes */
@@ -73,8 +76,14 @@ typedef struct buf_mem_st
 BUF_MEM *BUF_MEM_new(void);
 void	BUF_MEM_free(BUF_MEM *a);
 int	BUF_MEM_grow(BUF_MEM *str, int len);
+int	BUF_MEM_grow_clean(BUF_MEM *str, int len);
 char *	BUF_strdup(const char *str);
 
+/* safe string functions */
+size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
+size_t BUF_strlcat(char *dst,const char *src,size_t siz);
+
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/crypto/openssl/crypto/cast/Makefile.ssl b/crypto/openssl/crypto/cast/Makefile.ssl
index 0aa1cbc..c18d868 100644
--- a/crypto/openssl/crypto/cast/Makefile.ssl
+++ b/crypto/openssl/crypto/cast/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -47,8 +48,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -97,7 +97,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -108,18 +108,18 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-c_cfb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_cfb64.o: cast_lcl.h
-c_ecb.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
 c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_ecb.o: ../../include/openssl/opensslv.h cast_lcl.h
-c_enc.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
 c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_enc.o: cast_lcl.h
-c_ofb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_ofb64.o: cast_lcl.h
-c_skey.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
 c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_skey.o: cast_lcl.h cast_s.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/crypto/openssl/crypto/cast/cast.h b/crypto/openssl/crypto/cast/cast.h
index e24e133..b28e4e4 100644
--- a/crypto/openssl/crypto/cast/cast.h
+++ b/crypto/openssl/crypto/cast/cast.h
@@ -63,7 +63,7 @@
 extern "C" {
 #endif
 
-#ifdef NO_CAST
+#ifdef OPENSSL_NO_CAST
 #error CAST is disabled.
 #endif
 
diff --git a/crypto/openssl/crypto/cast/cast_lcl.h b/crypto/openssl/crypto/cast/cast_lcl.h
index 5fab8a4..37f41cc 100644
--- a/crypto/openssl/crypto/cast/cast_lcl.h
+++ b/crypto/openssl/crypto/cast/cast_lcl.h
@@ -56,12 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
-#ifdef WIN32
+
+#include "e_os.h"
+
+#ifdef OPENSSL_SYS_WIN32
 #include <stdlib.h>
 #endif
 
 
-#include "openssl/e_os.h" /* OPENSSL_EXTERN */
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
 
 #undef c2l
 #define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
@@ -151,7 +157,7 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
-#if defined(WIN32) && defined(_MSC_VER)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define ROTL(a,n)     (_lrotl(a,n))
 #else
 #define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
diff --git a/crypto/openssl/crypto/cast/cast_spd.c b/crypto/openssl/crypto/cast/cast_spd.c
index 0af915c..76abf50 100644
--- a/crypto/openssl/crypto/cast/cast_spd.c
+++ b/crypto/openssl/crypto/cast/cast_spd.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -268,7 +268,7 @@ int main(int argc, char **argv)
 	printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/cast/castopts.c b/crypto/openssl/crypto/cast/castopts.c
index c783796..1b858d1 100644
--- a/crypto/openssl/crypto/cast/castopts.c
+++ b/crypto/openssl/crypto/cast/castopts.c
@@ -59,7 +59,7 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -332,7 +332,7 @@ int main(int argc, char **argv)
 		break;
 		}
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/cast/casttest.c b/crypto/openssl/crypto/cast/casttest.c
index ab2aeac..83e5a16 100644
--- a/crypto/openssl/crypto/cast/casttest.c
+++ b/crypto/openssl/crypto/cast/casttest.c
@@ -60,7 +60,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_CAST
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_CAST
 int main(int argc, char *argv[])
 {
     printf("No CAST support\n");
@@ -224,7 +226,7 @@ int main(int argc, char *argv[])
       }
 #endif
 
-    exit(err);
+    EXIT(err);
     return(err);
     }
 #endif
diff --git a/crypto/openssl/crypto/comp/Makefile.ssl b/crypto/openssl/crypto/comp/Makefile.ssl
index a61c7de..f60c7a1 100644
--- a/crypto/openssl/crypto/comp/Makefile.ssl
+++ b/crypto/openssl/crypto/comp/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	comp
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -42,8 +43,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -71,7 +71,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -84,24 +84,31 @@ clean:
 
 c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
-c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
-c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_zlib.o: c_zlib.c
 comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
-comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-comp_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
-comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-comp_err.o: ../../include/openssl/symhacks.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+comp_err.o: comp_err.c
 comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
-comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-comp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/crypto/openssl/crypto/comp/c_rle.c b/crypto/openssl/crypto/comp/c_rle.c
index 1a819e3..efd366f 100644
--- a/crypto/openssl/crypto/comp/c_rle.c
+++ b/crypto/openssl/crypto/comp/c_rle.c
@@ -17,6 +17,7 @@ static COMP_METHOD rle_method={
 	rle_compress_block,
 	rle_expand_block,
 	NULL,
+	NULL,
 	};
 
 COMP_METHOD *COMP_rle(void)
diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/openssl/crypto/comp/c_zlib.c
index 6684ab4..8c08761 100644
--- a/crypto/openssl/crypto/comp/c_zlib.c
+++ b/crypto/openssl/crypto/comp/c_zlib.c
@@ -6,11 +6,10 @@
 
 COMP_METHOD *COMP_zlib(void );
 
-#ifndef ZLIB
-
-static COMP_METHOD zlib_method={
+static COMP_METHOD zlib_method_nozlib={
 	NID_undef,
-	"(null)",
+	"(undef)",
+	NULL,
 	NULL,
 	NULL,
 	NULL,
@@ -18,6 +17,8 @@ static COMP_METHOD zlib_method={
 	NULL,
 	};
 
+#ifndef ZLIB
+#undef ZLIB_SHARED
 #else
 
 #include <zlib.h>
@@ -38,8 +39,56 @@ static COMP_METHOD zlib_method={
 	zlib_compress_block,
 	zlib_expand_block,
 	NULL,
+	NULL,
 	};
 
+/* 
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+
+# define Z_CALLCONV _stdcall
+# define ZLIB_SHARED
+#else
+# define Z_CALLCONV
+#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
+
+#ifdef ZLIB_SHARED
+#include <openssl/dso.h>
+
+/* Prototypes for built in stubs */
+static int stub_compress(Bytef *dest,uLongf *destLen,
+	const Bytef *source, uLong sourceLen);
+static int stub_inflateEnd(z_streamp strm);
+static int stub_inflate(z_streamp strm, int flush);
+static int stub_inflateInit_(z_streamp strm, const char * version,
+	int stream_size);
+
+/* Function pointers */
+typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+	const Bytef *source, uLong sourceLen);
+typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
+typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
+typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+	const char * version, int stream_size);
+static compress_ft	p_compress=NULL;
+static inflateEnd_ft	p_inflateEnd=NULL;
+static inflate_ft	p_inflate=NULL;
+static inflateInit__ft	p_inflateInit_=NULL;
+
+static int zlib_loaded = 0;     /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+#define compress                stub_compress
+#define inflateEnd              stub_inflateEnd
+#define inflate                 stub_inflate
+#define inflateInit_            stub_inflateInit_
+#endif /* ZLIB_SHARED */
+
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
 	     unsigned int olen, unsigned char *in, unsigned int ilen)
 	{
@@ -66,7 +115,10 @@ static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
 		memcpy(&(out[1]),in,ilen);
 		l=ilen+1;
 		}
-fprintf(stderr,"compress(%4d)->%4d %s\n",ilen,(int)l,(clear)?"clear":"zlib");
+#ifdef DEBUG_ZLIB
+	fprintf(stderr,"compress(%4d)->%4d %s\n",
+		ilen,(int)l,(clear)?"clear":"zlib");
+#endif
 	return((int)l);
 	}
 
@@ -88,7 +140,10 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
 		memcpy(out,&(in[1]),ilen-1);
 		l=ilen-1;
 		}
-        fprintf(stderr,"expand  (%4d)->%4d %s\n",ilen,(int)l,in[0]?"zlib":"clear");
+#ifdef DEBUG_ZLIB
+        fprintf(stderr,"expand  (%4d)->%4d %s\n",
+		ilen,(int)l,in[0]?"zlib":"clear");
+#endif
 	return((int)l);
 	}
 
@@ -128,6 +183,78 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
 
 COMP_METHOD *COMP_zlib(void)
 	{
-	return(&zlib_method);
+	COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+	if (!zlib_loaded)
+		{
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+		zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
+#else
+		zlib_dso = DSO_load(NULL, "z", NULL, 0);
+#endif
+		if (zlib_dso != NULL)
+			{
+			p_compress
+				= (compress_ft) DSO_bind_func(zlib_dso,
+					"compress");
+			p_inflateEnd
+				= (inflateEnd_ft) DSO_bind_func(zlib_dso,
+					"inflateEnd");
+			p_inflate
+				= (inflate_ft) DSO_bind_func(zlib_dso,
+					"inflate");
+			p_inflateInit_
+				= (inflateInit__ft) DSO_bind_func(zlib_dso,
+					"inflateInit_");
+			zlib_loaded++;
+			}
+		}
+
+#endif
+#if defined(ZLIB) || defined(ZLIB_SHARED)
+	meth = &zlib_method;
+#endif
+
+	return(meth);
+	}
+
+#ifdef ZLIB_SHARED
+/* Stubs for each function to be dynamicly loaded */
+static int 
+stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
+	{
+	if (p_compress)
+		return(p_compress(dest,destLen,source,sourceLen));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_inflateEnd(z_streamp strm)
+	{
+	if ( p_inflateEnd )
+		return(p_inflateEnd(strm));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_inflate(z_streamp strm, int flush)
+	{
+	if ( p_inflate )
+		return(p_inflate(strm,flush));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
+	{
+	if ( p_inflateInit_ )
+		return(p_inflateInit_(strm,version,stream_size));
+	else
+		return(Z_MEM_ERROR);
 	}
 
+#endif /* ZLIB_SHARED */
diff --git a/crypto/openssl/crypto/comp/comp.h b/crypto/openssl/crypto/comp/comp.h
index c26c209..ab48b78 100644
--- a/crypto/openssl/crypto/comp/comp.h
+++ b/crypto/openssl/crypto/comp/comp.h
@@ -39,9 +39,7 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
 int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
 	unsigned char *in, int ilen);
 COMP_METHOD *COMP_rle(void );
-#ifdef ZLIB
 COMP_METHOD *COMP_zlib(void );
-#endif
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/crypto/openssl/crypto/comp/comp_err.c b/crypto/openssl/crypto/comp/comp_err.c
index c10282a..1652b8c2 100644
--- a/crypto/openssl/crypto/comp/comp_err.c
+++ b/crypto/openssl/crypto/comp/comp_err.c
@@ -63,7 +63,7 @@
 #include <openssl/comp.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA COMP_str_functs[]=
 	{
 {0,NULL}
@@ -83,7 +83,7 @@ void ERR_load_COMP_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_COMP,COMP_str_functs);
 		ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/conf/Makefile.ssl b/crypto/openssl/crypto/conf/Makefile.ssl
index 1a433ab..28b3f9a 100644
--- a/crypto/openssl/crypto/conf/Makefile.ssl
+++ b/crypto/openssl/crypto/conf/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	conf
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -22,9 +23,11 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+	 conf_mall.c conf_sap.c
 
-LIBOBJ=	conf_err.o conf_lib.o conf_api.o conf_def.o
+LIBOBJ=	conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+	conf_mall.o conf_sap.o
 
 SRC= $(LIBSRC)
 
@@ -40,8 +43,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -69,7 +71,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -80,27 +82,102 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-conf_api.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
-conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
-conf_api.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+conf_api.o: conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
 conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-conf_def.o: ../cryptlib.h conf_def.h
+conf_def.o: ../cryptlib.h conf_def.c conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
-conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-conf_err.o: ../../include/openssl/symhacks.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_err.o: conf_err.c
 conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
 conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
-conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_lib.o: conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_mall.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_mall.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_mall.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_mall.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_mall.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_mall.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mod.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mod.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mod.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+conf_mod.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+conf_mod.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+conf_mod.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_mod.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+conf_mod.o: ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/aes.h
+conf_sap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_sap.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_sap.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_sap.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_sap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_sap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_sap.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/crypto/openssl/crypto/conf/README b/crypto/openssl/crypto/conf/README
new file mode 100644
index 0000000..ca58d02
--- /dev/null
+++ b/crypto/openssl/crypto/conf/README
@@ -0,0 +1,78 @@
+WARNING WARNING WARNING!!!
+
+This stuff is experimental, may change radically or be deleted altogether
+before OpenSSL 0.9.7 release. You have been warned!
+
+Configuration modules. These are a set of modules which can perform
+various configuration functions.
+
+Currently the routines should be called at most once when an application
+starts up: that is before it starts any threads.
+
+The routines read a configuration file set up like this:
+
+-----
+#default section
+openssl_init=init_section
+
+[init_section]
+
+module1=value1
+#Second instance of module1
+module1.1=valueX
+module2=value2
+module3=dso_literal
+module4=dso_section
+
+[dso_section]
+
+path=/some/path/to/some/dso.so
+other_stuff=other_value
+----
+
+When this file is loaded a configuration module with the specified
+string (module* in the above example) is looked up and its init
+function called as:
+
+int conf_init_func(CONF_IMODULE *md, CONF *cnf);
+
+The function can then take whatever action is appropriate, for example
+further lookups based on the value. Multiple instances of the same 
+config module can be loaded.
+
+When the application closes down the modules are cleaned up by calling
+an optional finish function:
+
+void conf_finish_func(CONF_IMODULE *md);
+
+The finish functions are called in reverse order: that is the last module
+loaded is the first one cleaned up.
+
+If no module exists with a given name then an attempt is made to load
+a DSO with the supplied name. This might mean that "module3" attempts
+to load a DSO called libmodule3.so or module3.dll for example. An explicit
+DSO name can be given by including a separate section as in the module4 example
+above.
+
+The DSO is expected to at least contain an initialization function:
+
+int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);
+
+and may also include a finish function:
+
+void OPENSSL_finish(CONF_IMODULE *md);
+
+Static modules can also be added using,
+
+int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
+
+where "name" is the name in the configuration file this function corresponds to.
+
+A set of builtin modules (currently only an ASN1 non functional test module) can be 
+added by calling OPENSSL_load_builtin_modules(). 
+
+The function OPENSSL_config() is intended as a simple configuration function that
+any application can call to perform various default configuration tasks. It uses the
+file openssl.cnf in the usual locations.
+
+
diff --git a/crypto/openssl/crypto/conf/cnf_save.c b/crypto/openssl/crypto/conf/cnf_save.c
index e907cc2..1439487 100644
--- a/crypto/openssl/crypto/conf/cnf_save.c
+++ b/crypto/openssl/crypto/conf/cnf_save.c
@@ -59,7 +59,8 @@
 #include <stdio.h>
 #include <openssl/conf.h>
 
-void print_conf(CONF_VALUE *cv);
+static void print_conf(CONF_VALUE *cv);
+static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
 
 main()
 	{
@@ -73,11 +74,11 @@ main()
 		exit(1);
 		}
 
-	lh_doall(conf,print_conf);
+	lh_doall(conf,LHASH_DOALL_FN(print_conf));
 	}
 
 
-void print_conf(CONF_VALUE *cv)
+static void print_conf(CONF_VALUE *cv)
 	{
 	int i;
 	CONF_VALUE *v;
diff --git a/crypto/openssl/crypto/conf/conf.h b/crypto/openssl/crypto/conf/conf.h
index 3ae9803..f467144 100644
--- a/crypto/openssl/crypto/conf/conf.h
+++ b/crypto/openssl/crypto/conf/conf.h
@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_CONF_H
+#ifndef  HEADER_CONF_H
 #define HEADER_CONF_H
 
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
+#include <openssl/e_os2.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -76,6 +77,8 @@ typedef struct
 	} CONF_VALUE;
 
 DECLARE_STACK_OF(CONF_VALUE)
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
 
 struct conf_st;
 typedef struct conf_st CONF;
@@ -89,25 +92,45 @@ struct conf_method_st
 	int (*init)(CONF *conf);
 	int (*destroy)(CONF *conf);
 	int (*destroy_data)(CONF *conf);
-	int (*load)(CONF *conf, BIO *bp, long *eline);
-	int (*dump)(CONF *conf, BIO *bp);
-	int (*is_number)(CONF *conf, char c);
-	int (*to_int)(CONF *conf, char c);
+	int (*load_bio)(CONF *conf, BIO *bp, long *eline);
+	int (*dump)(const CONF *conf, BIO *bp);
+	int (*is_number)(const CONF *conf, char c);
+	int (*to_int)(const CONF *conf, char c);
+	int (*load)(CONF *conf, const char *name, long *eline);
 	};
 
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+/* DSO module function typedefs */
+typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func(CONF_IMODULE *md);
+
+#define	CONF_MFLAGS_IGNORE_ERRORS	0x1
+#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2
+#define CONF_MFLAGS_SILENT		0x4
+#define CONF_MFLAGS_NO_DSO		0x8
+#define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10
+
 int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf,LHASH *hash);
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
 #endif
 LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
-char *CONF_get_string(LHASH *conf,char *group,char *name);
-long CONF_get_number(LHASH *conf,char *group,char *name);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
+char *CONF_get_string(LHASH *conf,const char *group,const char *name);
+long CONF_get_number(LHASH *conf,const char *group,const char *name);
 void CONF_free(LHASH *conf);
 int CONF_dump_fp(LHASH *conf, FILE *out);
 int CONF_dump_bio(LHASH *conf, BIO *out);
 
+void OPENSSL_config(const char *config_name);
+void OPENSSL_no_config(void);
+
 /* New conf code.  The semantics are different from the functions above.
    If that wasn't the case, the above functions would have been replaced */
 
@@ -119,25 +142,61 @@ struct conf_st
 	};
 
 CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default();
-CONF_METHOD *NCONF_WIN32();
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
 #if 0 /* Just to give you an idea of what I have in mind */
-CONF_METHOD *NCONF_XML();
+CONF_METHOD *NCONF_XML(void);
 #endif
 void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);
 
 int NCONF_load(CONF *conf,const char *file,long *eline);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
 #endif
 int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section);
-char *NCONF_get_string(CONF *conf,char *group,char *name);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
+char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
+int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
+		       long *result);
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#if 0 /* The following function has no error checking,
+	 and should therefore be avoided */
 long NCONF_get_number(CONF *conf,char *group,char *name);
-int NCONF_dump_fp(CONF *conf, FILE *out);
-int NCONF_dump_bio(CONF *conf, BIO *out);
-
+#else
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+#endif
+  
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+		      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+			   unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+void CONF_modules_free(void);
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+		    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
+
+void OPENSSL_load_builtin_modules(void);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -152,23 +211,37 @@ void ERR_load_CONF_strings(void);
 #define CONF_F_CONF_LOAD				 100
 #define CONF_F_CONF_LOAD_BIO				 102
 #define CONF_F_CONF_LOAD_FP				 103
+#define CONF_F_CONF_MODULES_LOAD			 116
+#define CONF_F_MODULE_INIT				 115
+#define CONF_F_MODULE_LOAD_DSO				 117
+#define CONF_F_MODULE_RUN				 118
 #define CONF_F_NCONF_DUMP_BIO				 105
 #define CONF_F_NCONF_DUMP_FP				 106
 #define CONF_F_NCONF_GET_NUMBER				 107
+#define CONF_F_NCONF_GET_NUMBER_E			 112
 #define CONF_F_NCONF_GET_SECTION			 108
 #define CONF_F_NCONF_GET_STRING				 109
+#define CONF_F_NCONF_LOAD				 113
 #define CONF_F_NCONF_LOAD_BIO				 110
+#define CONF_F_NCONF_LOAD_FP				 114
 #define CONF_F_NCONF_NEW				 111
 #define CONF_F_STR_COPY					 101
 
 /* Reason codes. */
+#define CONF_R_ERROR_LOADING_DSO			 110
 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
 #define CONF_R_MISSING_EQUAL_SIGN			 101
+#define CONF_R_MISSING_FINISH_FUNCTION			 111
+#define CONF_R_MISSING_INIT_FUNCTION			 112
+#define CONF_R_MODULE_INITIALIZATION_ERROR		 109
 #define CONF_R_NO_CLOSE_BRACE				 102
 #define CONF_R_NO_CONF					 105
 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
 #define CONF_R_NO_SECTION				 107
+#define CONF_R_NO_SUCH_FILE				 114
+#define CONF_R_NO_VALUE					 108
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
+#define CONF_R_UNKNOWN_MODULE_NAME			 113
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
 
 #ifdef  __cplusplus
diff --git a/crypto/openssl/crypto/conf/conf_api.c b/crypto/openssl/crypto/conf/conf_api.c
index f6515b5..0032baa 100644
--- a/crypto/openssl/crypto/conf/conf_api.c
+++ b/crypto/openssl/crypto/conf/conf_api.c
@@ -67,27 +67,34 @@
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);
-static unsigned long hash(CONF_VALUE *v);
-static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
+/* We don't use function pointer casting or wrapper functions - but cast each
+ * callback parameter inside the callback functions. */
+/* static unsigned long hash(CONF_VALUE *v); */
+static unsigned long hash(const void *v_void);
+/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
+static int cmp_conf(const void *a_void,const void *b_void);
 
 /* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(CONF *conf, char *section)
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
 	{
 	CONF_VALUE *v,vv;
 
 	if ((conf == NULL) || (section == NULL)) return(NULL);
 	vv.name=NULL;
-	vv.section=section;
+	vv.section=(char *)section;
 	v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
 	return(v);
 	}
 
 /* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section)
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+					       const char *section)
 	{
 	CONF_VALUE *v;
 
@@ -122,7 +129,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
 	return 1;
 	}
 
-char *_CONF_get_string(CONF *conf, char *section, char *name)
+char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
 	{
 	CONF_VALUE *v,vv;
 	char *p;
@@ -132,8 +139,8 @@ char *_CONF_get_string(CONF *conf, char *section, char *name)
 		{
 		if (section != NULL)
 			{
-			vv.name=name;
-			vv.section=section;
+			vv.name=(char *)name;
+			vv.section=(char *)section;
 			v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
 			if (v != NULL) return(v->value);
 			if (strcmp(section,"ENV") == 0)
@@ -143,7 +150,7 @@ char *_CONF_get_string(CONF *conf, char *section, char *name)
 				}
 			}
 		vv.section="default";
-		vv.name=name;
+		vv.name=(char *)name;
 		v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
 		if (v != NULL)
 			return(v->value);
@@ -154,6 +161,9 @@ char *_CONF_get_string(CONF *conf, char *section, char *name)
 		return(Getenv(name));
 	}
 
+#if 0 /* There's no way to provide error checking with this function, so
+	 force implementors of the higher levels to get a string and read
+	 the number themselves. */
 long _CONF_get_number(CONF *conf, char *section, char *name)
 	{
 	char *str;
@@ -170,6 +180,7 @@ long _CONF_get_number(CONF *conf, char *section, char *name)
 		str++;
 		}
 	}
+#endif
 
 int _CONF_new_data(CONF *conf)
 	{
@@ -178,7 +189,7 @@ int _CONF_new_data(CONF *conf)
 		return 0;
 		}
 	if (conf->data == NULL)
-		if ((conf->data = lh_new(hash,cmp_conf)) == NULL)
+		if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
 			{
 			return 0;
 			}
@@ -191,12 +202,14 @@ void _CONF_free_data(CONF *conf)
 
 	conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
 				  * works as expected */
-	lh_doall_arg(conf->data,(void (*)())value_free_hash,conf->data);
+	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
+			conf->data);
 
 	/* We now have only 'section' entries in the hash table.
 	 * Due to problems with */
 
-	lh_doall_arg(conf->data,(void (*)())value_free_stack,conf->data);
+	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+			conf->data);
 	lh_free(conf->data);
 	}
 
@@ -229,14 +242,19 @@ static void value_free_stack(CONF_VALUE *a, LHASH *conf)
 	OPENSSL_free(a);
 	}
 
-static unsigned long hash(CONF_VALUE *v)
+/* static unsigned long hash(CONF_VALUE *v) */
+static unsigned long hash(const void *v_void)
 	{
+	CONF_VALUE *v = (CONF_VALUE *)v_void;
 	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
 	}
 
-static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
+/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
+static int cmp_conf(const void *a_void,const  void *b_void)
 	{
 	int i;
+	CONF_VALUE *a = (CONF_VALUE *)a_void;
+	CONF_VALUE *b = (CONF_VALUE *)b_void;
 
 	if (a->section != b->section)
 		{
@@ -256,7 +274,7 @@ static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
 	}
 
 /* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, char *section)
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
 	{
 	STACK *sk=NULL;
 	int ok=0,i;
diff --git a/crypto/openssl/crypto/conf/conf_api.h b/crypto/openssl/crypto/conf/conf_api.h
index a5cc17b..87a954a 100644
--- a/crypto/openssl/crypto/conf/conf_api.h
+++ b/crypto/openssl/crypto/conf/conf_api.h
@@ -67,15 +67,17 @@ extern "C" {
 #endif
 
 /* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, char *section);
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
 /* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(CONF *conf, char *section);
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
 /* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section);
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+					       const char *section);
 
 int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(CONF *conf, char *section, char *name);
-long _CONF_get_number(CONF *conf, char *section, char *name);
+char *_CONF_get_string(const CONF *conf, const char *section,
+		       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section, const char *name);
 
 int _CONF_new_data(CONF *conf);
 void _CONF_free_data(CONF *conf);
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c
index d43c9de..57d2739 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@@ -82,10 +82,11 @@ static int def_init_default(CONF *conf);
 static int def_init_WIN32(CONF *conf);
 static int def_destroy(CONF *conf);
 static int def_destroy_data(CONF *conf);
-static int def_load(CONF *conf, BIO *bp, long *eline);
-static int def_dump(CONF *conf, BIO *bp);
-static int def_is_number(CONF *conf, char c);
-static int def_to_int(CONF *conf, char c);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
 
 const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
 
@@ -95,10 +96,11 @@ static CONF_METHOD default_method = {
 	def_init_default,
 	def_destroy,
 	def_destroy_data,
-	def_load,
+	def_load_bio,
 	def_dump,
 	def_is_number,
-	def_to_int
+	def_to_int,
+	def_load
 	};
 
 static CONF_METHOD WIN32_method = {
@@ -107,10 +109,11 @@ static CONF_METHOD WIN32_method = {
 	def_init_WIN32,
 	def_destroy,
 	def_destroy_data,
-	def_load,
+	def_load_bio,
 	def_dump,
 	def_is_number,
-	def_to_int
+	def_to_int,
+	def_load
 	};
 
 CONF_METHOD *NCONF_default()
@@ -178,9 +181,35 @@ static int def_destroy_data(CONF *conf)
 	return 1;
 	}
 
-static int def_load(CONF *conf, BIO *in, long *line)
+static int def_load(CONF *conf, const char *name, long *line)
 	{
-#define BUFSIZE	512
+	int ret;
+	BIO *in=NULL;
+
+#ifdef OPENSSL_SYS_VMS
+	in=BIO_new_file(name, "r");
+#else
+	in=BIO_new_file(name, "rb");
+#endif
+	if (in == NULL)
+		{
+		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+			CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE);
+		else
+			CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		return 0;
+		}
+
+	ret = def_load_bio(conf, in, line);
+	BIO_free(in);
+
+	return ret;
+	}
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+	{
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE	512
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
@@ -224,20 +253,21 @@ static int def_load(CONF *conf, BIO *in, long *line)
 	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
 
 	bufnum=0;
+	again=0;
 	for (;;)
 		{
-		again=0;
-		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+		if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
 			{
 			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
 			goto err;
 			}
 		p= &(buff->data[bufnum]);
 		*p='\0';
-		BIO_gets(in, p, BUFSIZE-1);
-		p[BUFSIZE-1]='\0';
+		BIO_gets(in, p, CONFBUFSIZE-1);
+		p[CONFBUFSIZE-1]='\0';
 		ii=i=strlen(p);
-		if (i == 0) break;
+		if (i == 0 && !again) break;
+		again=0;
 		while (i > 0)
 			{
 			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
@@ -247,7 +277,7 @@ static int def_load(CONF *conf, BIO *in, long *line)
 			}
 		/* we removed some trailing stuff so there is a new
 		 * line on the end. */
-		if (i == ii)
+		if (ii && i == ii)
 			again=1; /* long line */
 		else
 			{
@@ -419,7 +449,11 @@ err:
 	if (line != NULL) *line=eline;
 	sprintf(btmp,"%ld",eline);
 	ERR_add_error_data(2,"line ",btmp);
-	if ((h != conf->data) && (conf->data != NULL)) CONF_free(conf->data);
+	if ((h != conf->data) && (conf->data != NULL))
+		{
+		CONF_free(conf->data);
+		conf->data=NULL;
+		}
 	if (v != NULL)
 		{
 		if (v->name != NULL) OPENSSL_free(v->name);
@@ -595,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
 				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
 				goto err;
 				}
-			BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+			BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
 			while (*p)
 				buf->data[to++]= *(p++);
 			from=e;
@@ -686,18 +720,20 @@ static void dump_value(CONF_VALUE *a, BIO *out)
 		BIO_printf(out, "[[%s]]\n", a->section);
 	}
 
-static int def_dump(CONF *conf, BIO *out)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
+
+static int def_dump(const CONF *conf, BIO *out)
 	{
-	lh_doall_arg(conf->data, (void (*)())dump_value, out);
+	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
 	return 1;
 	}
 
-static int def_is_number(CONF *conf, char c)
+static int def_is_number(const CONF *conf, char c)
 	{
 	return IS_NUMBER(conf,c);
 	}
 
-static int def_to_int(CONF *conf, char c)
+static int def_to_int(const CONF *conf, char c)
 	{
 	return c - '0';
 	}
diff --git a/crypto/openssl/crypto/conf/conf_err.c b/crypto/openssl/crypto/conf/conf_err.c
index 8c2bc6f..ee07bfe 100644
--- a/crypto/openssl/crypto/conf/conf_err.c
+++ b/crypto/openssl/crypto/conf/conf_err.c
@@ -63,19 +63,26 @@
 #include <openssl/conf.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA CONF_str_functs[]=
 	{
 {ERR_PACK(0,CONF_F_CONF_DUMP_FP,0),	"CONF_dump_fp"},
 {ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
 {ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),	"CONF_load_bio"},
 {ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),	"CONF_load_fp"},
+{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0),	"CONF_modules_load"},
+{ERR_PACK(0,CONF_F_MODULE_INIT,0),	"MODULE_INIT"},
+{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0),	"MODULE_LOAD_DSO"},
+{ERR_PACK(0,CONF_F_MODULE_RUN,0),	"MODULE_RUN"},
 {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),	"NCONF_dump_bio"},
 {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),	"NCONF_dump_fp"},
 {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0),	"NCONF_get_number"},
+{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0),	"NCONF_get_number_e"},
 {ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0),	"NCONF_get_section"},
 {ERR_PACK(0,CONF_F_NCONF_GET_STRING,0),	"NCONF_get_string"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD,0),	"NCONF_load"},
 {ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0),	"NCONF_load_bio"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0),	"NCONF_load_fp"},
 {ERR_PACK(0,CONF_F_NCONF_NEW,0),	"NCONF_new"},
 {ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
 {0,NULL}
@@ -83,13 +90,20 @@ static ERR_STRING_DATA CONF_str_functs[]=
 
 static ERR_STRING_DATA CONF_str_reasons[]=
 	{
+{CONF_R_ERROR_LOADING_DSO                ,"error loading dso"},
 {CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_MISSING_FINISH_FUNCTION          ,"missing finish function"},
+{CONF_R_MISSING_INIT_FUNCTION            ,"missing init function"},
+{CONF_R_MODULE_INITIALIZATION_ERROR      ,"module initialization error"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
 {CONF_R_NO_CONF                          ,"no conf"},
 {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
 {CONF_R_NO_SECTION                       ,"no section"},
+{CONF_R_NO_SUCH_FILE                     ,"no such file"},
+{CONF_R_NO_VALUE                         ,"no value"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_UNKNOWN_MODULE_NAME              ,"unknown module name"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}
 	};
@@ -103,7 +117,7 @@ void ERR_load_CONF_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/conf/conf_lib.c b/crypto/openssl/crypto/conf/conf_lib.c
index 11ec639..6a3cf10 100644
--- a/crypto/openssl/crypto/conf/conf_lib.c
+++ b/crypto/openssl/crypto/conf/conf_lib.c
@@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
 
 static CONF_METHOD *default_CONF_method=NULL;
 
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+	{
+	if (default_CONF_method == NULL)
+		default_CONF_method = NCONF_default();
+
+	default_CONF_method->init(conf);
+	conf->data = hash;
+	}
+
 /* The following section contains the "CONF classic" functions,
    rewritten in terms of the new CONF interface. */
 
@@ -81,7 +92,7 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
 	LHASH *ltmp;
 	BIO *in=NULL;
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	in=BIO_new_file(file, "r");
 #else
 	in=BIO_new_file(file, "rb");
@@ -98,7 +109,7 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
 	return ltmp;
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
 	{
 	BIO *btmp;
@@ -118,18 +129,15 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
 	CONF ctmp;
 	int ret;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+	CONF_set_nconf(&ctmp, conf);
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
 	ret = NCONF_load_bio(&ctmp, bp, eline);
 	if (ret)
 		return ctmp.data;
 	return NULL;
 	}
 
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
 	{
 	if (conf == NULL)
 		{
@@ -138,17 +146,12 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	else
 		{
 		CONF ctmp;
-
-		if (default_CONF_method == NULL)
-			default_CONF_method = NCONF_default();
-
-		default_CONF_method->init(&ctmp);
-		ctmp.data = conf;
+		CONF_set_nconf(&ctmp, conf);
 		return NCONF_get_section(&ctmp, section);
 		}
 	}
 
-char *CONF_get_string(LHASH *conf,char *group,char *name)
+char *CONF_get_string(LHASH *conf,const char *group,const char *name)
 	{
 	if (conf == NULL)
 		{
@@ -157,48 +160,43 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
 	else
 		{
 		CONF ctmp;
-
-		if (default_CONF_method == NULL)
-			default_CONF_method = NCONF_default();
-
-		default_CONF_method->init(&ctmp);
-		ctmp.data = conf;
+		CONF_set_nconf(&ctmp, conf);
 		return NCONF_get_string(&ctmp, group, name);
 		}
 	}
 
-long CONF_get_number(LHASH *conf,char *group,char *name)
+long CONF_get_number(LHASH *conf,const char *group,const char *name)
 	{
+	int status;
+	long result = 0;
+
 	if (conf == NULL)
 		{
-		return NCONF_get_number(NULL, group, name);
+		status = NCONF_get_number_e(NULL, group, name, &result);
 		}
 	else
 		{
 		CONF ctmp;
+		CONF_set_nconf(&ctmp, conf);
+		status = NCONF_get_number_e(&ctmp, group, name, &result);
+		}
 
-		if (default_CONF_method == NULL)
-			default_CONF_method = NCONF_default();
-
-		default_CONF_method->init(&ctmp);
-		ctmp.data = conf;
-		return NCONF_get_number(&ctmp, group, name);
+	if (status == 0)
+		{
+		/* This function does not believe in errors... */
+		ERR_get_error();
 		}
+	return result;
 	}
 
 void CONF_free(LHASH *conf)
 	{
 	CONF ctmp;
-
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
+	CONF_set_nconf(&ctmp, conf);
 	NCONF_free_data(&ctmp);
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int CONF_dump_fp(LHASH *conf, FILE *out)
 	{
 	BIO *btmp;
@@ -217,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
 int CONF_dump_bio(LHASH *conf, BIO *out)
 	{
 	CONF ctmp;
-
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
+	CONF_set_nconf(&ctmp, conf);
 	return NCONF_dump_bio(&ctmp, out);
 	}
 
@@ -265,34 +258,23 @@ void NCONF_free_data(CONF *conf)
 
 int NCONF_load(CONF *conf, const char *file, long *eline)
 	{
-	int ret;
-	BIO *in=NULL;
-
-#ifdef VMS
-	in=BIO_new_file(file, "r");
-#else
-	in=BIO_new_file(file, "rb");
-#endif
-	if (in == NULL)
+	if (conf == NULL)
 		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
 		return 0;
 		}
 
-	ret = NCONF_load_bio(conf, in, eline);
-	BIO_free(in);
-
-	return ret;
+	return conf->meth->load(conf, file, eline);
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
 	{
 	BIO *btmp;
 	int ret;
 	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
 		{
-		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
 		return 0;
 		}
 	ret = NCONF_load_bio(conf, btmp, eline);
@@ -309,10 +291,10 @@ int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
 		return 0;
 		}
 
-	return conf->meth->load(conf, bp, eline);
+	return conf->meth->load_bio(conf, bp, eline);
 	}
 
-STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
 	{
 	if (conf == NULL)
 		{
@@ -329,7 +311,7 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
 	return _CONF_get_section_values(conf, section);
 	}
 
-char *NCONF_get_string(CONF *conf,char *group,char *name)
+char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
 	{
 	char *s = _CONF_get_string(conf, group, name);
 
@@ -343,29 +325,39 @@ char *NCONF_get_string(CONF *conf,char *group,char *name)
                         CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return NULL;
 		}
+	CONFerr(CONF_F_NCONF_GET_STRING,
+		CONF_R_NO_VALUE);
+	ERR_add_error_data(4,"group=",group," name=",name);
 	return NULL;
 	}
 
-long NCONF_get_number(CONF *conf,char *group,char *name)
+int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
+		       long *result)
 	{
-#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
-         an environment variable with a suitable name.  Unfortunately, there's
-         no way with the current API to see if we found one or not...
-         The meaning of this is that if a number is not found anywhere, it
-         will always default to 0. */
-	if (conf == NULL)
+	char *str;
+
+	if (result == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER,
-                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
-#endif
-	
-	return _CONF_get_number(conf, group, name);
+
+	str = NCONF_get_string(conf,group,name);
+
+	if (str == NULL)
+		return 0;
+
+	for (*result = 0;conf->meth->is_number(conf, *str);)
+		{
+		*result = (*result)*10 + conf->meth->to_int(conf, *str);
+		str++;
+		}
+
+	return 1;
 	}
 
-#ifndef NO_FP_API
-int NCONF_dump_fp(CONF *conf, FILE *out)
+#ifndef OPENSSL_NO_FP_API
+int NCONF_dump_fp(const CONF *conf, FILE *out)
 	{
 	BIO *btmp;
 	int ret;
@@ -379,7 +371,7 @@ int NCONF_dump_fp(CONF *conf, FILE *out)
 	}
 #endif
 
-int NCONF_dump_bio(CONF *conf, BIO *out)
+int NCONF_dump_bio(const CONF *conf, BIO *out)
 	{
 	if (conf == NULL)
 		{
@@ -390,3 +382,20 @@ int NCONF_dump_bio(CONF *conf, BIO *out)
 	return conf->meth->dump(conf, out);
 	}
 
+
+/* This function should be avoided */
+#if 0
+long NCONF_get_number(CONF *conf,char *group,char *name)
+	{
+	int status;
+	long ret=0;
+
+	status = NCONF_get_number_e(conf, group, name, &ret);
+	if (status == 0)
+		{
+		/* This function does not believe in errors... */
+		ERR_get_error();
+		}
+	return ret;
+	}
+#endif
diff --git a/crypto/openssl/crypto/conf/conf_mall.c b/crypto/openssl/crypto/conf/conf_mall.c
new file mode 100644
index 0000000..d702af6
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf_mall.c
@@ -0,0 +1,76 @@
+/* conf_mall.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+	{
+	/* Add builtin modules here */
+	ASN1_add_oid_module();
+	ENGINE_add_conf_module();
+	}
+
diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c
new file mode 100644
index 0000000..edcc089
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf_mod.c
@@ -0,0 +1,616 @@
+/* conf_mod.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+
+/* This structure contains a data about supported modules.
+ * entries in this table correspond to either dynamic or
+ * static modules.
+ */
+
+struct conf_module_st
+	{
+	/* DSO of this module or NULL if static */
+	DSO *dso;
+	/* Name of the module */
+	char *name;
+	/* Init function */
+	conf_init_func *init; 
+	/* Finish function */
+	conf_finish_func *finish;
+	/* Number of successfully initialized modules */
+	int links;
+	void *usr_data;
+	};
+
+
+/* This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a
+ * given module.
+ */
+
+struct conf_imodule_st
+	{
+	CONF_MODULE *pmod;
+	char *name;
+	char *value;
+	unsigned long flags;
+	void *usr_data;
+	};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, char *name, char *value,
+					  unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+			conf_init_func *ifunc, conf_finish_func *ffunc);
+static CONF_MODULE *module_find(char *name);
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+					   const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+									unsigned long flags);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+		      unsigned long flags)
+	{
+	STACK_OF(CONF_VALUE) *values;
+	CONF_VALUE *vl;
+	char *vsection;
+
+	int ret, i;
+
+	if (!cnf)
+		return 1;
+
+	if (appname == NULL)
+		appname = "openssl_conf";
+
+	vsection = NCONF_get_string(cnf, NULL, appname); 
+
+	if (!vsection)
+		{
+		ERR_clear_error();
+		return 1;
+		}
+
+	values = NCONF_get_section(cnf, vsection);
+
+	if (!values)
+		return 0;
+
+	for (i = 0; i < sk_CONF_VALUE_num(values); i++)
+		{
+		vl = sk_CONF_VALUE_value(values, i);
+		ret = module_run(cnf, vl->name, vl->value, flags);
+		if (ret <= 0)
+			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+				return ret;
+		}
+
+	return 1;
+
+	}
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+			   unsigned long flags)
+	{
+	char *file = NULL;
+	CONF *conf = NULL;
+	int ret = 0;
+	conf = NCONF_new(NULL);
+	if (!conf)
+		goto err;
+
+	if (filename == NULL)
+		{
+		file = CONF_get1_default_config_file();
+		if (!file)
+			goto err;
+		}
+	else
+		file = (char *)filename;
+
+	if (NCONF_load(conf, file, NULL) <= 0)
+		{
+		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+		  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
+			{
+			ERR_clear_error();
+			ret = 1;
+			}
+		goto err;
+		}
+
+	ret = CONF_modules_load(conf, appname, flags);
+
+	err:
+	if (filename == NULL)
+		OPENSSL_free(file);
+	NCONF_free(conf);
+
+	return ret;
+	}
+
+static int module_run(const CONF *cnf, char *name, char *value,
+		      unsigned long flags)
+	{
+	CONF_MODULE *md;
+	int ret;
+
+	md = module_find(name);
+
+	/* Module not found: try to load DSO */
+	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+		md = module_load_dso(cnf, name, value, flags);
+
+	if (!md)
+		{
+		if (!(flags & CONF_MFLAGS_SILENT))
+			{
+			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+			ERR_add_error_data(2, "module=", name);
+			}
+		return -1;
+		}
+
+	ret = module_init(md, name, value, cnf);
+
+	if (ret <= 0)
+		{
+		if (!(flags & CONF_MFLAGS_SILENT))
+			{
+			char rcode[DECIMAL_SIZE(ret)+1];
+			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
+			sprintf(rcode, "%-8d", ret);
+			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
+			}
+		}
+
+	return ret;
+	}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+				    unsigned long flags)
+	{
+	DSO *dso = NULL;
+	conf_init_func *ifunc;
+	conf_finish_func *ffunc;
+	char *path = NULL;
+	int errcode = 0;
+	CONF_MODULE *md;
+	/* Look for alternative path in module section */
+	path = NCONF_get_string(cnf, value, "path");
+	if (!path)
+		{
+		ERR_get_error();
+		path = name;
+		}
+	dso = DSO_load(NULL, path, NULL, 0);
+	if (!dso)
+		{
+		errcode = CONF_R_ERROR_LOADING_DSO;
+		goto err;
+		}
+        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+	if (!ifunc)
+		{
+		errcode = CONF_R_MISSING_INIT_FUNCTION;
+		goto err;
+		}
+        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+	/* All OK, add module */
+	md = module_add(dso, name, ifunc, ffunc);
+
+	if (!md)
+		goto err;
+
+	return md;
+
+	err:
+	if (dso)
+		DSO_free(dso);
+	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+	ERR_add_error_data(4, "module=", name, ", path=", path);
+	return NULL;
+	}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+			       conf_init_func *ifunc, conf_finish_func *ffunc)
+	{
+	CONF_MODULE *tmod = NULL;
+	if (supported_modules == NULL)
+		supported_modules = sk_CONF_MODULE_new_null();
+	if (supported_modules == NULL)
+		return NULL;
+	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
+	if (tmod == NULL)
+		return NULL;
+
+	tmod->dso = dso;
+	tmod->name = BUF_strdup(name);
+	tmod->init = ifunc;
+	tmod->finish = ffunc;
+	tmod->links = 0;
+
+	if (!sk_CONF_MODULE_push(supported_modules, tmod))
+		{
+		OPENSSL_free(tmod);
+		return NULL;
+		}
+
+	return tmod;
+	}
+
+/* Find a module from the list. We allow module names of the
+ * form modname.XXXX to just search for modname to allow the
+ * same module to be initialized more than once.
+ */
+
+static CONF_MODULE *module_find(char *name)
+	{
+	CONF_MODULE *tmod;
+	int i, nchar;
+	char *p;
+	p = strrchr(name, '.');
+
+	if (p)
+		nchar = p - name;
+	else 
+		nchar = strlen(name);
+
+	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
+		{
+		tmod = sk_CONF_MODULE_value(supported_modules, i);
+		if (!strncmp(tmod->name, name, nchar))
+			return tmod;
+		}
+
+	return NULL;
+
+	}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+		       const CONF *cnf)
+	{
+	int ret = 1;
+	int init_called = 0;
+	CONF_IMODULE *imod = NULL;
+
+	/* Otherwise add initialized module to list */
+	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
+	if (!imod)
+		goto err;
+
+	imod->pmod = pmod;
+	imod->name = BUF_strdup(name);
+	imod->value = BUF_strdup(value);
+	imod->usr_data = NULL;
+
+	if (!imod->name || !imod->value)
+		goto memerr;
+
+	/* Try to initialize module */
+	if(pmod->init)
+		{
+		ret = pmod->init(imod, cnf);
+		init_called = 1;
+		/* Error occurred, exit */
+		if (ret <= 0)
+			goto err;
+		}
+
+	if (initialized_modules == NULL)
+		{
+		initialized_modules = sk_CONF_IMODULE_new_null();
+		if (!initialized_modules)
+			{
+			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+
+	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
+		{
+		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	pmod->links++;
+
+	return ret;
+
+	err:
+
+	/* We've started the module so we'd better finish it */
+	if (pmod->finish && init_called)
+		pmod->finish(imod);
+
+	memerr:
+	if (imod)
+		{
+		if (imod->name)
+			OPENSSL_free(imod->name);
+		if (imod->value)
+			OPENSSL_free(imod->value);
+		OPENSSL_free(imod);
+		}
+
+	return -1;
+
+	}
+
+/* Unload any dynamic modules that have a link count of zero:
+ * i.e. have no active initialized modules. If 'all' is set
+ * then all modules are unloaded including static ones.
+ */
+
+void CONF_modules_unload(int all)
+	{
+	int i;
+	CONF_MODULE *md;
+	CONF_modules_finish();
+	/* unload modules in reverse order */
+	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
+		{
+		md = sk_CONF_MODULE_value(supported_modules, i);
+		/* If static or in use and 'all' not set ignore it */
+		if (((md->links > 0) || !md->dso) && !all)
+			continue;
+		/* Since we're working in reverse this is OK */
+		sk_CONF_MODULE_delete(supported_modules, i);
+		module_free(md);
+		}
+	if (sk_CONF_MODULE_num(supported_modules) == 0)
+		{
+		sk_CONF_MODULE_free(supported_modules);
+		supported_modules = NULL;
+		}
+	}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+	{
+	if (md->dso)
+		DSO_free(md->dso);
+	OPENSSL_free(md->name);
+	OPENSSL_free(md);
+	}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+	{
+	CONF_IMODULE *imod;
+	while (sk_CONF_IMODULE_num(initialized_modules) > 0)
+		{
+		imod = sk_CONF_IMODULE_pop(initialized_modules);
+		module_finish(imod);
+		}
+	sk_CONF_IMODULE_free(initialized_modules);
+	initialized_modules = NULL;
+	}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+	{
+	if (imod->pmod->finish)
+		imod->pmod->finish(imod);
+	imod->pmod->links--;
+	OPENSSL_free(imod->name);
+	OPENSSL_free(imod->value);
+	OPENSSL_free(imod);
+	}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc, 
+		    conf_finish_func *ffunc)
+	{
+	if (module_add(NULL, name, ifunc, ffunc))
+		return 1;
+	else
+		return 0;
+	}
+
+void CONF_modules_free(void)
+	{
+	CONF_modules_finish();
+	CONF_modules_unload(1);
+	}
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+	{
+	return md->name;
+	}
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+	{
+	return md->value;
+	}
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+	{
+	return md->usr_data;
+	}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+	{
+	md->usr_data = usr_data;
+	}
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+	{
+	return md->pmod;
+	}
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+	{
+	return md->flags;
+	}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+	{
+	md->flags = flags;
+	}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+	{
+	return pmod->usr_data;
+	}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+	{
+	pmod->usr_data = usr_data;
+	}
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+	{
+	char *file;
+	int len;
+
+	file = getenv("OPENSSL_CONF");
+	if (file) 
+		return BUF_strdup(file);
+
+	len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+	len++;
+#endif
+	len += strlen(OPENSSL_CONF);
+
+	file = OPENSSL_malloc(len + 1);
+
+	if (!file)
+		return NULL;
+	strcpy(file,X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+	strcat(file,"/");
+#endif
+	strcat(file,OPENSSL_CONF);
+
+	return file;
+	}
+
+/* This function takes a list separated by 'sep' and calls the
+ * callback function giving the start and length of each member
+ * optionally stripping leading and trailing whitespace. This can
+ * be used to parse comma separated lists for example.
+ */
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
+	{
+	int ret;
+	const char *lstart, *tmpend, *p;
+	lstart = list;
+
+	for(;;)
+		{
+		if (nospc)
+			{
+			while(*lstart && isspace((unsigned char)*lstart))
+				lstart++;
+			}
+		p = strchr(lstart, sep);
+		if (p == lstart || !*lstart)
+			ret = list_cb(NULL, 0, arg);
+		else
+			{
+			if (p)
+				tmpend = p - 1;
+			else 
+				tmpend = lstart + strlen(lstart) - 1;
+			if (nospc)
+				{
+				while(isspace((unsigned char)*tmpend))
+					tmpend--;
+				}
+			ret = list_cb(lstart, tmpend - lstart + 1, arg);
+			}
+		if (ret <= 0)
+			return ret;
+		if (p == NULL)
+			return 1;
+		lstart = p + 1;
+		}
+	}
+
diff --git a/crypto/openssl/crypto/conf/conf_sap.c b/crypto/openssl/crypto/conf/conf_sap.c
new file mode 100644
index 0000000..97fb174
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf_sap.c
@@ -0,0 +1,107 @@
+/* conf_sap.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+/* This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are called,
+ * unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+void OPENSSL_config(const char *config_name)
+	{
+	if (openssl_configured)
+		return;
+
+	OPENSSL_load_builtin_modules();
+	/* Need to load ENGINEs */
+	ENGINE_load_builtin_engines();
+	/* Add others here? */
+
+
+	ERR_clear_error();
+	if (CONF_modules_load_file(NULL, NULL,
+					CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
+		{
+		BIO *bio_err;
+		ERR_load_crypto_strings();
+		if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
+			{
+			BIO_printf(bio_err,"Auto configuration failed\n");
+			ERR_print_errors(bio_err);
+			BIO_free(bio_err);
+			}
+		exit(1);
+		}
+
+	return;
+	}
+
+void OPENSSL_no_config()
+	{
+	openssl_configured = 1;
+	}
diff --git a/crypto/openssl/crypto/cpt_err.c b/crypto/openssl/crypto/cpt_err.c
index 7018b74..1b4a1cb 100644
--- a/crypto/openssl/crypto/cpt_err.c
+++ b/crypto/openssl/crypto/cpt_err.c
@@ -63,13 +63,18 @@
 #include <openssl/crypto.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA CRYPTO_str_functs[]=
 	{
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),	"CRYPTO_get_ex_new_index"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0),	"CRYPTO_get_new_dynlockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),	"CRYPTO_get_new_lockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),	"CRYPTO_set_ex_data"},
+{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0),	"DEF_ADD_INDEX"},
+{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0),	"DEF_GET_CLASS"},
+{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0),	"INT_DUP_EX_DATA"},
+{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0),	"INT_FREE_EX_DATA"},
+{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0),	"INT_NEW_EX_DATA"},
 {0,NULL}
 	};
 
@@ -88,7 +93,7 @@ void ERR_load_CRYPTO_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
 		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c
index 8fd2d4d..2924def 100644
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/openssl/crypto/cryptlib.c
@@ -62,7 +62,7 @@
 #include <openssl/crypto.h>
 #include <openssl/safestack.h>
 
-#if defined(WIN32) || defined(WIN16)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
@@ -74,7 +74,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	{
 	"<<ERROR>>",
 	"err",
-	"err_hash",
+	"ex_data",
 	"x509",
 	"x509_info",
 	"x509_pkey",
@@ -89,6 +89,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ssl_session",
 	"ssl_sess_cert",
 	"ssl",
+	"ssl_method",
 	"rand",
 	"rand2",
 	"debug_malloc",
@@ -101,7 +102,10 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
-#if CRYPTO_NUM_LOCKS != 29
+	"engine",
+	"ui",
+	"hwcrhk",		/* This is a HACK which will disappear in 0.9.8 */
+#if CRYPTO_NUM_LOCKS != 33
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
@@ -133,11 +137,11 @@ int CRYPTO_get_new_lockid(char *name)
 	char *str;
 	int i;
 
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 	/* A hack to make Visual C++ 5.0 work correctly when linking as
 	 * a DLL using /MT. Without this, the application cannot use
 	 * and floating point printf's.
 	 * It also seems to be needed for Visual C 1.5 (win16) */
-#if defined(WIN32) || defined(WIN16)
 	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
 #endif
 
@@ -204,10 +208,18 @@ int CRYPTO_get_new_dynlockid(void)
 	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
 	/* If there was none, push, thereby creating a new one */
 	if (i == -1)
-		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+		/* Since sk_push() returns the number of items on the
+		   stack, not the location of the pushed item, we need
+		   to transform the returned number into a position,
+		   by decreasing it.  */
+		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+	else
+		/* If we found a place with a NULL pointer, put our pointer
+		   in it.  */
+		sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
 	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 
-	if (!i)
+	if (i == -1)
 		{
 		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
 		OPENSSL_free(pointer);
@@ -357,9 +369,9 @@ unsigned long CRYPTO_thread_id(void)
 
 	if (id_callback == NULL)
 		{
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		ret=(unsigned long)GetCurrentTask();
-#elif defined(WIN32)
+#elif defined(OPENSSL_SYS_WIN32)
 		ret=(unsigned long)GetCurrentThreadId();
 #elif defined(GETPID_IS_MEANINGLESS)
 		ret=1L;
@@ -399,16 +411,17 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
 #endif
 	if (type < 0)
 		{
-		int i = -type - 1;
-		struct CRYPTO_dynlock_value *pointer
-			= CRYPTO_get_dynlock_value(i);
-
-		if (pointer && dynlock_lock_callback)
+		if (dynlock_lock_callback != NULL)
 			{
+			struct CRYPTO_dynlock_value *pointer
+				= CRYPTO_get_dynlock_value(type);
+
+			OPENSSL_assert(pointer != NULL);
+
 			dynlock_lock_callback(mode, pointer, file, line);
-			}
 
-		CRYPTO_destroy_dynlockid(i);
+			CRYPTO_destroy_dynlockid(type);
+			}
 		}
 	else
 		if (locking_callback != NULL)
@@ -459,14 +472,14 @@ const char *CRYPTO_get_lock_name(int type)
 		return("dynamic");
 	else if (type < CRYPTO_NUM_LOCKS)
 		return(lock_names[type]);
-	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
 		return("ERROR");
 	else
 		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
 	}
 
 #ifdef _DLL
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 
 /* All we really need to do is remove the 'error' state when a thread
  * detaches */
@@ -491,3 +504,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+	{
+	fprintf(stderr,
+		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+		file,line,assertion);
+	abort();
+	}
diff --git a/crypto/openssl/crypto/cryptlib.h b/crypto/openssl/crypto/cryptlib.h
index 075b79d..0d6b9d5 100644
--- a/crypto/openssl/crypto/cryptlib.h
+++ b/crypto/openssl/crypto/cryptlib.h
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/crypto.h>
 #include <openssl/buffer.h> 
@@ -74,7 +74,7 @@
 extern "C" {
 #endif
 
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
 #define X509_CERT_AREA		OPENSSLDIR
 #define X509_CERT_DIR		OPENSSLDIR "/certs"
 #define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
@@ -89,9 +89,9 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
-/* size of string represenations */
-#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type)         ((sizeof(type)*2)
+/* size of string representations */
+#define DECIMAL_SIZE(type)	((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)		(sizeof(type)*2)
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/crypto.h b/crypto/openssl/crypto/crypto.h
index 8fba871..273bc5e 100644
--- a/crypto/openssl/crypto/crypto.h
+++ b/crypto/openssl/crypto/crypto.h
@@ -61,7 +61,7 @@
 
 #include <stdlib.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
 #endif
 
@@ -90,47 +90,52 @@ extern "C" {
 #define SSLEAY_CFLAGS		2
 #define SSLEAY_BUILT_ON		3
 #define SSLEAY_PLATFORM		4
+#define SSLEAY_DIR		5
 
 /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
  * names in cryptlib.c
  */
 
-#define	CRYPTO_LOCK_ERR			1
-#define	CRYPTO_LOCK_ERR_HASH		2
-#define	CRYPTO_LOCK_X509		3
-#define	CRYPTO_LOCK_X509_INFO		4
-#define	CRYPTO_LOCK_X509_PKEY		5
+#define CRYPTO_LOCK_ERR			1
+#define CRYPTO_LOCK_EX_DATA		2
+#define CRYPTO_LOCK_X509		3
+#define CRYPTO_LOCK_X509_INFO		4
+#define CRYPTO_LOCK_X509_PKEY		5
 #define CRYPTO_LOCK_X509_CRL		6
 #define CRYPTO_LOCK_X509_REQ		7
 #define CRYPTO_LOCK_DSA			8
 #define CRYPTO_LOCK_RSA			9
 #define CRYPTO_LOCK_EVP_PKEY		10
-#define	CRYPTO_LOCK_X509_STORE		11
-#define	CRYPTO_LOCK_SSL_CTX		12
-#define	CRYPTO_LOCK_SSL_CERT		13
-#define	CRYPTO_LOCK_SSL_SESSION		14
-#define	CRYPTO_LOCK_SSL_SESS_CERT	15
-#define	CRYPTO_LOCK_SSL			16
-#define	CRYPTO_LOCK_RAND		17
-#define	CRYPTO_LOCK_RAND2		18
-#define	CRYPTO_LOCK_MALLOC		19
-#define	CRYPTO_LOCK_BIO			20
-#define	CRYPTO_LOCK_GETHOSTBYNAME	21
-#define	CRYPTO_LOCK_GETSERVBYNAME	22
-#define	CRYPTO_LOCK_READDIR		23
-#define	CRYPTO_LOCK_RSA_BLINDING	24
-#define	CRYPTO_LOCK_DH			25
-#define	CRYPTO_LOCK_MALLOC2		26
-#define	CRYPTO_LOCK_DSO			27
-#define	CRYPTO_LOCK_DYNLOCK		28
-#define	CRYPTO_NUM_LOCKS		29
+#define CRYPTO_LOCK_X509_STORE		11
+#define CRYPTO_LOCK_SSL_CTX		12
+#define CRYPTO_LOCK_SSL_CERT		13
+#define CRYPTO_LOCK_SSL_SESSION		14
+#define CRYPTO_LOCK_SSL_SESS_CERT	15
+#define CRYPTO_LOCK_SSL			16
+#define CRYPTO_LOCK_SSL_METHOD		17
+#define CRYPTO_LOCK_RAND		18
+#define CRYPTO_LOCK_RAND2		19
+#define CRYPTO_LOCK_MALLOC		20
+#define CRYPTO_LOCK_BIO			21
+#define CRYPTO_LOCK_GETHOSTBYNAME	22
+#define CRYPTO_LOCK_GETSERVBYNAME	23
+#define CRYPTO_LOCK_READDIR		24
+#define CRYPTO_LOCK_RSA_BLINDING	25
+#define CRYPTO_LOCK_DH			26
+#define CRYPTO_LOCK_MALLOC2		27
+#define CRYPTO_LOCK_DSO			28
+#define CRYPTO_LOCK_DYNLOCK		29
+#define CRYPTO_LOCK_ENGINE		30
+#define CRYPTO_LOCK_UI			31
+#define CRYPTO_LOCK_HWCRHK		32 /* This is a HACK which will disappear in 0.9.8 */
+#define CRYPTO_NUM_LOCKS		33
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
 #define CRYPTO_READ		4
 #define CRYPTO_WRITE		8
 
-#ifndef NO_LOCKING
+#ifndef OPENSSL_NO_LOCKING
 #ifndef CRYPTO_w_lock
 #define CRYPTO_w_lock(type)	\
 	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
@@ -145,7 +150,7 @@ extern "C" {
 #endif
 #else
 #define CRYPTO_w_lock(a)
-#define	CRYPTO_w_unlock(a)
+#define CRYPTO_w_unlock(a)
 #define CRYPTO_r_lock(a)
 #define CRYPTO_r_unlock(a)
 #define CRYPTO_add(a,b,c)	((*(a))+=(b))
@@ -224,6 +229,16 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 #define CRYPTO_EX_INDEX_SSL_SESSION	3
 #define CRYPTO_EX_INDEX_X509_STORE	4
 #define CRYPTO_EX_INDEX_X509_STORE_CTX	5
+#define CRYPTO_EX_INDEX_RSA		6
+#define CRYPTO_EX_INDEX_DSA		7
+#define CRYPTO_EX_INDEX_DH		8
+#define CRYPTO_EX_INDEX_ENGINE		9
+#define CRYPTO_EX_INDEX_X509		10
+#define CRYPTO_EX_INDEX_UI		11
+
+/* Dynamically assigned indexes start from this value (don't use directly, use
+ * via CRYPTO_ex_data_new_class). */
+#define CRYPTO_EX_INDEX_USER		100
 
 
 /* This is the default callbacks, but we can have others as well:
@@ -265,6 +280,8 @@ int CRYPTO_is_mem_check_on(void);
 #define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)
 #define OPENSSL_realloc(addr,num) \
 	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc_clean(addr,old_num,num) \
+	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
 #define OPENSSL_remalloc(addr,num) \
 	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
 #define OPENSSL_freeFunc	CRYPTO_free
@@ -280,14 +297,31 @@ unsigned long SSLeay(void);
 
 int OPENSSL_issetugid(void);
 
-int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
-	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+/* An opaque type representing an implementation of "ex_data" support */
+typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;
+/* Return an opaque pointer to the current "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
+/* Sets the "ex_data" implementation to be used (if it's not too late) */
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
+/* Get a new "ex_data" class, and return the corresponding "class_index" */
+int CRYPTO_ex_data_new_class(void);
+/* Within a given class, get/register a new index */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
+ * class (invokes whatever per-class callbacks are applicable) */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+		CRYPTO_EX_DATA *from);
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
+ * (relative to the class type involved) */
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
-int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to,
-	     CRYPTO_EX_DATA *from);
-void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad);
-void CRYPTO_new_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
+/* This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions. */
+void CRYPTO_cleanup_all_ex_data(void);
 
 int CRYPTO_get_new_lockid(char *name);
 
@@ -322,6 +356,11 @@ void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l
  * call the latter last if you need different functions */
 int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
 int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
+int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
+                                void *(*r)(void *,size_t,const char *,int),
+                                void (*f)(void *));
+int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
+                                       void (*free_func)(void *));
 int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
 				   void (*r)(void *,void *,int,const char *,int,int),
 				   void (*f)(void *,int),
@@ -329,6 +368,11 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
 				   long (*go)(void));
 void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
 void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
+void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                 void *(**r)(void *, size_t,const char *,int),
+                                 void (**f)(void *));
+void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                        void (**f)(void *));
 void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 				    void (**r)(void *,void *,int,const char *,int,int),
 				    void (**f)(void *,int),
@@ -340,8 +384,12 @@ void CRYPTO_free_locked(void *);
 void *CRYPTO_malloc(int num, const char *file, int line);
 void CRYPTO_free(void *);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
+			   int line);
 void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
 
+void OPENSSL_cleanse(void *ptr, size_t len);
+
 void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);
 
@@ -374,12 +422,17 @@ void CRYPTO_dbg_set_options(long bits);
 long CRYPTO_dbg_get_options(void);
 
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 #endif
 void CRYPTO_mem_leaks(struct bio_st *bio);
 /* unsigned long order, char *file, int line, int num_bytes, char *addr */
-void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *));
+typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define OPENSSL_assert(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -394,6 +447,11 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103
 #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
 #define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
+#define CRYPTO_F_DEF_ADD_INDEX				 104
+#define CRYPTO_F_DEF_GET_CLASS				 105
+#define CRYPTO_F_INT_DUP_EX_DATA			 106
+#define CRYPTO_F_INT_FREE_EX_DATA			 107
+#define CRYPTO_F_INT_NEW_EX_DATA			 108
 
 /* Reason codes. */
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
diff --git a/crypto/openssl/crypto/cversion.c b/crypto/openssl/crypto/cversion.c
index 297f884..8ecfba7 100644
--- a/crypto/openssl/crypto/cversion.c
+++ b/crypto/openssl/crypto/cversion.c
@@ -100,6 +100,14 @@ const char *SSLeay_version(int t)
 		return("platform: information not available");
 #endif
 		}
+	if (t == SSLEAY_DIR)
+		{
+#ifdef OPENSSLDIR
+		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+		return "OPENSSLDIR: N/A";
+#endif
+		}
 	return("not available");
 	}
 
diff --git a/crypto/openssl/crypto/des/FILES0 b/crypto/openssl/crypto/des/FILES0
new file mode 100644
index 0000000..4c7ea2d
--- /dev/null
+++ b/crypto/openssl/crypto/des/FILES0
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT	- Copyright info.
+MODES.DES	- A description of the features of the different modes of DES.
+FILES		- This file.
+INSTALL		- How to make things compile.
+Imakefile	- For use with kerberos.
+README		- What this package is.
+VERSION		- Which version this is and what was changed.
+KERBEROS	- Kerberos version 4 notes.
+Makefile.PL	- An old makefile to build with perl5, not current.
+Makefile.ssl	- The SSLeay makefile
+Makefile.uni	- The normal unix makefile.
+GNUmakefile	- The makefile for use with glibc.
+makefile.bc	- A Borland C makefile
+times		- Some outputs from 'speed' on some machines.
+vms.com		- For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c		- des(1) source code.
+des.man		- des(1) manual.
+
+/* Testing and timing programs. */
+destest.c	- Source for libdes.a test program.
+speed.c		- Source for libdes.a timing program.
+rpw.c		- Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man	- libdes.a manual page.
+des.h		- Public libdes.a header file.
+ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c	- des_ecb3_encrypt() source.
+cbc_ckm.c	- des_cbc_cksum() source.
+cbc_enc.c	- des_cbc_encrypt() source.
+ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies
+		  the new iv values back in the passed iv vector.
+ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c	- des_cfb_encrypt() source.
+cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher.
+cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+ofb_enc.c	- des_cfb_encrypt() source.
+ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher.
+ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+enc_read.c	- des_enc_read() source.
+enc_writ.c	- des_enc_write() source.
+pcbc_enc.c	- des_pcbc_encrypt() source.
+qud_cksm.c	- quad_cksum() source.
+rand_key.c	- des_random_key() source.
+read_pwd.c	- Source for des_read_password() plus related functions.
+set_key.c	- Source for des_set_key().
+str2key.c	- Covert a string of any length into a key.
+fcrypt.c	- A small, fast version of crypt(3).
+des_locl.h	- Internal libdes.a header file.
+podd.h		- Odd parity tables - used in des_set_key().
+sk.h		- Lookup tables used in des_set_key().
+spr.h		- What is left of the S tables - used in ecb_encrypt().
+des_ver.h	- header file for the external definition of the
+		  version string.
+des.doc		- SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt
+		  both done in a perl library.
+testdes.pl	- Testing program for des.pl
+doIP		- Perl script used to develop IP xor/shift code.
+doPC1		- Perl script used to develop PC1 xor/shift code.
+doPC2		- Generates sk.h.
+PC1		- Output of doPC1 should be the same as output from PC1.
+PC2		- used in development of doPC2.
+shifts.pl	- Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/crypto/openssl/crypto/des/Makefile.ssl b/crypto/openssl/crypto/des/Makefile.ssl
index 28e58f4..2edb542 100644
--- a/crypto/openssl/crypto/des/Makefile.ssl
+++ b/crypto/openssl/crypto/des/Makefile.ssl
@@ -6,13 +6,14 @@ DIR=	des
 TOP=	../..
 CC=	cc
 CPP=	$(CC) -E
-INCLUDES=-I../../include
+INCLUDES=-I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 RANLIB=		ranlib
@@ -30,22 +31,23 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
 	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
 	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
-	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
-	des_enc.c fcrypt_b.c read2pwd.c \
+	qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+	des_enc.c fcrypt_b.c \
 	xcbc_enc.c \
-	str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c
+	str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+	read2pwd.c
 
 LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
 	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
 	enc_read.o enc_writ.o ofb64enc.o \
 	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
-	${DES_ENC} read2pwd.o \
-	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o \
-	ede_cbcm_enc.o
+	${DES_ENC} \
+	fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+	ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= des.h
+EXHEADER= des.h des_old.h
 HEADER=	des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -57,8 +59,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 des: des.o cbc3_enc.o lib
@@ -66,19 +67,27 @@ des: des.o cbc3_enc.o lib
 
 # elf
 asm/dx86-elf.o: asm/dx86unix.cpp
-	$(CPP) -DELF -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
+	$(CPP) -DELF	\
+		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+		-x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
 
 asm/yx86-elf.o: asm/yx86unix.cpp
-	$(CPP) -DELF -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
+	$(CPP) -DELF	\
+		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+		-x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
 
 # solaris
 asm/dx86-sol.o: asm/dx86unix.cpp
-	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	$(CC) -E -DSOL	\
+		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+		asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
 	as -o asm/dx86-sol.o asm/dx86-sol.s
 	rm -f asm/dx86-sol.s
 
 asm/yx86-sol.o: asm/yx86unix.cpp
-	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	$(CC) -E -DSOL	\
+		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+		asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
 	as -o asm/yx86-sol.o asm/yx86-sol.s
 	rm -f asm/yx86-sol.s
 
@@ -107,7 +116,6 @@ files:
 
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -130,7 +138,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -141,72 +149,185 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
-cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
-cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
-cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
-cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
-des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
-ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
-ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c
+des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old2.o: ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_old2.o: des_old2.c
+ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecb_enc.o: des_locl.h spr.h
-ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
-enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-enc_read.o: ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
+ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/opensslv.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-enc_read.o: ../cryptlib.h des_locl.h
-enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-enc_writ.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-enc_writ.o: ../../include/openssl/opensslconf.h
-enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-enc_writ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-enc_writ.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h
-fcrypt.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h
-fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
-ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
-ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
-ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
-pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
-qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
-rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
-read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
-read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-read_pwd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-read_pwd.o: ../../include/openssl/opensslconf.h
-read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-read_pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-read_pwd.o: ../cryptlib.h des_locl.h
-rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
-set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-set_key.o: ../../include/openssl/opensslconf.h des_locl.h
-str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-str2key.o: ../../include/openssl/opensslconf.h des_locl.h
-xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_read.o: ../cryptlib.h des_locl.h enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_key.o: rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+read2pwd.o: read2pwd.c
+rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h
+rpc_enc.o: rpc_enc.c
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/openssl/crypto/des/asm/crypt586.pl
index 197c413..51fb3dd 100644
--- a/crypto/openssl/crypto/des/asm/crypt586.pl
+++ b/crypto/openssl/crypto/des/asm/crypt586.pl
@@ -14,7 +14,7 @@ require "x86asm.pl";
 $L="edi";
 $R="esi";
 
-&external_label("des_SPtrans");
+&external_label("DES_SPtrans");
 &fcrypt_body("fcrypt_body");
 &asm_finish();
 
@@ -22,15 +22,21 @@ sub fcrypt_body
 	{
 	local($name,$do_ip)=@_;
 
-	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+	&function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
 
 	&comment("");
 	&comment("Load the 2 words");
-	$ks="ebp";
+	$trans="ebp";
 
 	&xor(	$L,	$L);
 	&xor(	$R,	$R);
-	&mov($ks,&wparam(1));
+
+	# PIC-ification:-)
+	if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+	else		{ &lea("edx",&DWP("DES_SPtrans")); }
+	&push("edx");	# becomes &swtmp(1)
+	#
+	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
 
 	&push(&DWC(25)); # add a variable
 
@@ -39,11 +45,11 @@ sub fcrypt_body
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
 
 		&comment("");
 		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
 		}
 	 &mov("ebx",	&swtmp(0));
 	&mov("eax",	$L);
@@ -61,14 +67,14 @@ sub fcrypt_body
 	&mov(&DWP(0,"edx","",0),"eax");
 	&mov(&DWP(4,"edx","",0),$L);
 
-	&pop("ecx");	# remove variable
+	&add("esp",8);	# remove variables
 
 	&function_end($name);
 	}
 
 sub D_ENCRYPT
 	{
-	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
 
 	&mov(	$u,		&wparam(2));			# 2
 	&mov(	$t,		$R);
@@ -85,9 +91,9 @@ sub D_ENCRYPT
 	&shl(	$tmp2,		16); 				# 1
 	&xor(	$u,		$tmp1);				# 2
 	&xor(	$t,		$tmp2);				# 2
-	&mov(	$tmp1,		&DWP(&n2a($S*4),$ks,"",0));	# 2
+	&mov(	$tmp1,		&DWP(&n2a($S*4),$trans,"",0));	# 2
 	&xor(	$u,		$tmp1);
-	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$ks,"",0));	# 2
+	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$trans,"",0));	# 2
 	&xor(	$u,		$R);
 	&xor(	$t,		$R);
 	&xor(	$t,		$tmp2);
@@ -99,31 +105,28 @@ sub D_ENCRYPT
 	&movb(	&LB($tmp1),	&LB($u)	);
 	&movb(	&LB($tmp2),	&HB($u)	);
 	&rotr(	$t,		4		);
-	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&mov(	$trans,		&swtmp(1));
+	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
 	&movb(	&LB($tmp1),	&LB($t)	);
-	&xor(	$L,		$ks);
-	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
-	&xor(	$L,		$ks);
+	&xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
 	&movb(	&LB($tmp2),	&HB($t)	);
 	&shr(	$u,		16);
-	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
-	&xor(	$L,		$ks); 
+	&xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
 	&movb(	&LB($tmp1),	&HB($u)	);
 	&shr(	$t,		16);
-	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
-	&xor(	$L,		$ks);
-	&mov(	$ks,		&wparam(1));
+	&xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
 	&movb(	&LB($tmp2),	&HB($t)	);
 	&and(	$u,		"0xff"	);
 	&and(	$t,		"0xff"	);
-	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&mov(	$tmp1,		&DWP("0x600",$trans,$tmp1,0));
 	&xor(	$L,		$tmp1);
-	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&mov(	$tmp1,		&DWP("0x700",$trans,$tmp2,0));
 	&xor(	$L,		$tmp1);
-	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&mov(	$tmp1,		&DWP("0x400",$trans,$u,0));
 	&xor(	$L,		$tmp1);
-	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&mov(	$tmp1,		&DWP("0x500",$trans,$t,0));
 	&xor(	$L,		$tmp1);
+	&mov(	$trans,		&wparam(1));
 	}
 
 sub n2a
diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/openssl/crypto/des/asm/des-586.pl
index c890766..7a58869 100644
--- a/crypto/openssl/crypto/des/asm/des-586.pl
+++ b/crypto/openssl/crypto/des/asm/des-586.pl
@@ -19,28 +19,28 @@ require "desboth.pl";
 $L="edi";
 $R="esi";
 
-&external_label("des_SPtrans");
-&des_encrypt("des_encrypt1",1);
-&des_encrypt("des_encrypt2",0);
-&des_encrypt3("des_encrypt3",1);
-&des_encrypt3("des_decrypt3",0);
-&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+&external_label("DES_SPtrans");
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
+&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
 
 &asm_finish();
 
-sub des_encrypt
+sub DES_encrypt
 	{
 	local($name,$do_ip)=@_;
 
-	&function_begin_B($name,"EXTRN   _des_SPtrans:DWORD");
+	&function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");
 
 	&push("esi");
 	&push("edi");
 
 	&comment("");
 	&comment("Load the 2 words");
-	$ks="ebp";
+	$trans="ebp";
 
 	if ($do_ip)
 		{
@@ -72,7 +72,11 @@ sub des_encrypt
 		&rotl($L,3);
 		}
 
-	&mov(	$ks,		&wparam(1)	);
+	# PIC-ification:-)
+	if ($cpp)	{ &picmeup($trans,"DES_SPtrans");   }
+	else		{ &lea($trans,&DWP("DES_SPtrans")); }
+
+	&mov(	"ecx",	&wparam(1)	);
 	&cmp("ebx","0");
 	&je(&label("start_decrypt"));
 
@@ -80,11 +84,11 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
 
 		&comment("");
 		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
 		}
 	&jmp(&label("end"));
 
@@ -94,10 +98,10 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
 		&comment("");
 		&comment("Round ".sprintf("%d",$i-1));
-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx");
 		}
 
 	&set_label("end");
@@ -134,43 +138,36 @@ sub des_encrypt
 
 sub D_ENCRYPT
 	{
-	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
 
-	 &mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	 &mov(	$u,		&DWP(&n2a($S*4),$tmp2,"",0));
 	&xor(	$tmp1,		$tmp1);
-	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$tmp2,"",0));
 	&xor(	$u,		$R);
+	&xor(	$tmp2,		$tmp2);
 	 &xor(	$t,		$R);
 	&and(	$u,		"0xfcfcfcfc"	);
 	 &and(	$t,		"0xcfcfcfcf"	);
 	&movb(	&LB($tmp1),	&LB($u)	);
 	 &movb(	&LB($tmp2),	&HB($u)	);
 	&rotr(	$t,		4		);
-	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
 	 &movb(	&LB($tmp1),	&LB($t)	);
-	&xor(	$L,		$ks);
-	 &mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
-	&xor(	$L,		$ks); ######
+	 &xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
 	 &movb(	&LB($tmp2),	&HB($t)	);
 	&shr(	$u,		16);
-	 &mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
-	&xor(	$L,		$ks); ######
+	 &xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
 	 &movb(	&LB($tmp1),	&HB($u)	);
 	&shr(	$t,		16);
-	 &mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
-	&xor(	$L,		$ks);
-	 &mov(	$ks,		&wparam(1)	);
+	 &xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
 	&movb(	&LB($tmp2),	&HB($t)	);
 	 &and(	$u,		"0xff"	);
 	&and(	$t,		"0xff"	);
-	 &mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
-	&xor(	$L,		$tmp1);
-	 &mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
-	&xor(	$L,		$tmp1);
-	 &mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
-	&xor(	$L,		$tmp1);
-	 &mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
-	&xor(	$L,		$tmp1);
+	 &xor(	$L,		&DWP("0x600",$trans,$tmp1,0));
+	 &xor(	$L,		&DWP("0x700",$trans,$tmp2,0));
+	&mov(	$tmp2,		&wparam(1)	);
+	 &xor(	$L,		&DWP("0x400",$trans,$u,0));
+	 &xor(	$L,		&DWP("0x500",$trans,$t,0));
 	}
 
 sub n2a
diff --git a/crypto/openssl/crypto/des/asm/des686.pl b/crypto/openssl/crypto/des/asm/des686.pl
index 84c3e85..d3ad5d5 100644
--- a/crypto/openssl/crypto/des/asm/des686.pl
+++ b/crypto/openssl/crypto/des/asm/des686.pl
@@ -46,19 +46,19 @@ EOF
 $L="edi";
 $R="esi";
 
-&des_encrypt("des_encrypt1",1);
-&des_encrypt("des_encrypt2",0);
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
 
-&des_encrypt3("des_encrypt3",1);
-&des_encrypt3("des_decrypt3",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
 
 &file_end();
 
-sub des_encrypt
+sub DES_encrypt
 	{
 	local($name,$do_ip)=@_;
 
-	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+	&function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
 
 	&comment("");
 	&comment("Load the 2 words");
@@ -94,11 +94,11 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 
 		&comment("");
 		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 		}
 	&jmp(&label("end"));
 
@@ -108,10 +108,10 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 		&comment("");
 		&comment("Round ".sprintf("%d",$i-1));
-		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 		}
 
 	&set_label("end");
diff --git a/crypto/openssl/crypto/des/asm/desboth.pl b/crypto/openssl/crypto/des/asm/desboth.pl
index d510641..eec0088 100644
--- a/crypto/openssl/crypto/des/asm/desboth.pl
+++ b/crypto/openssl/crypto/des/asm/desboth.pl
@@ -3,7 +3,7 @@
 $L="edi";
 $R="esi";
 
-sub des_encrypt3
+sub DES_encrypt3
 	{
 	local($name,$enc)=@_;
 
@@ -47,15 +47,15 @@ sub des_encrypt3
 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
 	&mov(&swtmp(1),	"eax");
 	&mov(&swtmp(0),	"ebx");
-	&call("des_encrypt2");
+	&call("DES_encrypt2");
 	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
 	&mov(&swtmp(1),	"edi");
 	&mov(&swtmp(0),	"ebx");
-	&call("des_encrypt2");
+	&call("DES_encrypt2");
 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
 	&mov(&swtmp(1),	"esi");
 	&mov(&swtmp(0),	"ebx");
-	&call("des_encrypt2");
+	&call("DES_encrypt2");
 
 	&stack_pop(3);
 	&mov($L,&DWP(0,"ebx","",0));
diff --git a/crypto/openssl/crypto/des/cbc3_enc.c b/crypto/openssl/crypto/des/cbc3_enc.c
index 527e74f..b5db4e1 100644
--- a/crypto/openssl/crypto/des/cbc3_enc.c
+++ b/crypto/openssl/crypto/des/cbc3_enc.c
@@ -59,41 +59,41 @@
 #include "des_locl.h"
 
 /* HAS BUGS! DON'T USE - this is only present for use in des.c */
-void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
-	     des_key_schedule ks1, des_key_schedule ks2, des_cblock *iv1,
-	     des_cblock *iv2, int enc)
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,
+	     DES_cblock *iv2, int enc)
 	{
 	int off=((int)length-1)/8;
 	long l8=((length+7)/8)*8;
-	des_cblock niv1,niv2;
+	DES_cblock niv1,niv2;
 
 	if (enc == DES_ENCRYPT)
 		{
-		des_cbc_encrypt((unsigned char*)input,
-				(unsigned char*)output,length,ks1,iv1,enc);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,l8,ks2,iv1,!enc);
-		des_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,l8,ks1,iv2,enc);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv2,output[off],sizeof(des_cblock));
+		DES_cbc_encrypt((unsigned char*)input,
+				(unsigned char*)output,length,&ks1,iv1,enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv1,output[off],sizeof(DES_cblock));
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,&ks2,iv1,!enc);
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,&ks1,iv2,enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv2,output[off],sizeof(DES_cblock));
 		}
 	else
 		{
-		if (length >= sizeof(des_cblock))
-			memcpy(niv2,input[off],sizeof(des_cblock));
-		des_cbc_encrypt((unsigned char*)input,
-				(unsigned char*)output,l8,ks1,iv2,enc);
-		des_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,l8,ks2,iv1,!enc);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,length,ks1,iv1,enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv2,input[off],sizeof(DES_cblock));
+		DES_cbc_encrypt((unsigned char*)input,
+				(unsigned char*)output,l8,&ks1,iv2,enc);
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,&ks2,iv1,!enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv1,output[off],sizeof(DES_cblock));
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,length,&ks1,iv1,enc);
 		}
-	memcpy(*iv1,niv1,sizeof(des_cblock));
-	memcpy(*iv2,niv2,sizeof(des_cblock));
+	memcpy(*iv1,niv1,sizeof(DES_cblock));
+	memcpy(*iv2,niv2,sizeof(DES_cblock));
 	}
 
diff --git a/crypto/openssl/crypto/des/cbc_cksm.c b/crypto/openssl/crypto/des/cbc_cksm.c
index b857df0..6c5305b 100644
--- a/crypto/openssl/crypto/des/cbc_cksm.c
+++ b/crypto/openssl/crypto/des/cbc_cksm.c
@@ -58,9 +58,9 @@
 
 #include "des_locl.h"
 
-DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
-		long length,
-		des_key_schedule schedule, const_des_cblock *ivec)
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+		       long length, DES_key_schedule *schedule,
+		       const_DES_cblock *ivec)
 	{
 	register DES_LONG tout0,tout1,tin0,tin1;
 	register long l=length;
@@ -82,7 +82,7 @@ DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
 			
 		tin0^=tout0; tin[0]=tin0;
 		tin1^=tout1; tin[1]=tin1;
-		des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
 		tout0=tin[0];
 		tout1=tin[1];
diff --git a/crypto/openssl/crypto/des/cfb64ede.c b/crypto/openssl/crypto/des/cfb64ede.c
index 5362a55..60c1aa0 100644
--- a/crypto/openssl/crypto/des/cfb64ede.c
+++ b/crypto/openssl/crypto/des/cfb64ede.c
@@ -63,9 +63,10 @@
  * 64bit block we have used is contained in *num;
  */
 
-void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3, des_cblock *ivec, int *num, int enc)
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			    long length, DES_key_schedule *ks1,
+			    DES_key_schedule *ks2, DES_key_schedule *ks3,
+			    DES_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
@@ -85,7 +86,7 @@ void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 
 				ti[0]=v0;
 				ti[1]=v1;
-				des_encrypt3(ti,ks1,ks2,ks3);
+				DES_encrypt3(ti,ks1,ks2,ks3);
 				v0=ti[0];
 				v1=ti[1];
 
@@ -111,7 +112,7 @@ void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 
 				ti[0]=v0;
 				ti[1]=v1;
-				des_encrypt3(ti,ks1,ks2,ks3);
+				DES_encrypt3(ti,ks1,ks2,ks3);
 				v0=ti[0];
 				v1=ti[1];
 
@@ -132,10 +133,10 @@ void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 	}
 
 #ifdef undef /* MACRO */
-void des_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     des_key_schedule ks1, des_key_schedule ks2, des_cblock (*ivec),
+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
 	     int *num, int enc)
 	{
-	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
 	}
 #endif
diff --git a/crypto/openssl/crypto/des/cfb64enc.c b/crypto/openssl/crypto/des/cfb64enc.c
index 105530d..5ec8683 100644
--- a/crypto/openssl/crypto/des/cfb64enc.c
+++ b/crypto/openssl/crypto/des/cfb64enc.c
@@ -63,9 +63,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, des_key_schedule schedule, des_cblock *ivec,
-	     int *num, int enc)
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, DES_key_schedule *schedule,
+		       DES_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
@@ -82,7 +82,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt1(ti,schedule,DES_ENCRYPT);
+				DES_encrypt1(ti,schedule,DES_ENCRYPT);
 				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
@@ -102,7 +102,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt1(ti,schedule,DES_ENCRYPT);
+				DES_encrypt1(ti,schedule,DES_ENCRYPT);
 				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/openssl/crypto/des/cfb_enc.c
index ec4fd4e..17bf77c 100644
--- a/crypto/openssl/crypto/des/cfb_enc.c
+++ b/crypto/openssl/crypto/des/cfb_enc.c
@@ -64,8 +64,8 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+		     long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
 	{
 	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
@@ -100,7 +100,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			d0=(d0^ti[0])&mask0;
@@ -132,7 +132,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			/* 30-08-94 - eay - changed because l>>32 and
diff --git a/crypto/openssl/crypto/des/des.c b/crypto/openssl/crypto/des/des.c
index 215d741..343135f 100644
--- a/crypto/openssl/crypto/des/des.c
+++ b/crypto/openssl/crypto/des/des.c
@@ -59,25 +59,25 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifndef MSDOS
-#ifndef VMS
 #include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+#ifndef OPENSSL_SYS_VMS
 #include OPENSSL_UNISTD
-#else /* VMS */
+#else /* OPENSSL_SYS_VMS */
 #ifdef __DECC
 #include <unistd.h>
 #else /* not __DECC */
 #include <math.h>
 #endif /* __DECC */
-#endif /* VMS */
-#else /* MSDOS */
+#endif /* OPENSSL_SYS_VMS */
+#else /* OPENSSL_SYS_MSDOS */
 #include <io.h>
 #endif
 
 #include <time.h>
 #include "des_ver.h"
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #include <types.h>
 #include <stat.h>
 #else
@@ -88,6 +88,7 @@
 #endif
 #include <openssl/des.h>
 #include <openssl/rand.h>
+#include <openssl/ui_compat.h>
 
 void usage(void);
 void doencryption(void);
@@ -96,10 +97,10 @@ void uufwriteEnd(FILE *fp);
 int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
 int uuencode(unsigned char *in,int num,unsigned char *out);
 int uudecode(unsigned char *in,int num,unsigned char *out);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
-#ifdef VMS
+void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,
+	DES_key_schedule sk1,DES_key_schedule sk2,
+	DES_cblock *ivec1,DES_cblock *ivec2,int enc);
+#ifdef OPENSSL_SYS_VMS
 #define EXIT(a) exit(a&0x10000000L)
 #else
 #define EXIT(a) exit(a)
@@ -119,7 +120,7 @@ int uubufnum=0;
 #define OUTUUBUF	(65*100)
 unsigned char b[OUTUUBUF];
 unsigned char bb[300];
-des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 char cksumname[200]="";
 
 int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
@@ -152,12 +153,14 @@ int main(int argc, char **argv)
 				case 'c':
 					cflag=1;
 					strncpy(cksumname,p,200);
+					cksumname[sizeof(cksumname)-1]='\0';
 					p+=strlen(cksumname);
 					break;
 				case 'C':
 					cflag=1;
 					longk=1;
 					strncpy(cksumname,p,200);
+					cksumname[sizeof(cksumname)-1]='\0';
 					p+=strlen(cksumname);
 					break;
 				case 'e':
@@ -189,6 +192,7 @@ int main(int argc, char **argv)
 				case 'u':
 					uflag=1;
 					strncpy(uuname,p,200);
+					uuname[sizeof(uuname)-1]='\0';
 					p+=strlen(uuname);
 					break;
 				case 'h':
@@ -258,12 +262,12 @@ int main(int argc, char **argv)
 #endif			
 	if (	(in != NULL) &&
 		(out != NULL) &&
-#ifndef MSDOS
+#ifndef OPENSSL_SYS_MSDOS
 		(stat(in,&ins) != -1) &&
 		(stat(out,&outs) != -1) &&
 		(ins.st_dev == outs.st_dev) &&
 		(ins.st_ino == outs.st_ino))
-#else /* MSDOS */
+#else /* OPENSSL_SYS_MSDOS */
 		(strcmp(in,out) == 0))
 #endif
 			{
@@ -298,7 +302,7 @@ int main(int argc, char **argv)
 		EXIT(5);
 		}
 
-#ifdef MSDOS
+#ifdef OPENSSL_SYS_MSDOS
 	/* This should set the file to binary mode. */
 	{
 #include <fcntl.h>
@@ -360,14 +364,14 @@ void doencryption(void)
 #endif
 
 	register int i;
-	des_key_schedule ks,ks2;
-	des_cblock iv,iv2;
+	DES_key_schedule ks,ks2;
+	DES_cblock iv,iv2;
 	char *p;
 	int num=0,j,k,l,rem,ll,len,last,ex=0;
-	des_cblock kk,k2;
+	DES_cblock kk,k2;
 	FILE *O;
 	int Exit=0;
-#ifndef MSDOS
+#ifndef OPENSSL_SYS_MSDOS
 	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
 #else
 	static unsigned char *buf=NULL,*obuf=NULL;
@@ -422,19 +426,19 @@ void doencryption(void)
 			else
 				k2[i-8]=k;
 			}
-		des_set_key_unchecked(&k2,ks2);
-		memset(k2,0,sizeof(k2));
+		DES_set_key_unchecked(&k2,&ks2);
+		OPENSSL_cleanse(k2,sizeof(k2));
 		}
 	else if (longk || flag3)
 		{
 		if (flag3)
 			{
-			des_string_to_2keys(key,&kk,&k2);
-			des_set_key_unchecked(&k2,ks2);
-			memset(k2,0,sizeof(k2));
+			DES_string_to_2keys(key,&kk,&k2);
+			DES_set_key_unchecked(&k2,&ks2);
+			OPENSSL_cleanse(k2,sizeof(k2));
 			}
 		else
-			des_string_to_key(key,&kk);
+			DES_string_to_key(key,&kk);
 		}
 	else
 		for (i=0; i<KEYSIZ; i++)
@@ -452,9 +456,9 @@ void doencryption(void)
 				kk[i]=key[i]|0x80;
 			}
 
-	des_set_key_unchecked(&kk,ks);
-	memset(key,0,sizeof(key));
-	memset(kk,0,sizeof(kk));
+	DES_set_key_unchecked(&kk,&ks);
+	OPENSSL_cleanse(key,sizeof(key));
+	OPENSSL_cleanse(kk,sizeof(kk));
 	/* woops - A bug that does not showup under unix :-( */
 	memset(iv,0,sizeof(iv));
 	memset(iv2,0,sizeof(iv2));
@@ -491,8 +495,8 @@ void doencryption(void)
 
 			if (cflag)
 				{
-				des_cbc_cksum(buf,&cksum,
-					(long)len,ks,&cksum);
+				DES_cbc_cksum(buf,&cksum,
+					(long)len,&ks,&cksum);
 				if (!eflag)
 					{
 					if (feof(DES_IN)) break;
@@ -502,24 +506,24 @@ void doencryption(void)
 
 			if (bflag && !flag3)
 				for (i=0; i<l; i+=8)
-					des_ecb_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,do_encrypt);
+					DES_ecb_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,do_encrypt);
 			else if (flag3 && bflag)
 				for (i=0; i<l; i+=8)
-					des_ecb2_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,ks2,do_encrypt);
+					DES_ecb2_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,&ks2,do_encrypt);
 			else if (flag3 && !bflag)
 				{
 				char tmpbuf[8];
 
 				if (rem) memcpy(tmpbuf,&(buf[l]),
 					(unsigned int)rem);
-				des_3cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
+				DES_3cbc_encrypt(
+					(DES_cblock *)buf,(DES_cblock *)obuf,
 					(long)l,ks,ks2,&iv,
 					&iv2,do_encrypt);
 				if (rem) memcpy(&(buf[l]),tmpbuf,
@@ -527,9 +531,9 @@ void doencryption(void)
 				}
 			else
 				{
-				des_cbc_encrypt(
+				DES_cbc_encrypt(
 					buf,obuf,
-					(long)l,ks,&iv,do_encrypt);
+					(long)l,&ks,&iv,do_encrypt);
 				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
 				}
 			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
@@ -581,28 +585,28 @@ void doencryption(void)
 
 			if (bflag && !flag3)
 				for (i=0; i<l; i+=8)
-					des_ecb_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,do_encrypt);
+					DES_ecb_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,do_encrypt);
 			else if (flag3 && bflag)
 				for (i=0; i<l; i+=8)
-					des_ecb2_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,ks2,do_encrypt);
+					DES_ecb2_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,&ks2,do_encrypt);
 			else if (flag3 && !bflag)
 				{
-				des_3cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
+				DES_3cbc_encrypt(
+					(DES_cblock *)buf,(DES_cblock *)obuf,
 					(long)l,ks,ks2,&iv,
 					&iv2,do_encrypt);
 				}
 			else
 				{
-				des_cbc_encrypt(
+				DES_cbc_encrypt(
 					buf,obuf,
-				 	(long)l,ks,&iv,do_encrypt);
+				 	(long)l,&ks,&iv,do_encrypt);
 				if (l >= 8) memcpy(iv,&(buf[l-8]),8);
 				}
 
@@ -627,9 +631,9 @@ void doencryption(void)
 				l=l-8+last;
 				}
 			i=0;
-			if (cflag) des_cbc_cksum(obuf,
-				(des_cblock *)cksum,(long)l/8*8,ks,
-				(des_cblock *)cksum);
+			if (cflag) DES_cbc_cksum(obuf,
+				(DES_cblock *)cksum,(long)l/8*8,&ks,
+				(DES_cblock *)cksum);
 			while (i != l)
 				{
 				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
@@ -662,18 +666,18 @@ void doencryption(void)
 		if (l) fclose(CKSUM_OUT);
 		}
 problems:
-	memset(buf,0,sizeof(buf));
-	memset(obuf,0,sizeof(obuf));
-	memset(ks,0,sizeof(ks));
-	memset(ks2,0,sizeof(ks2));
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-	memset(kk,0,sizeof(kk));
-	memset(k2,0,sizeof(k2));
-	memset(uubuf,0,sizeof(uubuf));
-	memset(b,0,sizeof(b));
-	memset(bb,0,sizeof(bb));
-	memset(cksum,0,sizeof(cksum));
+	OPENSSL_cleanse(buf,sizeof(buf));
+	OPENSSL_cleanse(obuf,sizeof(obuf));
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	OPENSSL_cleanse(&ks2,sizeof(ks2));
+	OPENSSL_cleanse(iv,sizeof(iv));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
+	OPENSSL_cleanse(kk,sizeof(kk));
+	OPENSSL_cleanse(k2,sizeof(k2));
+	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+	OPENSSL_cleanse(b,sizeof(b));
+	OPENSSL_cleanse(bb,sizeof(bb));
+	OPENSSL_cleanse(cksum,sizeof(cksum));
 	if (Exit) EXIT(Exit);
 	}
 
diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h
index 0aaaceb..daaf239 100644
--- a/crypto/openssl/crypto/des/des.h
+++ b/crypto/openssl/crypto/des/des.h
@@ -56,42 +56,53 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
+#define HEADER_NEW_DES_H
 
-#ifdef NO_DES
+#ifdef OPENSSL_NO_DES
 #error DES is disabled.
 #endif
 
-#ifdef _KERBEROS_DES_H
-#error <openssl/des.h> replaces <kerberos/des.h>.
-#endif
-
 #include <openssl/opensslconf.h> /* DES_LONG */
 #include <openssl/e_os2.h>	/* OPENSSL_EXTERN */
 
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-typedef unsigned char des_cblock[8];
-typedef /* const */ unsigned char const_des_cblock[8];
-/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
- * and const_des_cblock * are incompatible pointer types. */
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
+ * and const_DES_cblock * are incompatible pointer types. */
 
-typedef struct des_ks_struct
+typedef struct DES_ks
+    {
+    union
 	{
-	union	{
-		des_cblock cblock;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG deslong[2];
-		} ks;
-	int weak_key;
-	} des_key_schedule[16];
+	DES_cblock cblock;
+	/* make sure things are correct size on machines with
+	 * 8 byte longs */
+	DES_LONG deslong[2];
+	} ks[16];
+    } DES_key_schedule;
+
+#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
+# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
+#  define OPENSSL_ENABLE_OLD_DES_SUPPORT
+# endif
+#endif
 
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
+# include <openssl/des_old.h>
+#endif
+
+#define DES_KEY_SZ 	(sizeof(DES_cblock))
+#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
 
 #define DES_ENCRYPT	1
 #define DES_DECRYPT	0
@@ -99,44 +110,45 @@ typedef struct des_ks_struct
 #define DES_CBC_MODE	0
 #define DES_PCBC_MODE	1
 
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-OPENSSL_EXTERN int des_check_key;	/* defaults to false */
-OPENSSL_EXTERN int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */
-
-const char *des_options(void);
-void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
-		      des_key_schedule ks1,des_key_schedule ks2,
-		      des_key_schedule ks3, int enc);
-DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
-		       long length,des_key_schedule schedule,
-		       const_des_cblock *ivec);
-/* des_cbc_encrypt does not update the IV!  Use des_ncbc_encrypt instead. */
-void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
-		     long length,des_key_schedule schedule,des_cblock *ivec,
+#define DES_ecb2_encrypt(i,o,k1,k2,e) \
+	DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int,DES_check_key);	/* defaults to false */
+#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
+#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+		      DES_key_schedule *ks1,DES_key_schedule *ks2,
+		      DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
+		       long length,DES_key_schedule *schedule,
+		       const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
+		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
 		     int enc);
-void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,des_key_schedule schedule,des_cblock *ivec,
+void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
 		      int enc);
-void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,des_key_schedule schedule,des_cblock *ivec,
-		      const_des_cblock *inw,const_des_cblock *outw,int enc);
-void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,des_key_schedule schedule,des_cblock *ivec,
+void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
+void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
 		     int enc);
-void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
-		     des_key_schedule ks,int enc);
+void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
+		     DES_key_schedule *ks,int enc);
 
 /* 	This is the DES encryption function that gets called by just about
 	every other DES routine in the library.  You should not use this
@@ -145,119 +157,81 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
 	long, and this needs to be done to make sure 'non-aligned' memory
 	access do not occur.  The characters are loaded 'little endian'.
 	Data is a pointer to 2 unsigned long's and ks is the
-	des_key_schedule to use.  enc, is non zero specifies encryption,
+	DES_key_schedule to use.  enc, is non zero specifies encryption,
 	zero if decryption. */
-void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);
+void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
 
-/* 	This functions is the same as des_encrypt1() except that the DES
+/* 	This functions is the same as DES_encrypt1() except that the DES
 	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for des_encrypt1(), you should not use this function.
+	out.  As for DES_encrypt1(), you should not use this function.
 	It is used by the routines in the library that implement triple DES.
-	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
-	as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
+	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
+	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
+void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
 			  long length,
-			  des_key_schedule ks1,des_key_schedule ks2,
-			  des_key_schedule ks3,des_cblock *ivec,int enc);
-void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
+			  DES_key_schedule *ks1,DES_key_schedule *ks2,
+			  DES_key_schedule *ks3,DES_cblock *ivec,int enc);
+void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
 			   long length,
-			   des_key_schedule ks1,des_key_schedule ks2,
-			   des_key_schedule ks3,
-			   des_cblock *ivec1,des_cblock *ivec2,
+			   DES_key_schedule *ks1,DES_key_schedule *ks2,
+			   DES_key_schedule *ks3,
+			   DES_cblock *ivec1,DES_cblock *ivec2,
 			   int enc);
-void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,des_key_schedule ks1,
-			    des_key_schedule ks2,des_key_schedule ks3,
-			    des_cblock *ivec,int *num,int enc);
-void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,des_key_schedule ks1,
-			    des_key_schedule ks2,des_key_schedule ks3,
-			    des_cblock *ivec,int *num);
-
-void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
-		       des_cblock *out_white);
-
-int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
-		 des_cblock *iv);
-int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
-		  des_cblock *iv);
-char *des_fcrypt(const char *buf,const char *salt, char *ret);
-char *des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
-char *crypt(const char *buf,const char *salt);
-#endif
-void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,des_key_schedule schedule,des_cblock *ivec,
+void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,DES_key_schedule *ks1,
+			    DES_key_schedule *ks2,DES_key_schedule *ks3,
+			    DES_cblock *ivec,int *num,int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,DES_key_schedule *ks1,
+			    DES_key_schedule *ks2,DES_key_schedule *ks3,
+			    DES_cblock *ivec,int *num);
+
+void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
+		       DES_cblock *out_white);
+
+int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
+		 DES_cblock *iv);
+int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
+		  DES_cblock *iv);
+char *DES_fcrypt(const char *buf,const char *salt, char *ret);
+char *DES_crypt(const char *buf,const char *salt);
+void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,DES_key_schedule *schedule,DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
 		      int enc);
-DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
-			long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock *key);
-int des_random_key(des_cblock *ret);
-int des_read_password(des_cblock *key,const char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-			const char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_check_key_parity(const_des_cblock *key);
-int des_is_weak_key(const_des_cblock *key);
-/* des_set_key (= set_key = des_key_sched = key_sched) calls
- * des_set_key_checked if global variable des_check_key is set,
- * des_set_key_unchecked otherwise. */
-int des_set_key(const_des_cblock *key,des_key_schedule schedule);
-int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
-int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule);
-void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(const char *str,des_cblock *key);
-void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       des_key_schedule schedule,des_cblock *ivec,int *num,
+DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
+			long length,int out_count,DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise. */
+int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+void DES_string_to_key(const char *str,DES_cblock *key);
+void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
 		       int enc);
-void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       des_key_schedule schedule,des_cblock *ivec,int *num);
-int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-/* The following definitions provide compatibility with the MIT Kerberos
- * library. The des_key_schedule structure is not binary compatible. */
+void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
 
-#define _KERBEROS_DES_H
-
-#define KRBDES_ENCRYPT DES_ENCRYPT
-#define KRBDES_DECRYPT DES_DECRYPT
-
-#ifdef KERBEROS
-#  define ENCRYPT DES_ENCRYPT
-#  define DECRYPT DES_DECRYPT
-#endif
-
-#ifndef NCOMPAT
-#  define C_Block des_cblock
-#  define Key_schedule des_key_schedule
-#  define KEY_SZ DES_KEY_SZ
-#  define string_to_key des_string_to_key
-#  define read_pw_string des_read_pw_string
-#  define random_key des_random_key
-#  define pcbc_encrypt des_pcbc_encrypt
-#  define set_key des_set_key
-#  define key_sched des_key_sched
-#  define ecb_encrypt des_ecb_encrypt
-#  define cbc_encrypt des_cbc_encrypt
-#  define ncbc_encrypt des_ncbc_encrypt
-#  define xcbc_encrypt des_xcbc_encrypt
-#  define cbc_cksum des_cbc_cksum
-#  define quad_cksum des_quad_cksum
-#  define check_parity des_check_key_parity
-#endif
+int DES_read_password(DES_cblock *key, const char *prompt, int verify);
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+	int verify);
 
-typedef des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
+#define DES_fixup_key_parity DES_set_odd_parity
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/des/des_enc.c b/crypto/openssl/crypto/des/des_enc.c
index 0bd9fa3..1c37ab9 100644
--- a/crypto/openssl/crypto/des/des_enc.c
+++ b/crypto/openssl/crypto/des/des_enc.c
@@ -58,11 +58,11 @@
 
 #include "des_locl.h"
 
-void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -75,7 +75,7 @@ void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	IP(r,l);
 	/* Things have been modified so that the initial rotate is
 	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
 	 * One perl script later and things have a 5% speed up on a sparc2.
 	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
 	 * for pointing this out. */
@@ -84,7 +84,7 @@ void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=ks->ks.deslong;
+	s=ks->ks->deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -156,11 +156,11 @@ void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	l=r=t=u=0;
 	}
 
-void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -172,7 +172,7 @@ void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
 
 	/* Things have been modified so that the initial rotate is
 	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
 	 * One perl script later and things have a 5% speed up on a sparc2.
 	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
 	 * for pointing this out. */
@@ -180,7 +180,7 @@ void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=ks->ks.deslong;
+	s=ks->ks->deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -247,8 +247,8 @@ void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
 	l=r=t=u=0;
 	}
 
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3)
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3)
 	{
 	register DES_LONG l,r;
 
@@ -257,9 +257,9 @@ void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
 	IP(l,r);
 	data[0]=l;
 	data[1]=r;
-	des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
-	des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
-	des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
 	l=data[0];
 	r=data[1];
 	FP(r,l);
@@ -267,8 +267,8 @@ void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
 	data[1]=r;
 	}
 
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3)
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3)
 	{
 	register DES_LONG l,r;
 
@@ -277,9 +277,9 @@ void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
 	IP(l,r);
 	data[0]=l;
 	data[1]=r;
-	des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
-	des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
-	des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
 	l=data[0];
 	r=data[1];
 	FP(r,l);
@@ -290,11 +290,12 @@ void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
 #ifndef DES_DEFAULT_OPTIONS
 
 #undef CBC_ENC_C__DONT_UPDATE_IV
-#include "ncbc_enc.c" /* des_ncbc_encrypt */
+#include "ncbc_enc.c" /* DES_ncbc_encrypt */
 
-void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
-	     long length, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3, des_cblock *ivec, int enc)
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+			  long length, DES_key_schedule *ks1,
+			  DES_key_schedule *ks2, DES_key_schedule *ks3,
+			  DES_cblock *ivec, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
@@ -321,7 +322,7 @@ void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 
@@ -336,7 +337,7 @@ void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 
@@ -363,7 +364,7 @@ void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 
@@ -384,7 +385,7 @@ void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 		
diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/openssl/crypto/des/des_locl.h
index 1ace8f5..6f22247 100644
--- a/crypto/openssl/crypto/des/des_locl.h
+++ b/crypto/openssl/crypto/des/des_locl.h
@@ -59,19 +59,19 @@
 #ifndef HEADER_DES_LOCL_H
 #define HEADER_DES_LOCL_H
 
-#if defined(WIN32) || defined(WIN16)
-#ifndef MSDOS
-#define MSDOS
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
 #endif
 #endif
 
 #include <stdio.h>
 #include <stdlib.h>
 
-#include <openssl/opensslconf.h>
-
-#ifndef MSDOS
-#if !defined(VMS) || defined(__DECC)
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
 #ifdef OPENSSL_UNISTD
 # include OPENSSL_UNISTD
 #else
@@ -82,17 +82,22 @@
 #endif
 #include <openssl/des.h>
 
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#ifdef OPENSSL_SYS_MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
 #include <stdlib.h>
 #include <errno.h>
 #include <time.h>
 #include <io.h>
 #endif
 
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
 #include <string.h>
 #endif
 
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #define ITERATIONS 16
 #define HALF_ITERATIONS 8
 
@@ -155,9 +160,20 @@
 				} \
 			}
 
-#if defined(WIN32) && defined(_MSC_VER)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define	ROTATE(a,n)	(_lrotr(a,n))
-#else
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm ("rorl %1,%0"	\
+					: "=r"(ret)	\
+					: "I"(n),"0"(a)	\
+					: "cc");	\
+			   ret;				\
+			})
+# endif
+#endif
+#ifndef ROTATE
 #define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
 #endif
 
@@ -278,24 +294,24 @@
 	u1=(int)u&0x3f; \
 	u2&=0x3f; \
 	u>>=16L; \
-	LL^=des_SPtrans[0][u1]; \
-	LL^=des_SPtrans[2][u2]; \
+	LL^=DES_SPtrans[0][u1]; \
+	LL^=DES_SPtrans[2][u2]; \
 	u3=(int)u>>8L; \
 	u1=(int)u&0x3f; \
 	u3&=0x3f; \
-	LL^=des_SPtrans[4][u1]; \
-	LL^=des_SPtrans[6][u3]; \
+	LL^=DES_SPtrans[4][u1]; \
+	LL^=DES_SPtrans[6][u3]; \
 	u2=(int)t>>8L; \
 	u1=(int)t&0x3f; \
 	u2&=0x3f; \
 	t>>=16L; \
-	LL^=des_SPtrans[1][u1]; \
-	LL^=des_SPtrans[3][u2]; \
+	LL^=DES_SPtrans[1][u1]; \
+	LL^=DES_SPtrans[3][u2]; \
 	u3=(int)t>>8L; \
 	u1=(int)t&0x3f; \
 	u3&=0x3f; \
-	LL^=des_SPtrans[5][u1]; \
-	LL^=des_SPtrans[7][u3]; }
+	LL^=DES_SPtrans[5][u1]; \
+	LL^=DES_SPtrans[7][u3]; }
 #endif
 #ifdef DES_RISC2
 #define D_ENCRYPT(LL,R,S) {\
@@ -306,25 +322,25 @@
 	u2=(int)u>>8L; \
 	u1=(int)u&0x3f; \
 	u2&=0x3f; \
-	LL^=des_SPtrans[0][u1]; \
-	LL^=des_SPtrans[2][u2]; \
+	LL^=DES_SPtrans[0][u1]; \
+	LL^=DES_SPtrans[2][u2]; \
 	s1=(int)u>>16L; \
 	s2=(int)u>>24L; \
 	s1&=0x3f; \
 	s2&=0x3f; \
-	LL^=des_SPtrans[4][s1]; \
-	LL^=des_SPtrans[6][s2]; \
+	LL^=DES_SPtrans[4][s1]; \
+	LL^=DES_SPtrans[6][s2]; \
 	u2=(int)t>>8L; \
 	u1=(int)t&0x3f; \
 	u2&=0x3f; \
-	LL^=des_SPtrans[1][u1]; \
-	LL^=des_SPtrans[3][u2]; \
+	LL^=DES_SPtrans[1][u1]; \
+	LL^=DES_SPtrans[3][u2]; \
 	s1=(int)t>>16; \
 	s2=(int)t>>24L; \
 	s1&=0x3f; \
 	s2&=0x3f; \
-	LL^=des_SPtrans[5][s1]; \
-	LL^=des_SPtrans[7][s2]; }
+	LL^=DES_SPtrans[5][s1]; \
+	LL^=DES_SPtrans[7][s2]; }
 #endif
 
 #else
@@ -333,14 +349,14 @@
 	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
 	t=ROTATE(t,4); \
 	LL^=\
-		des_SPtrans[0][(u>> 2L)&0x3f]^ \
-		des_SPtrans[2][(u>>10L)&0x3f]^ \
-		des_SPtrans[4][(u>>18L)&0x3f]^ \
-		des_SPtrans[6][(u>>26L)&0x3f]^ \
-		des_SPtrans[1][(t>> 2L)&0x3f]^ \
-		des_SPtrans[3][(t>>10L)&0x3f]^ \
-		des_SPtrans[5][(t>>18L)&0x3f]^ \
-		des_SPtrans[7][(t>>26L)&0x3f]; }
+		DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+		DES_SPtrans[2][(u>>10L)&0x3f]^ \
+		DES_SPtrans[4][(u>>18L)&0x3f]^ \
+		DES_SPtrans[6][(u>>26L)&0x3f]^ \
+		DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+		DES_SPtrans[3][(t>>10L)&0x3f]^ \
+		DES_SPtrans[5][(t>>18L)&0x3f]^ \
+		DES_SPtrans[7][(t>>26L)&0x3f]; }
 #endif
 #endif
 
@@ -405,8 +421,8 @@
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
 
-OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64];
+OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64];
 
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+		 DES_LONG Eswap0, DES_LONG Eswap1);
 #endif
diff --git a/crypto/openssl/crypto/des/des_old.c b/crypto/openssl/crypto/des/des_old.c
new file mode 100644
index 0000000..7e4cd71
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_old.c
@@ -0,0 +1,271 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with libdes.  OpenSSL now provides
+ * functions where "des_" has been replaced with "DES_" in the names,
+ * to make it possible to make incompatible changes that are needed
+ * for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+const char *_ossl_old_des_options(void)
+	{
+	return DES_options();
+	}
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	des_key_schedule ks1,des_key_schedule ks2,
+	des_key_schedule ks3, int enc)
+	{
+	DES_ecb3_encrypt((const_DES_cblock *)input, output,
+		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, enc);
+	}
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+	{
+	return DES_cbc_cksum((unsigned char *)input, output, length,
+		(DES_key_schedule *)schedule, ivec);
+	}
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, enc);
+	}
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, enc);
+	}
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
+	{
+	DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
+	}
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_cfb_encrypt(in, out, numbits, length,
+		(DES_key_schedule *)schedule, ivec, enc);
+	}
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	des_key_schedule ks,int enc)
+	{
+	DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+	}
+void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
+	{
+	DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+	}
+void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
+	{
+	DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+	}
+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3)
+	{
+	DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3);
+	}
+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3)
+	{
+	DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3);
+	}
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+	long length, des_key_schedule ks1, des_key_schedule ks2, 
+	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
+	{
+	DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, ivec, enc);
+	}
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
+	{
+	DES_ede3_cfb64_encrypt(in, out, length,
+		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, ivec, num, enc);
+	}
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
+	{
+	DES_ede3_ofb64_encrypt(in, out, length,
+		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, ivec, num);
+	}
+
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+	_ossl_old_des_cblock (*out_white))
+	{
+	DES_xwhite_in2out(des_key, in_white, out_white);
+	}
+
+int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+	_ossl_old_des_cblock *iv)
+	{
+	return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+	}
+int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+	_ossl_old_des_cblock *iv)
+	{
+	return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+	}
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
+	{
+	return DES_fcrypt(buf, salt, ret);
+	}
+char *_ossl_old_des_crypt(const char *buf,const char *salt)
+	{
+	return DES_crypt(buf, salt);
+	}
+char *_ossl_old_crypt(const char *buf,const char *salt)
+	{
+	return DES_crypt(buf, salt);
+	}
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+	{
+	DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+		ivec);
+	}
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, enc);
+	}
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,int out_count,_ossl_old_des_cblock *seed)
+	{
+	return DES_quad_cksum((unsigned char *)input, output, length,
+		out_count, seed);
+	}
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
+	{
+	RAND_seed(key, sizeof(_ossl_old_des_cblock));
+	}
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
+	{
+	DES_random_key((DES_cblock *)ret);
+	}
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+				int verify)
+	{
+	return DES_read_password(key, prompt, verify);
+	}
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
+	const char *prompt, int verify)
+	{
+	return DES_read_2passwords(key1, key2, prompt, verify);
+	}
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
+	{
+	DES_set_odd_parity(key);
+	}
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
+	{
+	return DES_is_weak_key(key);
+	}
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
+	{
+	return DES_set_key(key, (DES_key_schedule *)schedule);
+	}
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
+	{
+	return DES_key_sched(key, (DES_key_schedule *)schedule);
+	}
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
+	{
+	DES_string_to_key(str, key);
+	}
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
+	{
+	DES_string_to_2keys(str, key1, key2);
+	}
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
+	{
+	DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+		ivec, num, enc);
+	}
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
+	{
+	DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+		ivec, num);
+	}
diff --git a/crypto/openssl/crypto/des/des_old.h b/crypto/openssl/crypto/des/des_old.h
new file mode 100644
index 0000000..1d840b4
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_old.h
@@ -0,0 +1,441 @@
+/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with openssl 0.9.6 and older as
+ * well as libdes.  OpenSSL now provides functions where "des_" has
+ * been replaced with "DES_" in the names, to make it possible to
+ * make incompatible changes that are needed for C type security and
+ * other stuff.
+ *
+ * This include files has two compatibility modes:
+ *
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
+ *     that is compatible with libdes and SSLeay.
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
+ *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
+ *
+ * Note that these modes break earlier snapshots of OpenSSL, where
+ * libdes compatibility was the only available mode or (later on) the
+ * prefered compatibility mode.  However, after much consideration
+ * (and more or less violent discussions with external parties), it
+ * was concluded that OpenSSL should be compatible with earlier versions
+ * of itself before anything else.  Also, in all honesty, libdes is
+ * an old beast that shouldn't really be used any more.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will disappear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef OPENSSL_NO_DES
+#error DES is disabled.
+#endif
+
+#ifndef HEADER_NEW_DES_H
+#error You must include des.h, not des_old.h directly.
+#endif
+
+#ifdef _KERBEROS_DES_H
+#error <openssl/des_old.h> replaces <kerberos/des.h>.
+#endif
+
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>	/* OPENSSL_EXTERN */
+#include <openssl/symhacks.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef unsigned char _ossl_old_des_cblock[8];
+typedef struct _ossl_old_des_ks_struct
+	{
+	union	{
+		_ossl_old_des_cblock _;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG pad[2];
+		} ks;
+	} _ossl_old_des_key_schedule[16];
+
+#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+#define des_cblock DES_cblock
+#define const_des_cblock const_DES_cblock
+#define des_key_schedule DES_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+	DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+	DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+	DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+	DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+	DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+#define des_options()\
+	DES_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+	DES_cbc_cksum((i),(o),(l),&(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+	DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+	DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+	DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+	DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+	DES_ecb_encrypt((i),(o),&(k),(e))
+#define des_encrypt1(d,k,e)\
+	DES_encrypt1((d),&(k),(e))
+#define des_encrypt2(d,k,e)\
+	DES_encrypt2((d),&(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+	DES_encrypt3((d),&(k1),&(k2),&(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+	DES_decrypt3((d),&(k1),&(k2),&(k3))
+#define des_xwhite_in2out(k,i,o)\
+	DES_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+	DES_enc_read((f),(b),(l),&(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+	DES_enc_write((f),(b),(l),&(k),(iv))
+#define des_fcrypt(b,s,r)\
+	DES_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+	DES_crypt((b),(s))
+#if 0
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+#define crypt(b,s)\
+	DES_crypt((b),(s))
+#endif
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+	DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+	DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+	DES_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+	_ossl_096_des_random_seed((k))
+#define des_random_key(r)\
+	DES_random_key((r))
+#define des_read_password(k,p,v) \
+	DES_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+	DES_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+	DES_set_odd_parity((k))
+#define des_check_key_parity(k)\
+	DES_check_key_parity((k))
+#define des_is_weak_key(k)\
+	DES_is_weak_key((k))
+#define des_set_key(k,ks)\
+	DES_set_key((k),&(ks))
+#define des_key_sched(k,ks)\
+	DES_key_sched((k),&(ks))
+#define des_set_key_checked(k,ks)\
+	DES_set_key_checked((k),&(ks))
+#define des_set_key_unchecked(k,ks)\
+	DES_set_key_unchecked((k),&(ks))
+#define des_string_to_key(s,k)\
+	DES_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+	DES_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+	DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+	DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+		
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#else /* libdes compatibility */
+/* Map all symbol names to _ossl_old_des_* form, so we avoid all
+   clashes with libdes */
+#define des_cblock _ossl_old_des_cblock
+#define des_key_schedule _ossl_old_des_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+	_ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+	_ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+	_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+	_ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+#define des_options()\
+	_ossl_old_des_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+	_ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+	_ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+	_ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+	_ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+	_ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+	_ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+#define des_encrypt(d,k,e)\
+	_ossl_old_des_encrypt((d),(k),(e))
+#define des_encrypt2(d,k,e)\
+	_ossl_old_des_encrypt2((d),(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+	_ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+	_ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+#define des_xwhite_in2out(k,i,o)\
+	_ossl_old_des_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+	_ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+	_ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+#define des_fcrypt(b,s,r)\
+	_ossl_old_des_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+	_ossl_old_des_crypt((b),(s))
+#if 0
+#define crypt(b,s)\
+	_ossl_old_crypt((b),(s))
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+	_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+	_ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+	_ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+	_ossl_old_des_random_seed((k))
+#define des_random_key(r)\
+	_ossl_old_des_random_key((r))
+#define des_read_password(k,p,v) \
+	_ossl_old_des_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+	_ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+	_ossl_old_des_set_odd_parity((k))
+#define des_is_weak_key(k)\
+	_ossl_old_des_is_weak_key((k))
+#define des_set_key(k,ks)\
+	_ossl_old_des_set_key((k),(ks))
+#define des_key_sched(k,ks)\
+	_ossl_old_des_key_sched((k),(ks))
+#define des_string_to_key(s,k)\
+	_ossl_old_des_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+	_ossl_old_des_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+	_ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+	_ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+		
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#endif
+
+const char *_ossl_old_des_options(void);
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
+	_ossl_old_des_key_schedule ks3, int enc);
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	_ossl_old_des_key_schedule ks,int enc);
+void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
+	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+	_ossl_old_des_cblock (*out_white));
+
+int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+	_ossl_old_des_cblock *iv);
+int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+	_ossl_old_des_cblock *iv);
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
+char *_ossl_old_des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(NeXT)
+char *_ossl_old_crypt(const char *buf,const char *salt);
+#endif
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,int out_count,_ossl_old_des_cblock *seed);
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
+	const char *prompt,int verify);
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_096_des_random_seed(des_cblock *key);
+
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
+
+#define _KERBEROS_DES_H
+
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#  define check_parity des_check_key_parity
+#endif
+
+#define des_fixup_key_parity DES_fixup_key_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+/* for DES_read_pw_string et al */
+#include <openssl/ui_compat.h>
+
+#endif
diff --git a/crypto/openssl/crypto/des/des_old2.c b/crypto/openssl/crypto/des/des_old2.c
new file mode 100644
index 0000000..c8fa3ee
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_old2.c
@@ -0,0 +1,82 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now
+ * provides functions where "des_" has been replaced with "DES_" in
+ * the names, to make it possible to make incompatible changes that
+ * are needed for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#undef OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+void _ossl_096_des_random_seed(DES_cblock *key)
+	{
+	RAND_seed(key, sizeof(DES_cblock));
+	}
diff --git a/crypto/openssl/crypto/des/des_opts.c b/crypto/openssl/crypto/des/des_opts.c
index 138ee1c..79278b9 100644
--- a/crypto/openssl/crypto/des/des_opts.c
+++ b/crypto/openssl/crypto/des/des_opts.c
@@ -59,12 +59,12 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
+#ifndef OPENSSL_SYS_MSDOS
 #include <openssl/e_os2.h>
 #include OPENSSL_UNISTD
 #else
@@ -84,7 +84,7 @@ extern void exit();
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -118,10 +118,10 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#define des_encrypt1 des_encrypt_u4_cisc_idx
-#define des_encrypt2 des_encrypt2_u4_cisc_idx
-#define des_encrypt3 des_encrypt3_u4_cisc_idx
-#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#define DES_encrypt1 des_encrypt_u4_cisc_idx
+#define DES_encrypt2 des_encrypt2_u4_cisc_idx
+#define DES_encrypt3 des_encrypt3_u4_cisc_idx
+#define DES_decrypt3 des_decrypt3_u4_cisc_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -130,14 +130,14 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u16_cisc_idx
-#define des_encrypt2 des_encrypt2_u16_cisc_idx
-#define des_encrypt3 des_encrypt3_u16_cisc_idx
-#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_idx
+#define DES_encrypt2 des_encrypt2_u16_cisc_idx
+#define DES_encrypt3 des_encrypt3_u16_cisc_idx
+#define DES_decrypt3 des_decrypt3_u16_cisc_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -146,14 +146,14 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u4_risc1_idx
-#define des_encrypt2 des_encrypt2_u4_risc1_idx
-#define des_encrypt3 des_encrypt3_u4_risc1_idx
-#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_idx
+#define DES_encrypt2 des_encrypt2_u4_risc1_idx
+#define DES_encrypt3 des_encrypt3_u4_risc1_idx
+#define DES_decrypt3 des_decrypt3_u4_risc1_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -166,14 +166,14 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u4_risc2_idx
-#define des_encrypt2 des_encrypt2_u4_risc2_idx
-#define des_encrypt3 des_encrypt3_u4_risc2_idx
-#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_idx
+#define DES_encrypt2 des_encrypt2_u4_risc2_idx
+#define DES_encrypt3 des_encrypt3_u4_risc2_idx
+#define DES_decrypt3 des_decrypt3_u4_risc2_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -182,14 +182,14 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u16_risc1_idx
-#define des_encrypt2 des_encrypt2_u16_risc1_idx
-#define des_encrypt3 des_encrypt3_u16_risc1_idx
-#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_idx
+#define DES_encrypt2 des_encrypt2_u16_risc1_idx
+#define DES_encrypt3 des_encrypt3_u16_risc1_idx
+#define DES_decrypt3 des_decrypt3_u16_risc1_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -198,14 +198,14 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u16_risc2_idx
-#define des_encrypt2 des_encrypt2_u16_risc2_idx
-#define des_encrypt3 des_encrypt3_u16_risc2_idx
-#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_idx
+#define DES_encrypt2 des_encrypt2_u16_risc2_idx
+#define DES_encrypt3 des_encrypt3_u16_risc2_idx
+#define DES_decrypt3 des_decrypt3_u16_risc2_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -218,14 +218,14 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u4_cisc_ptr
-#define des_encrypt2 des_encrypt2_u4_cisc_ptr
-#define des_encrypt3 des_encrypt3_u4_cisc_ptr
-#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u4_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u4_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u4_cisc_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -234,14 +234,14 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u16_cisc_ptr
-#define des_encrypt2 des_encrypt2_u16_cisc_ptr
-#define des_encrypt3 des_encrypt3_u16_cisc_ptr
-#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u16_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u16_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u16_cisc_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -250,14 +250,14 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u4_risc1_ptr
-#define des_encrypt2 des_encrypt2_u4_risc1_ptr
-#define des_encrypt3 des_encrypt3_u4_risc1_ptr
-#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc1_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -270,14 +270,14 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u4_risc2_ptr
-#define des_encrypt2 des_encrypt2_u4_risc2_ptr
-#define des_encrypt3 des_encrypt3_u4_risc2_ptr
-#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc2_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -286,14 +286,14 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u16_risc1_ptr
-#define des_encrypt2 des_encrypt2_u16_risc1_ptr
-#define des_encrypt3 des_encrypt3_u16_risc1_ptr
-#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc1_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -302,14 +302,14 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt1
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt1 des_encrypt_u16_risc2_ptr
-#define des_encrypt2 des_encrypt2_u16_risc2_ptr
-#define des_encrypt3 des_encrypt3_u16_risc2_ptr
-#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc2_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -401,7 +401,7 @@ double Time_F(int s)
 	for (count=0,run=1; COND(cb); count++) \
 		{ \
 		unsigned long d[2]; \
-		func(d,&(sch[0]),DES_ENCRYPT); \
+		func(d,&sch,DES_ENCRYPT); \
 		} \
 	tm[index]=Time_F(STOP); \
 	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
@@ -415,10 +415,10 @@ int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
+	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	DES_key_schedule sch,sch2,sch3;
 	double d,tm[16],max=0;
 	int rank[16];
 	char *str[16];
@@ -438,13 +438,13 @@ int main(int argc, char **argv)
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 
-	des_set_key_unchecked(&key,sch);
-	des_set_key_unchecked(&key2,sch2);
-	des_set_key_unchecked(&key3,sch3);
+	DES_set_key_unchecked(&key,&sch);
+	DES_set_key_unchecked(&key2,&sch2);
+	DES_set_key_unchecked(&key3,&sch3);
 
 #ifndef SIGALRM
 	fprintf(stderr,"First we calculate the approximate speed ...\n");
-	des_set_key_unchecked(&key,sch);
+	DES_set_key_unchecked(&key,sch);
 	count=10;
 	do	{
 		long i;
@@ -453,7 +453,7 @@ int main(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
+			DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
@@ -598,7 +598,7 @@ int main(int argc, char **argv)
 		break;
 		}
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/des/des_ver.h b/crypto/openssl/crypto/des/des_ver.h
index de3c02f..379bbad 100644
--- a/crypto/openssl/crypto/des/des_ver.h
+++ b/crypto/openssl/crypto/des/des_ver.h
@@ -57,5 +57,15 @@
  */
 
 #include <openssl/e_os2.h>
-OPENSSL_EXTERN char *DES_version;	/* SSLeay version string */
-OPENSSL_EXTERN char *libdes_version;	/* old libdes version string */
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* The following macros make sure the names are different from libdes names */
+#define DES_version OSSL_DES_version
+#define libdes_version OSSL_libdes_version
+
+OPENSSL_EXTERN const char *OSSL_DES_version;	/* SSLeay version string */
+OPENSSL_EXTERN const char *OSSL_libdes_version;	/* old libdes version string */
diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c
index df0d615..7799e6e 100644
--- a/crypto/openssl/crypto/des/destest.c
+++ b/crypto/openssl/crypto/des/destest.c
@@ -56,25 +56,26 @@
  * [including the GNU Public Licence.]
  */
 
-#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
-#ifndef MSDOS
-#define MSDOS
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/e_os2.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
 #endif
 #endif
 
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#if !defined(VMS) || defined(__DECC)
-#include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
 #include OPENSSL_UNISTD
-#endif /* VMS */
+#endif
 #else
 #include <io.h>
 #endif
 #include <string.h>
 
-#ifdef NO_DES
+#ifdef OPENSSL_NO_DES
 int main(int argc, char *argv[])
 {
     printf("No DES support\n");
@@ -83,9 +84,7 @@ int main(int argc, char *argv[])
 #else
 #include <openssl/des.h>
 
-#if defined(PERL5) || defined(__FreeBSD__)
 #define crypt(c,s) (des_crypt((c),(s)))
-#endif
 
 /* tisk tisk - the test keys don't all have odd parity :-( */
 /* test data */
@@ -348,19 +347,19 @@ int main(int argc, char *argv[])
 	int num;
 	char *str;
 
-#ifndef NO_DESCBCM
+#ifndef OPENSSL_NO_DESCBCM
 	printf("Doing cbcm\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0)
+	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0)
+	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -372,9 +371,9 @@ int main(int argc, char *argv[])
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 	memset(iv2,'\0',sizeof iv2);
 
-	des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2,
+	DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
 			      DES_ENCRYPT);
-	des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
+	DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
 			      &iv3,&iv2,DES_ENCRYPT);
 	/*	if (memcmp(cbc_out,cbc3_ok,
 		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
@@ -385,7 +384,7 @@ int main(int argc, char *argv[])
 	*/
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 	memset(iv2,'\0',sizeof iv2);
-	des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT);
+	DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		int n;
@@ -404,7 +403,7 @@ int main(int argc, char *argv[])
 	printf("Doing ecb\n");
 	for (i=0; i<NUM_TESTS; i++)
 		{
-		des_set_key_unchecked(&key_data[i],ks);
+		DES_set_key_unchecked(&key_data[i],&ks);
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
@@ -430,9 +429,9 @@ int main(int argc, char *argv[])
 	printf("Doing ede ecb\n");
 	for (i=0; i<(NUM_TESTS-1); i++)
 		{
-		des_set_key_unchecked(&key_data[i],ks);
-		des_set_key_unchecked(&key_data[i+1],ks2);
-		des_set_key_unchecked(&key_data[i+2],ks3);
+		DES_set_key_unchecked(&key_data[i],&ks);
+		DES_set_key_unchecked(&key_data[i+1],&ks2);
+		DES_set_key_unchecked(&key_data[i+2],&ks3);
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
@@ -456,7 +455,7 @@ int main(int argc, char *argv[])
 #endif
 
 	printf("Doing cbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -483,7 +482,7 @@ int main(int argc, char *argv[])
 
 #ifndef LIBDES_LIT
 	printf("Doing desx cbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -509,17 +508,17 @@ int main(int argc, char *argv[])
 #endif
 
 	printf("Doing ede cbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0)
+	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0)
+	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -530,13 +529,22 @@ int main(int argc, char *argv[])
 	/* i=((i+7)/8)*8; */
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 
-	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT);
+	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
+			     DES_ENCRYPT);
 	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
 			     &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc3_ok,
 		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
 		{
+		int n;
+
 		printf("des_ede3_cbc_encrypt encrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_out[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc3_ok[n]);
+		printf("\n");
 		err=1;
 		}
 
@@ -544,13 +552,21 @@ int main(int argc, char *argv[])
 	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
+		int n;
+
 		printf("des_ede3_cbc_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
 		err=1;
 		}
 
 #ifndef LIBDES_LIT
 	printf("Doing pcbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -613,7 +629,7 @@ int main(int argc, char *argv[])
 	printf("done\n");
 
 	printf("Doing ofb\n");
-	des_set_key_checked(&ofb_key,ks);
+	DES_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
@@ -642,7 +658,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ofb64\n");
-	des_set_key_checked(&ofb_key,ks);
+	DES_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
@@ -659,7 +675,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num);
+	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
+			  &num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb64_encrypt decrypt error\n");
@@ -667,15 +684,15 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ede_ofb64\n");
-	des_set_key_checked(&ofb_key,ks);
+	DES_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
 	num=0;
 	for (i=0; i<sizeof(plain); i++)
 		{
-		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
-				       &ofb_tmp,&num);
+		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
+				       ks,&ofb_tmp,&num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
@@ -684,8 +701,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,
-			       ks,ks,&ofb_tmp,&num);
+	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
+			       &ofb_tmp,&num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ede_ofb64_encrypt decrypt error\n");
@@ -693,7 +710,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing cbc_cksum\n");
-	des_set_key_checked(&cbc_key,ks);
+	DES_set_key_checked(&cbc_key,&ks);
 	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
 	if (cs != cbc_cksum_ret)
 		{
@@ -708,7 +725,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing quad_cksum\n");
-	cs=quad_cksum(cbc_data,(des_cblock *)lqret,
+	cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
 		(long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
 	if (cs != 0x70d7a63aL)
 		{
@@ -829,7 +846,7 @@ static int cfb_test(int bits, unsigned char *cfb_cipher)
 	des_key_schedule ks;
 	int i,err=0;
 
-	des_set_key_checked(&cfb_key,ks);
+	DES_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
 			DES_ENCRYPT);
@@ -858,7 +875,7 @@ static int cfb64_test(unsigned char *cfb_cipher)
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_set_key_checked(&cfb_key,ks);
+	DES_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
 	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
@@ -891,7 +908,7 @@ static int ede_cfb64_test(unsigned char *cfb_cipher)
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_set_key_checked(&cfb_key,ks);
+	DES_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
 	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
diff --git a/crypto/openssl/crypto/des/ecb3_enc.c b/crypto/openssl/crypto/des/ecb3_enc.c
index fb28b97..c3437bc 100644
--- a/crypto/openssl/crypto/des/ecb3_enc.c
+++ b/crypto/openssl/crypto/des/ecb3_enc.c
@@ -58,8 +58,9 @@
 
 #include "des_locl.h"
 
-void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
-	     des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+		      DES_key_schedule *ks1, DES_key_schedule *ks2,
+		      DES_key_schedule *ks3,
 	     int enc)
 	{
 	register DES_LONG l0,l1;
@@ -72,9 +73,9 @@ void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
 	ll[0]=l0;
 	ll[1]=l1;
 	if (enc)
-		des_encrypt3(ll,ks1,ks2,ks3);
+		DES_encrypt3(ll,ks1,ks2,ks3);
 	else
-		des_decrypt3(ll,ks1,ks2,ks3);
+		DES_decrypt3(ll,ks1,ks2,ks3);
 	l0=ll[0];
 	l1=ll[1];
 	l2c(l0,out);
diff --git a/crypto/openssl/crypto/des/ecb_enc.c b/crypto/openssl/crypto/des/ecb_enc.c
index d481327..1b70f68 100644
--- a/crypto/openssl/crypto/des/ecb_enc.c
+++ b/crypto/openssl/crypto/des/ecb_enc.c
@@ -57,13 +57,14 @@
  */
 
 #include "des_locl.h"
+#include "des_ver.h"
 #include "spr.h"
 #include <openssl/opensslv.h>
 
 OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
 OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
 
-const char *des_options(void)
+const char *DES_options(void)
 	{
 	static int init=1;
 	static char buf[32];
@@ -103,9 +104,8 @@ const char *des_options(void)
 	}
 		
 
-void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
-	     des_key_schedule ks,
-	     int enc)
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+		     DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l;
 	DES_LONG ll[2];
@@ -114,9 +114,8 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
 
 	c2l(in,l); ll[0]=l;
 	c2l(in,l); ll[1]=l;
-	des_encrypt1(ll,ks,enc);
+	DES_encrypt1(ll,ks,enc);
 	l=ll[0]; l2c(l,out);
 	l=ll[1]; l2c(l,out);
 	l=ll[0]=ll[1]=0;
 	}
-
diff --git a/crypto/openssl/crypto/des/ede_cbcm_enc.c b/crypto/openssl/crypto/des/ede_cbcm_enc.c
index b98f7e1..fa45aa2 100644
--- a/crypto/openssl/crypto/des/ede_cbcm_enc.c
+++ b/crypto/openssl/crypto/des/ede_cbcm_enc.c
@@ -68,12 +68,12 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
 
 */
 
-#ifndef NO_DESCBCM
+#ifndef OPENSSL_NO_DESCBCM
 #include "des_locl.h"
 
-void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+	     DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
 	     int enc)
     {
     register DES_LONG tin0,tin1;
@@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 	    {
 	    tin[0]=m0;
 	    tin[1]=m1;
-	    des_encrypt1(tin,ks3,1);
+	    DES_encrypt1(tin,ks3,1);
 	    m0=tin[0];
 	    m1=tin[1];
 
@@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 
 	    tin[0]=tin0;
 	    tin[1]=tin1;
-	    des_encrypt1(tin,ks1,1);
+	    DES_encrypt1(tin,ks1,1);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt1(tin,ks2,0);
+	    DES_encrypt1(tin,ks2,0);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt1(tin,ks1,1);
+	    DES_encrypt1(tin,ks1,1);
 	    tout0=tin[0];
 	    tout1=tin[1];
 
@@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 	    {
 	    tin[0]=m0;
 	    tin[1]=m1;
-	    des_encrypt1(tin,ks3,1);
+	    DES_encrypt1(tin,ks3,1);
 	    m0=tin[0];
 	    m1=tin[1];
 
@@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 
 	    tin[0]=tin0;
 	    tin[1]=tin1;
-	    des_encrypt1(tin,ks1,0);
+	    DES_encrypt1(tin,ks1,0);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt1(tin,ks2,1);
+	    DES_encrypt1(tin,ks2,1);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt1(tin,ks1,0);
+	    DES_encrypt1(tin,ks1,0);
 	    tout0=tin[0];
 	    tout1=tin[1];
 
diff --git a/crypto/openssl/crypto/des/enc_read.c b/crypto/openssl/crypto/des/enc_read.c
index af2d917..c70fb68 100644
--- a/crypto/openssl/crypto/des/enc_read.c
+++ b/crypto/openssl/crypto/des/enc_read.c
@@ -63,15 +63,15 @@
 
 /* This has some uglies in it but it works - even over sockets. */
 /*extern int errno;*/
-OPENSSL_GLOBAL int des_rw_mode=DES_PCBC_MODE;
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
 
 
 /*
  * WARNINGS:
  *
- *  -  The data format used by des_enc_write() and des_enc_read()
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
  *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, des_enc_write will split the data
+ *     than MAXWRITE bytes, DES_enc_write will split the data
  *     into several chunks that are all encrypted
  *     using the same IV.  So don't use these functions unless you
  *     are sure you know what you do (in which case you might
@@ -84,8 +84,8 @@ OPENSSL_GLOBAL int des_rw_mode=DES_PCBC_MODE;
  */
 
 
-int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
-		 des_cblock *iv)
+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+		 DES_cblock *iv)
 	{
 	/* data to be unencrypted */
 	int net_num=0;
@@ -180,10 +180,10 @@ int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
 	/* Check if there will be data left over. */
 	if (len < num)
 		{
-		if (des_rw_mode & DES_PCBC_MODE)
-			des_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		if (DES_rw_mode & DES_PCBC_MODE)
+			DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
 		else
-			des_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+			DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
 		memcpy(buf,unnet,len);
 		unnet_start=len;
 		unnet_left=num-len;
@@ -202,11 +202,11 @@ int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
 		if (len < rnum)
 			{
 
-			if (des_rw_mode & DES_PCBC_MODE)
-				des_pcbc_encrypt(net,tmpbuf,num,sched,iv,
+			if (DES_rw_mode & DES_PCBC_MODE)
+				DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
 						 DES_DECRYPT);
 			else
-				des_cbc_encrypt(net,tmpbuf,num,sched,iv,
+				DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
 						DES_DECRYPT);
 
 			/* eay 26/08/92 fix a bug that returned more
@@ -215,11 +215,11 @@ int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
 			}
 		else
 			{
-			if (des_rw_mode & DES_PCBC_MODE)
-				des_pcbc_encrypt(net,buf,num,sched,iv,
+			if (DES_rw_mode & DES_PCBC_MODE)
+				DES_pcbc_encrypt(net,buf,num,sched,iv,
 						 DES_DECRYPT);
 			else
-				des_cbc_encrypt(net,buf,num,sched,iv,
+				DES_cbc_encrypt(net,buf,num,sched,iv,
 						DES_DECRYPT);
 			}
 		}
diff --git a/crypto/openssl/crypto/des/enc_writ.c b/crypto/openssl/crypto/des/enc_writ.c
index cc2b50f..af5b8c2 100644
--- a/crypto/openssl/crypto/des/enc_writ.c
+++ b/crypto/openssl/crypto/des/enc_writ.c
@@ -66,9 +66,9 @@
 /*
  * WARNINGS:
  *
- *  -  The data format used by des_enc_write() and des_enc_read()
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
  *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, des_enc_write will split the data
+ *     than MAXWRITE bytes, DES_enc_write will split the data
  *     into several chunks that are all encrypted
  *     using the same IV.  So don't use these functions unless you
  *     are sure you know what you do (in which case you might
@@ -77,8 +77,8 @@
  *  -  This code cannot handle non-blocking sockets.
  */
 
-int des_enc_write(int fd, const void *_buf, int len,
-		  des_key_schedule sched, des_cblock *iv)
+int DES_enc_write(int fd, const void *_buf, int len,
+		  DES_key_schedule *sched, DES_cblock *iv)
 	{
 #ifdef _LIBC
 	extern unsigned long time();
@@ -111,7 +111,7 @@ int des_enc_write(int fd, const void *_buf, int len,
 		j=0;
 		for (i=0; i<len; i+=k)
 			{
-			k=des_enc_write(fd,&(buf[i]),
+			k=DES_enc_write(fd,&(buf[i]),
 				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
 			if (k < 0)
 				return(k);
@@ -139,11 +139,11 @@ int des_enc_write(int fd, const void *_buf, int len,
 		rnum=((len+7)/8*8); /* round up to nearest eight */
 		}
 
-	if (des_rw_mode & DES_PCBC_MODE)
-		des_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+	if (DES_rw_mode & DES_PCBC_MODE)
+		DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
 				 DES_ENCRYPT); 
 	else
-		des_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+		DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
 				DES_ENCRYPT); 
 
 	/* output */
diff --git a/crypto/openssl/crypto/des/fcrypt.c b/crypto/openssl/crypto/des/fcrypt.c
index ad31543..2758c32 100644
--- a/crypto/openssl/crypto/des/fcrypt.c
+++ b/crypto/openssl/crypto/des/fcrypt.c
@@ -58,22 +58,15 @@ static unsigned const char cov_2char[64]={
 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
 };
 
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+		 DES_LONG Eswap0, DES_LONG Eswap1);
 
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_DARWIN)
-char *crypt(const char *buf, const char *salt)
-	{
-	return(des_crypt(buf, salt));
-	}
-#endif
-
-char *des_crypt(const char *buf, const char *salt)
+char *DES_crypt(const char *buf, const char *salt)
 	{
 	static char buff[14];
 
 #ifndef CHARSET_EBCDIC
-	return(des_fcrypt(buf,salt,buff));
+	return(DES_fcrypt(buf,salt,buff));
 #else
 	char e_salt[2+1];
 	char e_buf[32+1];	/* replace 32 by 8 ? */
@@ -89,14 +82,14 @@ char *des_crypt(const char *buf, const char *salt)
 	/* Make sure we have a delimiter */
 	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
 
-	/* Convert the e_salt to ASCII, as that's what des_fcrypt works on */
+	/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
 	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
 
 	/* Convert the cleartext password to ASCII */
 	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
 
 	/* Encrypt it (from/to ASCII) */
-	ret = des_fcrypt(e_buf,e_salt,buff);
+	ret = DES_fcrypt(e_buf,e_salt,buff);
 
 	/* Convert the result back to EBCDIC */
 	ascii2ebcdic(ret, ret, strlen(ret));
@@ -106,13 +99,13 @@ char *des_crypt(const char *buf, const char *salt)
 	}
 
 
-char *des_fcrypt(const char *buf, const char *salt, char *ret)
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
 	{
 	unsigned int i,j,x,y;
 	DES_LONG Eswap0,Eswap1;
 	DES_LONG out[2],ll;
-	des_cblock key;
-	des_key_schedule ks;
+	DES_cblock key;
+	DES_key_schedule ks;
 	unsigned char bb[9];
 	unsigned char *b=bb;
 	unsigned char c,u;
@@ -150,8 +143,8 @@ r=(r+7)/8;
 	for (; i<8; i++)
 		key[i]=0;
 
-	des_set_key_unchecked(&key,ks);
-	fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+	DES_set_key_unchecked(&key,&ks);
+	fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
 
 	ll=out[0]; l2c(ll,b);
 	ll=out[1]; l2c(ll,b);
diff --git a/crypto/openssl/crypto/des/fcrypt_b.c b/crypto/openssl/crypto/des/fcrypt_b.c
index 22c87f5..1390138 100644
--- a/crypto/openssl/crypto/des/fcrypt_b.c
+++ b/crypto/openssl/crypto/des/fcrypt_b.c
@@ -77,12 +77,12 @@
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
 	(a)=(a)^(t)^(t>>(16-(n))))\
 
-void fcrypt_body(DES_LONG *out, des_key_schedule ks, DES_LONG Eswap0,
-	     DES_LONG Eswap1)
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+		 DES_LONG Eswap1)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
 #endif
 	register DES_LONG *s;
 	register int j;
diff --git a/crypto/openssl/crypto/des/ncbc_enc.c b/crypto/openssl/crypto/des/ncbc_enc.c
index b8db07b..fda23d5 100644
--- a/crypto/openssl/crypto/des/ncbc_enc.c
+++ b/crypto/openssl/crypto/des/ncbc_enc.c
@@ -1,8 +1,8 @@
 /* crypto/des/ncbc_enc.c */
 /*
  * #included by:
- *    cbc_enc.c  (des_cbc_encrypt)
- *    des_enc.c  (des_ncbc_encrypt)
+ *    cbc_enc.c  (DES_cbc_encrypt)
+ *    des_enc.c  (DES_ncbc_encrypt)
  */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
@@ -64,11 +64,11 @@
 #include "des_locl.h"
 
 #ifdef CBC_ENC_C__DONT_UPDATE_IV
-void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     des_key_schedule schedule, des_cblock *ivec, int enc)
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
 #else
-void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     des_key_schedule schedule, des_cblock *ivec, int enc)
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
 #endif
 	{
 	register DES_LONG tin0,tin1;
@@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2l(in,tin1);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2c(tout0,out);
@@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2cn(tout0,tout1,out,l+8);
diff --git a/crypto/openssl/crypto/des/ofb64ede.c b/crypto/openssl/crypto/des/ofb64ede.c
index 6eafe90..26bbf9a 100644
--- a/crypto/openssl/crypto/des/ofb64ede.c
+++ b/crypto/openssl/crypto/des/ofb64ede.c
@@ -62,15 +62,16 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void des_ede3_ofb64_encrypt(register const unsigned char *in,
-	     register unsigned char *out, long length, des_key_schedule k1,
-	     des_key_schedule k2, des_key_schedule k3, des_cblock *ivec,
-	     int *num)
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+			    register unsigned char *out, long length,
+			    DES_key_schedule *k1, DES_key_schedule *k2,
+			    DES_key_schedule *k3, DES_cblock *ivec,
+			    int *num)
 	{
 	register DES_LONG v0,v1;
 	register int n= *num;
 	register long l=length;
-	des_cblock d;
+	DES_cblock d;
 	register char *dp;
 	DES_LONG ti[2];
 	unsigned char *iv;
@@ -90,7 +91,7 @@ void des_ede3_ofb64_encrypt(register const unsigned char *in,
 			{
 			/* ti[0]=v0; */
 			/* ti[1]=v1; */
-			des_encrypt3(ti,k1,k2,k3);
+			DES_encrypt3(ti,k1,k2,k3);
 			v0=ti[0];
 			v1=ti[1];
 
@@ -115,10 +116,10 @@ void des_ede3_ofb64_encrypt(register const unsigned char *in,
 	}
 
 #ifdef undef /* MACRO */
-void des_ede2_ofb64_encrypt(register unsigned char *in,
-	     register unsigned char *out, long length, des_key_schedule k1,
-	     des_key_schedule k2, des_cblock (*ivec), int *num)
+void DES_ede2_ofb64_encrypt(register unsigned char *in,
+	     register unsigned char *out, long length, DES_key_schedule k1,
+	     DES_key_schedule k2, DES_cblock (*ivec), int *num)
 	{
-	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+	DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
 	}
 #endif
diff --git a/crypto/openssl/crypto/des/ofb64enc.c b/crypto/openssl/crypto/des/ofb64enc.c
index 1a1d1f1..8ca3d49 100644
--- a/crypto/openssl/crypto/des/ofb64enc.c
+++ b/crypto/openssl/crypto/des/ofb64enc.c
@@ -62,14 +62,14 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void des_ofb64_encrypt(register const unsigned char *in,
-	     register unsigned char *out, long length, des_key_schedule schedule,
-	     des_cblock *ivec, int *num)
+void DES_ofb64_encrypt(register const unsigned char *in,
+		       register unsigned char *out, long length,
+		       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
 	{
 	register DES_LONG v0,v1,t;
 	register int n= *num;
 	register long l=length;
-	des_cblock d;
+	DES_cblock d;
 	register unsigned char *dp;
 	DES_LONG ti[2];
 	unsigned char *iv;
@@ -87,7 +87,7 @@ void des_ofb64_encrypt(register const unsigned char *in,
 		{
 		if (n == 0)
 			{
-			des_encrypt1(ti,schedule,DES_ENCRYPT);
+			DES_encrypt1(ti,schedule,DES_ENCRYPT);
 			dp=d;
 			t=ti[0]; l2c(t,dp);
 			t=ti[1]; l2c(t,dp);
diff --git a/crypto/openssl/crypto/des/ofb_enc.c b/crypto/openssl/crypto/des/ofb_enc.c
index 70493e6..e887a3c 100644
--- a/crypto/openssl/crypto/des/ofb_enc.c
+++ b/crypto/openssl/crypto/des/ofb_enc.c
@@ -64,8 +64,9 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-	     long length, des_key_schedule schedule, des_cblock *ivec)
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+		     long length, DES_key_schedule *schedule,
+		     DES_cblock *ivec)
 	{
 	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
@@ -101,7 +102,7 @@ void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 		{
 		ti[0]=v0;
 		ti[1]=v1;
-		des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 		vv0=ti[0];
 		vv1=ti[1];
 		c2ln(in,d0,d1,n);
diff --git a/crypto/openssl/crypto/des/pcbc_enc.c b/crypto/openssl/crypto/des/pcbc_enc.c
index 5b987f0..17a40f9 100644
--- a/crypto/openssl/crypto/des/pcbc_enc.c
+++ b/crypto/openssl/crypto/des/pcbc_enc.c
@@ -58,8 +58,9 @@
 
 #include "des_locl.h"
 
-void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+		      long length, DES_key_schedule *schedule,
+		      DES_cblock *ivec, int enc)
 	{
 	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
 	DES_LONG tin[2];
@@ -85,7 +86,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
 				c2ln(in,sin0,sin1,length);
 			tin[0]=sin0^xor0;
 			tin[1]=sin1^xor1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0];
 			tout1=tin[1];
 			xor0=sin0^tout0;
@@ -103,7 +104,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
 			c2l(in,sin1);
 			tin[0]=sin0;
 			tin[1]=sin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			if (length >= 8)
diff --git a/crypto/openssl/crypto/des/qud_cksm.c b/crypto/openssl/crypto/des/qud_cksm.c
index 9fff989..dac2012 100644
--- a/crypto/openssl/crypto/des/qud_cksm.c
+++ b/crypto/openssl/crypto/des/qud_cksm.c
@@ -73,8 +73,8 @@
 /* Got the value MIT uses via brute force :-) 2/10/90 eay */
 #define NOISE	((DES_LONG)83653421L)
 
-DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
-	     long length, int out_count, des_cblock *seed)
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+	     long length, int out_count, DES_cblock *seed)
 	{
 	DES_LONG z0,z1,t0,t1;
 	int i;
diff --git a/crypto/openssl/crypto/des/rand_key.c b/crypto/openssl/crypto/des/rand_key.c
index ee1a6c2..2398165 100644
--- a/crypto/openssl/crypto/des/rand_key.c
+++ b/crypto/openssl/crypto/des/rand_key.c
@@ -56,18 +56,13 @@
 #include <openssl/des.h>
 #include <openssl/rand.h>
 
-void des_random_seed(des_cblock *key)
-	{
-	RAND_seed(key, sizeof(des_cblock));
-	}
-
-int des_random_key(des_cblock *ret)
+int DES_random_key(DES_cblock *ret)
 	{
 	do
 		{
-		if (RAND_bytes((unsigned char *)ret, sizeof(des_cblock)) != 1)
+		if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
 			return (0);
-		} while (des_is_weak_key(ret));
-	des_set_odd_parity(ret);
+		} while (DES_is_weak_key(ret));
+	DES_set_odd_parity(ret);
 	return (1);
 	}
diff --git a/crypto/openssl/crypto/des/read2pwd.c b/crypto/openssl/crypto/des/read2pwd.c
index a8ceaf0..3a63c40 100644
--- a/crypto/openssl/crypto/des/read2pwd.c
+++ b/crypto/openssl/crypto/des/read2pwd.c
@@ -1,4 +1,57 @@
 /* crypto/des/read2pwd.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,29 +109,31 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/ui.h>
 
-int des_read_password(des_cblock *key, const char *prompt, int verify)
+int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 	{
 	int ok;
 	char buf[BUFSIZ],buff[BUFSIZ];
 
-	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		des_string_to_key(buf,key);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		DES_string_to_key(buf,key);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
 
-int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
 	     int verify)
 	{
 	int ok;
 	char buf[BUFSIZ],buff[BUFSIZ];
 
-	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		des_string_to_2keys(buf,key1,key2);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		DES_string_to_2keys(buf,key1,key2);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
diff --git a/crypto/openssl/crypto/des/read_pwd.c b/crypto/openssl/crypto/des/read_pwd.c
index cba52ca..ce5fa00 100644
--- a/crypto/openssl/crypto/des/read_pwd.c
+++ b/crypto/openssl/crypto/des/read_pwd.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32) && !defined(VXWORKS)
-#include <openssl/opensslconf.h>
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
 #ifdef OPENSSL_UNISTD
 # include OPENSSL_UNISTD
 #else
@@ -78,7 +78,7 @@
 /* #define SIGACTION */ /* Define this if you have sigaction() */
 
 #ifdef WIN16TTY
-#undef WIN16
+#undef OPENSSL_SYS_WIN16
 #undef _WINDOWS
 #include <graph.h>
 #endif
@@ -92,7 +92,7 @@
 #include <setjmp.h>
 #include <errno.h>
 
-#ifdef VMS			/* prototypes for sys$whatever */
+#ifdef OPENSSL_SYS_VMS			/* prototypes for sys$whatever */
 #include <starlet.h>
 #ifdef __DECC
 #pragma message disable DOLLARID
@@ -101,8 +101,10 @@
 
 #ifdef WIN_CONSOLE_BUG
 #include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
 #include <wincon.h>
 #endif
+#endif
 
 
 /* There are 5 types of terminal interface supported,
@@ -127,13 +129,13 @@
 #undef  SGTTY
 #endif
 
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
 #undef  TERMIOS
 #undef  TERMIO
 #define SGTTY
 #endif
 
-#if defined(VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS)
 #undef TERMIOS
 #undef TERMIO
 #undef SGTTY
@@ -163,16 +165,16 @@
 #define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
 #endif
 
-#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS) && !defined(MAC_OS_pre_X)
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
 #include <sys/ioctl.h>
 #endif
 
-#if defined(MSDOS) && !defined(__CYGWIN32__)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
 #include <conio.h>
 #define fgets(a,b,c) noecho_fgets(a,b,c)
 #endif
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #include <ssdef.h>
 #include <iodef.h>
 #include <ttdef.h>
@@ -201,7 +203,7 @@ static void read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
 static void popsig(void);
-#if defined(MSDOS) && !defined(WIN16)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
 static int noecho_fgets(char *buf, int size, FILE *tty);
 #endif
 #ifdef SIGACTION
@@ -218,11 +220,29 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
 	int ret;
 
 	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ret);
 	}
 
-#ifndef WIN16
+#ifdef OPENSSL_SYS_WINCE
+
+int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#elif defined(OPENSSL_SYS_WIN16)
+
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
 
 static void read_till_nl(FILE *in)
 	{
@@ -239,14 +259,14 @@ static void read_till_nl(FILE *in)
 int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 	     int verify)
 	{
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	struct IOSB iosb;
 	$DESCRIPTOR(terminal,"TT");
 	long tty_orig[3], tty_new[3];
 	long status;
 	unsigned short channel = 0;
 #else
-#if !defined(MSDOS) && !defined(VXWORKS)
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
 	TTY_STRUCT tty_orig,tty_new;
 #endif
 #endif
@@ -271,19 +291,19 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 	is_a_tty=1;
 	tty=NULL;
 
-#ifdef MSDOS
+#ifdef OPENSSL_SYS_MSDOS
 	if ((tty=fopen("con","r")) == NULL)
 		tty=stdin;
-#elif defined(MAC_OS_pre_X) || defined(VXWORKS)
+#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
 	tty=stdin;
 #else
-#ifndef MPE
+#ifndef OPENSSL_SYS_MPE
 	if ((tty=fopen("/dev/tty","r")) == NULL)
 #endif
 		tty=stdin;
 #endif
 
-#if defined(TTY_get) && !defined(VMS)
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
 	if (TTY_get(fileno(tty),&tty_orig) == -1)
 		{
 #ifdef ENOTTY
@@ -302,7 +322,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 		}
 	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
 #endif
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	status = sys$assign(&terminal,&channel,0,0);
 	if (status != SS$_NORMAL)
 		return(-1);
@@ -318,15 +338,15 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 	tty_new.TTY_FLAGS &= ~ECHO;
 #endif
 
-#if defined(TTY_set) && !defined(VMS)
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
-#ifdef MPE 
+#ifdef OPENSSL_SYS_MPE 
 		; /* MPE lies -- echo really has been disabled */
 #else
 		return(-1);
 #endif
 #endif
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	tty_new[0] = tty_orig[0];
 	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
 	tty_new[2] = tty_orig[2];
@@ -376,10 +396,10 @@ error:
 	perror("fgets(tty)");
 #endif
 	/* What can we do if there is an error? */
-#if defined(TTY_set) && !defined(VMS)
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
 #endif
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	if (ps >= 2)
 		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
 			,tty_orig,12,0,0,0,0);
@@ -387,23 +407,12 @@ error:
 	
 	if (ps >= 1) popsig();
 	if (stdin != tty) fclose(tty);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	status = sys$dassgn(channel);
 #endif
 	return(!ok);
 	}
 
-#else /* WIN16 */
-
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
-	{ 
-	memset(buf,0,size);
-	memset(buff,0,size);
-	return(0);
-	}
-
-#endif
-
 static void pushsig(void)
 	{
 	int i;
@@ -466,7 +475,7 @@ static void recsig(int i)
 #endif
 	}
 
-#if defined(MSDOS) && !defined(WIN16)
+#ifdef OPENSSL_SYS_MSDOS
 static int noecho_fgets(char *buf, int size, FILE *tty)
 	{
 	int i;
@@ -509,3 +518,4 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
 	return(strlen(buf));
 	}
 #endif
+#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
diff --git a/crypto/openssl/crypto/des/rpc_enc.c b/crypto/openssl/crypto/des/rpc_enc.c
index 32d96d5..d937d08 100644
--- a/crypto/openssl/crypto/des/rpc_enc.c
+++ b/crypto/openssl/crypto/des/rpc_enc.c
@@ -63,20 +63,20 @@
 int _des_crypt(char *buf,int len,struct desparams *desp);
 int _des_crypt(char *buf, int len, struct desparams *desp)
 	{
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int enc;
 
-	des_set_key_unchecked(&desp->des_key,ks);
+	DES_set_key_unchecked(&desp->des_key,&ks);
 	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
 
 	if (desp->des_mode == CBC)
-		des_ecb_encrypt((const_des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,ks,
+		DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+				(DES_cblock *)desp->UDES.UDES_buf,&ks,
 				enc);
 	else
 		{
-		des_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
-				len,ks,&desp->des_ivec,enc);
+		DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+				len,&ks,&desp->des_ivec,enc);
 #ifdef undef
 		/* len will always be %8 if called from common_crypt
 		 * in secure_rpc.
diff --git a/crypto/openssl/crypto/des/rpw.c b/crypto/openssl/crypto/des/rpw.c
index 0b6b151..8a9473c 100644
--- a/crypto/openssl/crypto/des/rpw.c
+++ b/crypto/openssl/crypto/des/rpw.c
@@ -61,7 +61,7 @@
 
 int main(int argc, char *argv[])
 	{
-	des_cblock k,k1;
+	DES_cblock k,k1;
 	int i;
 
 	printf("read passwd\n");
diff --git a/crypto/openssl/crypto/des/set_key.c b/crypto/openssl/crypto/des/set_key.c
index 09afd4f..143008e 100644
--- a/crypto/openssl/crypto/des/set_key.c
+++ b/crypto/openssl/crypto/des/set_key.c
@@ -65,7 +65,7 @@
  */
 #include "des_locl.h"
 
-OPENSSL_GLOBAL int des_check_key=0;
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
 
 static const unsigned char odd_parity[256]={
   1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
@@ -85,7 +85,7 @@ static const unsigned char odd_parity[256]={
 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
 
-void des_set_odd_parity(des_cblock *key)
+void DES_set_odd_parity(DES_cblock *key)
 	{
 	int i;
 
@@ -93,7 +93,7 @@ void des_set_odd_parity(des_cblock *key)
 		(*key)[i]=odd_parity[(*key)[i]];
 	}
 
-int des_check_key_parity(const_des_cblock *key)
+int DES_check_key_parity(const_DES_cblock *key)
 	{
 	int i;
 
@@ -115,7 +115,7 @@ int des_check_key_parity(const_des_cblock *key)
  * (and actual cblock values).
  */
 #define NUM_WEAK_KEY	16
-static des_cblock weak_keys[NUM_WEAK_KEY]={
+static DES_cblock weak_keys[NUM_WEAK_KEY]={
 	/* weak keys */
 	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
 	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
@@ -135,7 +135,7 @@ static des_cblock weak_keys[NUM_WEAK_KEY]={
 	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
 	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
 
-int des_is_weak_key(const_des_cblock *key)
+int DES_is_weak_key(const_DES_cblock *key)
 	{
 	int i;
 
@@ -146,7 +146,7 @@ int des_is_weak_key(const_des_cblock *key)
 		 * eay 93/06/29
 		 * Another problem, I was comparing only the first 4
 		 * bytes, 97/03/18 */
-		if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
+		if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
 	return(0);
 	}
 
@@ -307,15 +307,15 @@ static const DES_LONG des_skb[8][64]={
 	0x00002822L,0x04002822L,0x00042822L,0x04042822L,
 	}};
 
-int des_set_key(const_des_cblock *key, des_key_schedule schedule)
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
 	{
-	if (des_check_key)
+	if (DES_check_key)
 		{
-		return des_set_key_checked(key, schedule);
+		return DES_set_key_checked(key, schedule);
 		}
 	else
 		{
-		des_set_key_unchecked(key, schedule);
+		DES_set_key_unchecked(key, schedule);
 		return 0;
 		}
 	}
@@ -324,17 +324,17 @@ int des_set_key(const_des_cblock *key, des_key_schedule schedule)
  * return -1 if key parity error,
  * return -2 if illegal weak key.
  */
-int des_set_key_checked(const_des_cblock *key, des_key_schedule schedule)
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
 	{
-	if (!des_check_key_parity(key))
+	if (!DES_check_key_parity(key))
 		return(-1);
-	if (des_is_weak_key(key))
+	if (DES_is_weak_key(key))
 		return(-2);
-	des_set_key_unchecked(key, schedule);
+	DES_set_key_unchecked(key, schedule);
 	return 0;
 	}
 
-void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
 	{
 	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
 	register DES_LONG c,d,t,s,t2;
@@ -342,7 +342,11 @@ void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
 	register DES_LONG *k;
 	register int i;
 
-	k = &schedule->ks.deslong[0];
+#ifdef OPENBSD_DEV_CRYPTO
+	memcpy(schedule->key,key,sizeof schedule->key);
+	schedule->session=NULL;
+#endif
+	k = &schedule->ks->deslong[0];
 	in = &(*key)[0];
 
 	c2l(in,c);
@@ -390,13 +394,14 @@ void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
 		}
 	}
 
-int des_key_sched(const_des_cblock *key, des_key_schedule schedule)
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
 	{
-	return(des_set_key(key,schedule));
+	return(DES_set_key(key,schedule));
 	}
-
+/*
 #undef des_fixup_key_parity
 void des_fixup_key_parity(des_cblock *key)
 	{
 	des_set_odd_parity(key);
 	}
+*/
diff --git a/crypto/openssl/crypto/des/speed.c b/crypto/openssl/crypto/des/speed.c
index 1223edf..48fc1d4 100644
--- a/crypto/openssl/crypto/des/speed.c
+++ b/crypto/openssl/crypto/des/speed.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -176,10 +176,10 @@ int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
+	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	DES_key_schedule sch,sch2,sch3;
 	double a,b,c,d,e;
 #ifndef SIGALRM
 	long ca,cb,cc,cd,ce;
@@ -190,12 +190,12 @@ int main(int argc, char **argv)
 	printf("program when this computer is idle.\n");
 #endif
 
-	des_set_key_unchecked(&key2,sch2);
-	des_set_key_unchecked(&key3,sch3);
+	DES_set_key_unchecked(&key2,&sch2);
+	DES_set_key_unchecked(&key3,&sch3);
 
 #ifndef SIGALRM
 	printf("First we calculate the approximate speed ...\n");
-	des_set_key_unchecked(&key,sch);
+	DES_set_key_unchecked(&key,&sch);
 	count=10;
 	do	{
 		long i;
@@ -204,7 +204,7 @@ int main(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
+			DES_encrypt1(data,&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
@@ -225,63 +225,63 @@ int main(int argc, char **argv)
 
 	Time_F(START);
 	for (count=0,run=1; COND(ca); count++)
-		des_set_key_unchecked(&key,sch);
+		DES_set_key_unchecked(&key,&sch);
 	d=Time_F(STOP);
 	printf("%ld set_key's in %.2f seconds\n",count,d);
 	a=((double)COUNT(ca))/d;
 
 #ifdef SIGALRM
-	printf("Doing des_encrypt's for 10 seconds\n");
+	printf("Doing DES_encrypt's for 10 seconds\n");
 	alarm(10);
 #else
-	printf("Doing des_encrypt %ld times\n",cb);
+	printf("Doing DES_encrypt %ld times\n",cb);
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cb); count++)
 		{
 		DES_LONG data[2];
 
-		des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
+		DES_encrypt1(data,&sch,DES_ENCRYPT);
 		}
 	d=Time_F(STOP);
-	printf("%ld des_encrypt's in %.2f second\n",count,d);
+	printf("%ld DES_encrypt's in %.2f second\n",count,d);
 	b=((double)COUNT(cb)*8)/d;
 
 #ifdef SIGALRM
-	printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+	printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
 		BUFSIZE);
 	alarm(10);
 #else
-	printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+	printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,
 		BUFSIZE);
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cc); count++)
-		des_ncbc_encrypt(buf,buf,BUFSIZE,&(sch[0]),
+		DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,
 			&key,DES_ENCRYPT);
 	d=Time_F(STOP);
-	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+	printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
 		count,BUFSIZE,d);
 	c=((double)COUNT(cc)*BUFSIZE)/d;
 
 #ifdef SIGALRM
-	printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+	printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
 		BUFSIZE);
 	alarm(10);
 #else
-	printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+	printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
 		BUFSIZE);
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cd); count++)
-		des_ede3_cbc_encrypt(buf,buf,BUFSIZE,
-			&(sch[0]),
-			&(sch2[0]),
-			&(sch3[0]),
+		DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,
+			&sch,
+			&sch2,
+			&sch3,
 			&key,
 			DES_ENCRYPT);
 	d=Time_F(STOP);
-	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+	printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
 		count,BUFSIZE,d);
 	d=((double)COUNT(cd)*BUFSIZE)/d;
 
@@ -304,7 +304,7 @@ int main(int argc, char **argv)
 	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
 	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/des/spr.h b/crypto/openssl/crypto/des/spr.h
index b8fbdcf..b91936a 100644
--- a/crypto/openssl/crypto/des/spr.h
+++ b/crypto/openssl/crypto/des/spr.h
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-OPENSSL_GLOBAL const DES_LONG des_SPtrans[8][64]={
+OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={
 {
 /* nibble 0 */
 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
diff --git a/crypto/openssl/crypto/des/str2key.c b/crypto/openssl/crypto/des/str2key.c
index c6abb87..0373db4 100644
--- a/crypto/openssl/crypto/des/str2key.c
+++ b/crypto/openssl/crypto/des/str2key.c
@@ -58,9 +58,9 @@
 
 #include "des_locl.h"
 
-void des_string_to_key(const char *str, des_cblock *key)
+void DES_string_to_key(const char *str, DES_cblock *key)
 	{
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int i,length;
 	register unsigned char j;
 
@@ -85,16 +85,22 @@ void des_string_to_key(const char *str, des_cblock *key)
 			}
 		}
 #endif
-	des_set_odd_parity(key);
-	des_set_key_unchecked(key,ks);
-	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
-	memset(ks,0,sizeof(ks));
-	des_set_odd_parity(key);
+	DES_set_odd_parity(key);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+	if(DES_is_weak_key(key))
+	    (*key)[7] ^= 0xF0;
+	DES_set_key(key,&ks);
+#else
+	DES_set_key_unchecked(key,&ks);
+#endif
+	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	DES_set_odd_parity(key);
 	}
 
-void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 	{
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int i,length;
 	register unsigned char j;
 
@@ -143,13 +149,25 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
 		}
 	if (length <= 8) memcpy(key2,key1,8);
 #endif
-	des_set_odd_parity(key1);
-	des_set_odd_parity(key2);
-	des_set_key_unchecked(key1,ks);
-	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
-	des_set_key_unchecked(key2,ks);
-	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
-	memset(ks,0,sizeof(ks));
-	des_set_odd_parity(key1);
-	des_set_odd_parity(key2);
+	DES_set_odd_parity(key1);
+	DES_set_odd_parity(key2);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+	if(DES_is_weak_key(key1))
+	    (*key1)[7] ^= 0xF0;
+	DES_set_key(key1,&ks);
+#else
+	DES_set_key_unchecked(key1,&ks);
+#endif
+	DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+	if(DES_is_weak_key(key2))
+	    (*key2)[7] ^= 0xF0;
+	DES_set_key(key2,&ks);
+#else
+	DES_set_key_unchecked(key2,&ks);
+#endif
+	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	DES_set_odd_parity(key1);
+	DES_set_odd_parity(key2);
 	}
diff --git a/crypto/openssl/crypto/des/xcbc_enc.c b/crypto/openssl/crypto/des/xcbc_enc.c
index ccfede1..47246eb 100644
--- a/crypto/openssl/crypto/des/xcbc_enc.c
+++ b/crypto/openssl/crypto/des/xcbc_enc.c
@@ -79,8 +79,8 @@ static unsigned char desx_white_in2out[256]={
 0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
 	};
 
-void des_xwhite_in2out(const_des_cblock *des_key, const_des_cblock *in_white,
-	     des_cblock *out_white)
+void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
+	     DES_cblock *out_white)
 	{
 	int out0,out1;
 	int i;
@@ -107,9 +107,10 @@ void des_xwhite_in2out(const_des_cblock *des_key, const_des_cblock *in_white,
 		}
 	}
 
-void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
-	    long length, des_key_schedule schedule, des_cblock *ivec,
-	    const_des_cblock *inw, const_des_cblock *outw, int enc)
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+		      long length, DES_key_schedule *schedule,
+		      DES_cblock *ivec, const_DES_cblock *inw,
+		      const_DES_cblock *outw, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
@@ -138,7 +139,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			c2l(in,tin1);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt1(tin,schedule,DES_ENCRYPT);
+			DES_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -147,7 +148,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt1(tin,schedule,DES_ENCRYPT);
+			DES_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -163,7 +164,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt1(tin,schedule,DES_DECRYPT);
+			DES_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2c(tout0,out);
@@ -175,7 +176,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt1(tin,schedule,DES_DECRYPT);
+			DES_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2cn(tout0,tout1,out,l+8);
diff --git a/crypto/openssl/crypto/dh/Makefile.ssl b/crypto/openssl/crypto/dh/Makefile.ssl
index ccee00e..ed47f85 100644
--- a/crypto/openssl/crypto/dh/Makefile.ssl
+++ b/crypto/openssl/crypto/dh/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	dh
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -22,8 +23,8 @@ TEST= dhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,41 +79,58 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_check.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dh_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_check.o: ../cryptlib.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
 dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dh_err.o: ../../include/openssl/symhacks.h
-dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_err.o: ../../include/openssl/symhacks.h dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dh_key.o: ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dh_lib.o: ../cryptlib.h dh_lib.c
diff --git a/crypto/openssl/crypto/dh/dh.h b/crypto/openssl/crypto/dh/dh.h
index b43e334..05851f8 100644
--- a/crypto/openssl/crypto/dh/dh.h
+++ b/crypto/openssl/crypto/dh/dh.h
@@ -59,15 +59,16 @@
 #ifndef HEADER_DH_H
 #define HEADER_DH_H
 
-#ifdef NO_DH
+#ifdef OPENSSL_NO_DH
 #error DH is disabled.
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
 	
 #define DH_FLAG_CACHE_MONT_P	0x01
 
@@ -81,9 +82,9 @@ typedef struct dh_method {
 	const char *name;
 	/* Methods here */
 	int (*generate_key)(DH *dh);
-	int (*compute_key)(unsigned char *key,BIGNUM *pub_key,DH *dh);
-	int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-				const BIGNUM *m, BN_CTX *ctx,
+	int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
 				BN_MONT_CTX *m_ctx); /* Can be null */
 
 	int (*init)(DH *dh);
@@ -100,7 +101,7 @@ struct dh_st
 	int version;
 	BIGNUM *p;
 	BIGNUM *g;
-	int length; /* optional */
+	long length; /* optional */
 	BIGNUM *pub_key;	/* g^x */
 	BIGNUM *priv_key;	/* x */
 
@@ -115,7 +116,8 @@ struct dh_st
 
 	int references;
 	CRYPTO_EX_DATA ex_data;
-	DH_METHOD *meth;
+	const DH_METHOD *meth;
+	ENGINE *engine;
 	};
 
 #define DH_GENERATOR_2		2
@@ -148,34 +150,35 @@ struct dh_st
 		(unsigned char *)(x))
 #endif
 
-DH_METHOD *DH_OpenSSL(void);
+const DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_method(void);
-DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
-DH *DH_new_method(DH_METHOD *meth);
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
 
 DH *	DH_new(void);
 void	DH_free(DH *dh);
-int	DH_size(DH *dh);
+int	DH_up_ref(DH *dh);
+int	DH_size(const DH *dh);
 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
 DH *	DH_generate_parameters(int prime_len,int generator,
 		void (*callback)(int,int,void *),void *cb_arg);
-int	DH_check(DH *dh,int *codes);
+int	DH_check(const DH *dh,int *codes);
 int	DH_generate_key(DH *dh);
-int	DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
-DH *	d2i_DHparams(DH **a,unsigned char **pp, long length);
-int	i2d_DHparams(DH *a,unsigned char **pp);
-#ifndef NO_FP_API
-int	DHparams_print_fp(FILE *fp, DH *x);
+int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);
+int	i2d_DHparams(const DH *a,unsigned char **pp);
+#ifndef OPENSSL_NO_FP_API
+int	DHparams_print_fp(FILE *fp, const DH *x);
 #endif
-#ifndef NO_BIO
-int	DHparams_print(BIO *bp, DH *x);
+#ifndef OPENSSL_NO_BIO
+int	DHparams_print(BIO *bp, const DH *x);
 #else
-int	DHparams_print(char *bp, DH *x);
+int	DHparams_print(char *bp, const DH *x);
 #endif
 
 /* BEGIN ERROR CODES */
@@ -192,7 +195,7 @@ void ERR_load_DH_strings(void);
 #define DH_F_DH_COMPUTE_KEY				 102
 #define DH_F_DH_GENERATE_KEY				 103
 #define DH_F_DH_GENERATE_PARAMETERS			 104
-#define DH_F_DH_NEW					 105
+#define DH_F_DH_NEW_METHOD				 105
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
diff --git a/crypto/openssl/crypto/dh/dh_asn1.c b/crypto/openssl/crypto/dh/dh_asn1.c
new file mode 100644
index 0000000..769b5b6
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh_asn1.c
@@ -0,0 +1,87 @@
+/* dh_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_PRE) {
+		*pval = (ASN1_VALUE *)DH_new();
+		if(*pval) return 2;
+		return 0;
+	} else if(operation == ASN1_OP_FREE_PRE) {
+		DH_free((DH *)*pval);
+		*pval = NULL;
+		return 2;
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+	ASN1_SIMPLE(DH, p, BIGNUM),
+	ASN1_SIMPLE(DH, g, BIGNUM),
+	ASN1_OPT(DH, length, ZLONG),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c
index 7e5cfd8..f0373f7 100644
--- a/crypto/openssl/crypto/dh/dh_check.c
+++ b/crypto/openssl/crypto/dh/dh_check.c
@@ -70,7 +70,7 @@
  * should hold.
  */
 
-int DH_check(DH *dh, int *ret)
+int DH_check(const DH *dh, int *ret)
 	{
 	int ok=0;
 	BN_CTX *ctx=NULL;
diff --git a/crypto/openssl/crypto/dh/dh_err.c b/crypto/openssl/crypto/dh/dh_err.c
index 97c9584..d837950 100644
--- a/crypto/openssl/crypto/dh/dh_err.c
+++ b/crypto/openssl/crypto/dh/dh_err.c
@@ -63,7 +63,7 @@
 #include <openssl/dh.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA DH_str_functs[]=
 	{
 {ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),	"DHparams_print"},
@@ -71,7 +71,7 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),	"DH_compute_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),	"DH_generate_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),	"DH_generate_parameters"},
-{ERR_PACK(0,DH_F_DH_NEW,0),	"DH_new"},
+{ERR_PACK(0,DH_F_DH_NEW_METHOD,0),	"DH_new_method"},
 {0,NULL}
 	};
 
@@ -91,7 +91,7 @@ void ERR_load_DH_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_DH,DH_str_functs);
 		ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 17b267f..1a0efca 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -61,10 +61,12 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 static int generate_key(DH *dh);
-static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+			const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *m, BN_CTX *ctx,
 			BN_MONT_CTX *m_ctx);
 static int dh_init(DH *dh);
@@ -75,7 +77,7 @@ int DH_generate_key(DH *dh)
 	return dh->meth->generate_key(dh);
 	}
 
-int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
 	return dh->meth->compute_key(key, pub_key, dh);
 	}
@@ -91,7 +93,7 @@ dh_finish,
 NULL
 };
 
-DH_METHOD *DH_OpenSSL(void)
+const DH_METHOD *DH_OpenSSL(void)
 {
 	return &dh_ossl;
 }
@@ -101,11 +103,12 @@ static int generate_key(DH *dh)
 	int ok=0;
 	int generate_new_key=0;
 	unsigned l;
-	BN_CTX ctx;
+	BN_CTX *ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-	BN_CTX_init(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) goto err;
 
 	if (dh->priv_key == NULL)
 		{
@@ -128,7 +131,7 @@ static int generate_key(DH *dh)
 		{
 		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
 			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,&ctx)) goto err;
+				dh->p,ctx)) goto err;
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
 
@@ -137,7 +140,8 @@ static int generate_key(DH *dh)
 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
-	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
+	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
+		goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -148,20 +152,21 @@ err:
 
 	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
 	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-	BN_CTX_free(&ctx);
+	BN_CTX_free(ctx);
 	return(ok);
 	}
 
-static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-	BN_CTX ctx;
+	BN_CTX *ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *tmp;
 	int ret= -1;
 
-	BN_CTX_init(&ctx);
-	BN_CTX_start(&ctx);
-	tmp = BN_CTX_get(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) goto err;
+	BN_CTX_start(ctx);
+	tmp = BN_CTX_get(ctx);
 	
 	if (dh->priv_key == NULL)
 		{
@@ -172,11 +177,11 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 		{
 		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
 			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,&ctx)) goto err;
+				dh->p,ctx)) goto err;
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
@@ -184,12 +189,13 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 
 	ret=BN_bn2bin(tmp,key);
 err:
-	BN_CTX_end(&ctx);
-	BN_CTX_free(&ctx);
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
 	return(ret);
 	}
 
-static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+			const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *m, BN_CTX *ctx,
 			BN_MONT_CTX *m_ctx)
 	{
diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c
index a462707..ba5fd41 100644
--- a/crypto/openssl/crypto/dh/dh_lib.c
+++ b/crypto/openssl/crypto/dh/dh_lib.c
@@ -60,51 +60,82 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
-static DH_METHOD *default_DH_method = NULL;
-static int dh_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
+static const DH_METHOD *default_DH_method = NULL;
 
-void DH_set_default_method(DH_METHOD *meth)
-{
+void DH_set_default_method(const DH_METHOD *meth)
+	{
 	default_DH_method = meth;
-}
+	}
 
-DH_METHOD *DH_get_default_method(void)
-{
-	if(!default_DH_method) default_DH_method = DH_OpenSSL();
+const DH_METHOD *DH_get_default_method(void)
+	{
+	if(!default_DH_method)
+		default_DH_method = DH_OpenSSL();
 	return default_DH_method;
-}
+	}
 
-DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
-{
-        DH_METHOD *mtmp;
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+        const DH_METHOD *mtmp;
         mtmp = dh->meth;
         if (mtmp->finish) mtmp->finish(dh);
+	if (dh->engine)
+		{
+		ENGINE_finish(dh->engine);
+		dh->engine = NULL;
+		}
         dh->meth = meth;
         if (meth->init) meth->init(dh);
-        return mtmp;
-}
+        return 1;
+	}
 
 DH *DH_new(void)
-{
+	{
 	return DH_new_method(NULL);
-}
+	}
 
-DH *DH_new_method(DH_METHOD *meth)
+DH *DH_new_method(ENGINE *engine)
 	{
 	DH *ret;
-	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
+	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 	if (ret == NULL)
 		{
-		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+		DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(meth) ret->meth = meth;
-	else ret->meth = DH_get_default_method();
+
+	ret->meth = DH_get_default_method();
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
+		ret->engine = ENGINE_get_default_DH();
+	if(ret->engine)
+		{
+		ret->meth = ENGINE_get_DH(ret->engine);
+		if(!ret->meth)
+			{
+			DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
+
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -120,10 +151,12 @@ DH *DH_new_method(DH_METHOD *meth)
 	ret->method_mont_p=NULL;
 	ret->references = 1;
 	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
-		CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
@@ -147,9 +180,12 @@ void DH_free(DH *r)
 	}
 #endif
 
-	if(r->meth->finish) r->meth->finish(r);
+	if (r->meth->finish)
+		r->meth->finish(r);
+	if (r->engine)
+		ENGINE_finish(r->engine);
 
-	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);
@@ -162,12 +198,27 @@ void DH_free(DH *r)
 	OPENSSL_free(r);
 	}
 
+int DH_up_ref(DH *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+	REF_PRINT("DH",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "DH_up, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	dh_meth_num++;
-	return(CRYPTO_get_ex_new_index(dh_meth_num-1,
-		&dh_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+				new_func, dup_func, free_func);
         }
 
 int DH_set_ex_data(DH *d, int idx, void *arg)
@@ -180,7 +231,7 @@ void *DH_get_ex_data(DH *d, int idx)
 	return(CRYPTO_get_ex_data(&d->ex_data,idx));
 	}
 
-int DH_size(DH *dh)
+int DH_size(const DH *dh)
 	{
 	return(BN_num_bytes(dh->p));
 	}
diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/openssl/crypto/dh/dhtest.c
index a38465d..2723774 100644
--- a/crypto/openssl/crypto/dh/dhtest.c
+++ b/crypto/openssl/crypto/dh/dhtest.c
@@ -59,7 +59,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WINDOWS
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c" 
 #endif
 #include <openssl/crypto.h>
@@ -68,7 +71,7 @@
 #include <openssl/rand.h>
 #include <openssl/err.h>
 
-#ifdef NO_DH
+#ifdef OPENSSL_NO_DH
 int main(int argc, char *argv[])
 {
     printf("No DH support\n");
@@ -77,14 +80,14 @@ int main(int argc, char *argv[])
 #else
 #include <openssl/dh.h>
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define MS_CALLBACK	_far _loadds
 #else
 #define MS_CALLBACK
 #endif
 
 static void MS_CALLBACK cb(int p, int n, void *arg);
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #include "bss_file.c"
 #endif
@@ -100,14 +103,18 @@ int main(int argc, char *argv[])
 	int i,alen,blen,aout,bout,ret=1;
 	BIO *out;
 
-#ifdef WIN32
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
 	CRYPTO_malloc_init();
 #endif
 
 	RAND_seed(rnd_seed, sizeof rnd_seed);
 
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
@@ -188,7 +195,10 @@ err:
 	if(b != NULL) DH_free(b);
 	if(a != NULL) DH_free(a);
 	BIO_free(out);
-	exit(ret);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	EXIT(ret);
 	return(ret);
 	}
 
diff --git a/crypto/openssl/crypto/dsa/Makefile.ssl b/crypto/openssl/crypto/dsa/Makefile.ssl
index 1dfdb2d..08e692d 100644
--- a/crypto/openssl/crypto/dsa/Makefile.ssl
+++ b/crypto/openssl/crypto/dsa/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	dsa
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -41,8 +42,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -70,7 +70,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -81,74 +81,97 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_asn1.o: ../../include/openssl/opensslconf.h
-dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_asn1.o: ../cryptlib.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
 dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
-dsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../cryptlib.h
-dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_ossl.o: ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../cryptlib.h
+dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_vrf.o: ../cryptlib.h dsa_vrf.c
diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/openssl/crypto/dsa/dsa.h
index c486689..9b3baad 100644
--- a/crypto/openssl/crypto/dsa/dsa.h
+++ b/crypto/openssl/crypto/dsa/dsa.h
@@ -65,16 +65,17 @@
 #ifndef HEADER_DSA_H
 #define HEADER_DSA_H
 
-#ifdef NO_DSA
+#ifdef OPENSSL_NO_DSA
 #error DSA is disabled.
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
-#ifndef NO_DH
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
 #endif
 
@@ -116,7 +117,7 @@ struct dsa_st
 	/* This first variable is used to pick up errors where
 	 * a DSA is passed instead of of a EVP_PKEY */
 	int pad;
-	int version;
+	long version;
 	int write_params;
 	BIGNUM *p;
 	BIGNUM *q;	/* == 20 */
@@ -133,7 +134,9 @@ struct dsa_st
 	char *method_mont_p;
 	int references;
 	CRYPTO_EX_DATA ex_data;
-	DSA_METHOD *meth;
+	const DSA_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
+	ENGINE *engine;
 	};
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -150,52 +153,55 @@ struct dsa_st
 
 DSA_SIG * DSA_SIG_new(void);
 void	DSA_SIG_free(DSA_SIG *a);
-int	i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
 int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
 		      DSA_SIG *sig,DSA *dsa);
 
-DSA_METHOD *DSA_OpenSSL(void);
+const DSA_METHOD *DSA_OpenSSL(void);
 
-void        DSA_set_default_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_method(void);
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
+void	DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int	DSA_set_method(DSA *dsa, const DSA_METHOD *);
 
 DSA *	DSA_new(void);
-DSA *	DSA_new_method(DSA_METHOD *meth);
-int	DSA_size(DSA *);
+DSA *	DSA_new_method(ENGINE *engine);
+void	DSA_free (DSA *r);
+/* "up" the DSA object's reference count */
+int	DSA_up_ref(DSA *r);
+int	DSA_size(const DSA *);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
 int	DSA_sign(int type,const unsigned char *dgst,int dlen,
 		unsigned char *sig, unsigned int *siglen, DSA *dsa);
 int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,
-		unsigned char *sigbuf, int siglen, DSA *dsa);
-void	DSA_free (DSA *r);
+		const unsigned char *sigbuf, int siglen, DSA *dsa);
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DSA_set_ex_data(DSA *d, int idx, void *arg);
 void *DSA_get_ex_data(DSA *d, int idx);
 
-DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
-DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
-DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
-DSA *	DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
+DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+DSA *	DSA_generate_parameters(int bits,
+		unsigned char *seed,int seed_len,
 		int *counter_ret, unsigned long *h_ret,void
 		(*callback)(int, int, void *),void *cb_arg);
 int	DSA_generate_key(DSA *a);
-int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
-int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
-int	i2d_DSAparams(DSA *a,unsigned char **pp);
+int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int	i2d_DSAparams(const DSA *a,unsigned char **pp);
 
-#ifndef NO_BIO
-int	DSAparams_print(BIO *bp, DSA *x);
-int	DSA_print(BIO *bp, DSA *x, int off);
+#ifndef OPENSSL_NO_BIO
+int	DSAparams_print(BIO *bp, const DSA *x);
+int	DSA_print(BIO *bp, const DSA *x, int off);
 #endif
-#ifndef NO_FP_API
-int	DSAparams_print_fp(FILE *fp, DSA *x);
-int	DSA_print_fp(FILE *bp, DSA *x, int off);
+#ifndef OPENSSL_NO_FP_API
+int	DSAparams_print_fp(FILE *fp, const DSA *x);
+int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 #endif
 
 #define DSS_prime_checks 50
@@ -204,10 +210,10 @@ int	DSA_print_fp(FILE *bp, DSA *x, int off);
 #define DSA_is_prime(n, callback, cb_arg) \
 	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 /* Convert DSA structure (key or just parameters) into DH structure
  * (be careful to avoid small subgroup attacks when using this!) */
-DH *DSA_dup_DH(DSA *r);
+DH *DSA_dup_DH(const DSA *r);
 #endif
 
 /* BEGIN ERROR CODES */
@@ -224,7 +230,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
 #define DSA_F_DSA_DO_SIGN				 112
 #define DSA_F_DSA_DO_VERIFY				 113
-#define DSA_F_DSA_NEW					 103
+#define DSA_F_DSA_NEW_METHOD				 103
 #define DSA_F_DSA_PRINT					 104
 #define DSA_F_DSA_PRINT_FP				 105
 #define DSA_F_DSA_SIGN					 106
@@ -232,6 +238,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSA_SIG_NEW				 109
 #define DSA_F_DSA_VERIFY				 108
 #define DSA_F_I2D_DSA_SIG				 111
+#define DSA_F_SIG_CB					 114
 
 /* Reason codes. */
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c
index 649d17e..23fce55 100644
--- a/crypto/openssl/crypto/dsa/dsa_asn1.c
+++ b/crypto/openssl/crypto/dsa/dsa_asn1.c
@@ -1,97 +1,140 @@
-/* crypto/dsa/dsa_asn1.c */
+/* dsa_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 
-DSA_SIG *DSA_SIG_new(void)
+/* Override the default new methods */
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	DSA_SIG *ret;
-
-	ret = OPENSSL_malloc(sizeof(DSA_SIG));
-	if (ret == NULL)
-		{
-		DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->r = NULL;
-	ret->s = NULL;
-	return(ret);
+	if(operation == ASN1_OP_NEW_PRE) {
+		DSA_SIG *sig;
+		sig = OPENSSL_malloc(sizeof(DSA_SIG));
+		sig->r = NULL;
+		sig->s = NULL;
+		*pval = (ASN1_VALUE *)sig;
+		if(sig) return 2;
+		DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
 }
 
-void DSA_SIG_free(DSA_SIG *r)
+ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+	ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if (r == NULL) return;
-	if (r->r) BN_clear_free(r->r);
-	if (r->s) BN_clear_free(r->s);
-	OPENSSL_free(r);
+	if(operation == ASN1_OP_NEW_PRE) {
+		*pval = (ASN1_VALUE *)DSA_new();
+		if(*pval) return 2;
+		return 0;
+	} else if(operation == ASN1_OP_FREE_PRE) {
+		DSA_free((DSA *)*pval);
+		*pval = NULL;
+		return 2;
+	}
+	return 1;
 }
 
-int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
-{
-	int t=0,len;
-	ASN1_INTEGER rbs,sbs;
-	unsigned char *p;
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+	ASN1_SIMPLE(DSA, version, LONG),
+	ASN1_SIMPLE(DSA, p, BIGNUM),
+	ASN1_SIMPLE(DSA, q, BIGNUM),
+	ASN1_SIMPLE(DSA, g, BIGNUM),
+	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+	ASN1_SIMPLE(DSA, priv_key, BIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
 
-	rbs.data=OPENSSL_malloc(BN_num_bits(v->r)/8+1);
-	if (rbs.data == NULL)
-		{
-		DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	rbs.type=V_ASN1_INTEGER;
-	rbs.length=BN_bn2bin(v->r,rbs.data);
-	sbs.data=OPENSSL_malloc(BN_num_bits(v->s)/8+1);
-	if (sbs.data == NULL)
-		{
-		OPENSSL_free(rbs.data);
-		DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	sbs.type=V_ASN1_INTEGER;
-	sbs.length=BN_bn2bin(v->s,sbs.data);
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
 
-	len=i2d_ASN1_INTEGER(&rbs,NULL);
-	len+=i2d_ASN1_INTEGER(&sbs,NULL);
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+	ASN1_SIMPLE(DSA, p, BIGNUM),
+	ASN1_SIMPLE(DSA, q, BIGNUM),
+	ASN1_SIMPLE(DSA, g, BIGNUM),
+} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
 
-	if (pp)
-		{
-		p=*pp;
-		ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-		i2d_ASN1_INTEGER(&rbs,&p);
-		i2d_ASN1_INTEGER(&sbs,&p);
-		}
-	t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
-	OPENSSL_free(rbs.data);
-	OPENSSL_free(sbs.data);
-	return(t);
-}
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
 
-DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
-{
-	int i=ERR_R_NESTED_ASN1_ERROR;
-	ASN1_INTEGER *bs=NULL;
-	M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new);
+/* DSA public key is a bit trickier... its effectively a CHOICE type
+ * decided by a field called write_params which can either write out
+ * just the public key as an INTEGER or the parameters and public key
+ * in a SEQUENCE
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL)
-		goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
-		goto err_bn;
-	M_ASN1_BIT_STRING_free(bs);
-	bs = NULL;
-	M_ASN1_D2I_Finish_2(a);
+ASN1_SEQUENCE(dsa_pub_internal) = {
+	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+	ASN1_SIMPLE(DSA, p, BIGNUM),
+	ASN1_SIMPLE(DSA, q, BIGNUM),
+	ASN1_SIMPLE(DSA, g, BIGNUM)
+} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
 
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	DSAerr(DSA_F_D2I_DSA_SIG,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
-	if (bs != NULL) M_ASN1_BIT_STRING_free(bs);
-	return(NULL);
-}
+ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
+	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+	ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
+} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
diff --git a/crypto/openssl/crypto/dsa/dsa_err.c b/crypto/openssl/crypto/dsa/dsa_err.c
index 736aeef..79aa4ff 100644
--- a/crypto/openssl/crypto/dsa/dsa_err.c
+++ b/crypto/openssl/crypto/dsa/dsa_err.c
@@ -63,7 +63,7 @@
 #include <openssl/dsa.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA DSA_str_functs[]=
 	{
 {ERR_PACK(0,DSA_F_D2I_DSA_SIG,0),	"d2i_DSA_SIG"},
@@ -71,7 +71,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),	"DSAparams_print_fp"},
 {ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),	"DSA_do_sign"},
 {ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),	"DSA_do_verify"},
-{ERR_PACK(0,DSA_F_DSA_NEW,0),	"DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0),	"DSA_new_method"},
 {ERR_PACK(0,DSA_F_DSA_PRINT,0),	"DSA_print"},
 {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),	"DSA_print_fp"},
 {ERR_PACK(0,DSA_F_DSA_SIGN,0),	"DSA_sign"},
@@ -79,6 +79,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_PACK(0,DSA_F_DSA_SIG_NEW,0),	"DSA_SIG_new"},
 {ERR_PACK(0,DSA_F_DSA_VERIFY,0),	"DSA_verify"},
 {ERR_PACK(0,DSA_F_I2D_DSA_SIG,0),	"i2d_DSA_SIG"},
+{ERR_PACK(0,DSA_F_SIG_CB,0),	"SIG_CB"},
 {0,NULL}
 	};
 
@@ -98,7 +99,7 @@ void ERR_load_DSA_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c
index 2294a36..dc9c249 100644
--- a/crypto/openssl/crypto/dsa/dsa_gen.c
+++ b/crypto/openssl/crypto/dsa/dsa_gen.c
@@ -61,25 +61,27 @@
 #ifdef GENUINE_DSA
 /* Parameter generation follows the original release of FIPS PUB 186,
  * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    SHA
+#define HASH    EVP_sha()
 #else
 /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
  * FIPS PUB 180-1) */
-#define HASH    SHA1
+#define HASH    EVP_sha1()
 #endif 
 
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
+#include <openssl/sha.h>
 
-DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
+DSA *DSA_generate_parameters(int bits,
+		unsigned char *seed_in, int seed_len,
 		int *counter_ret, unsigned long *h_ret,
 		void (*callback)(int, int, void *),
 		void *cb_arg)
@@ -157,8 +159,8 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
 				}
 
 			/* step 2 */
-			HASH(seed,SHA_DIGEST_LENGTH,md);
-			HASH(buf,SHA_DIGEST_LENGTH,buf2);
+			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
 			for (i=0; i<SHA_DIGEST_LENGTH; i++)
 				md[i]^=buf2[i];
 
@@ -205,7 +207,7 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
 					if (buf[i] != 0) break;
 					}
 
-				HASH(buf,SHA_DIGEST_LENGTH,md);
+				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
 
 				/* step 8 */
 				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
diff --git a/crypto/openssl/crypto/dsa/dsa_key.c b/crypto/openssl/crypto/dsa/dsa_key.c
index 86cacfb..ef87c3e 100644
--- a/crypto/openssl/crypto/dsa/dsa_key.c
+++ b/crypto/openssl/crypto/dsa/dsa_key.c
@@ -56,11 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c
index 8920c3f..579f73f 100644
--- a/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/crypto/openssl/crypto/dsa/dsa_lib.c
@@ -63,52 +63,82 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
-static DSA_METHOD *default_DSA_method = NULL;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
+static const DSA_METHOD *default_DSA_method = NULL;
 
-void DSA_set_default_method(DSA_METHOD *meth)
-{
+void DSA_set_default_method(const DSA_METHOD *meth)
+	{
 	default_DSA_method = meth;
-}
+	}
 
-DSA_METHOD *DSA_get_default_method(void)
-{
-	if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
+const DSA_METHOD *DSA_get_default_method(void)
+	{
+	if(!default_DSA_method)
+		default_DSA_method = DSA_OpenSSL();
 	return default_DSA_method;
-}
+	}
 
 DSA *DSA_new(void)
-{
+	{
 	return DSA_new_method(NULL);
-}
+	}
 
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
-{
-        DSA_METHOD *mtmp;
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+	if (dsa->engine)
+		{
+		ENGINE_finish(dsa->engine);
+		dsa->engine = NULL;
+		}
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
-        return mtmp;
-}
-
+        return 1;
+	}
 
-DSA *DSA_new_method(DSA_METHOD *meth)
+DSA *DSA_new_method(ENGINE *engine)
 	{
 	DSA *ret;
 
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
 	if (ret == NULL)
 		{
-		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(meth) ret->meth = meth;
-	else ret->meth = DSA_get_default_method();
+	ret->meth = DSA_get_default_method();
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
+		ret->engine = ENGINE_get_default_DSA();
+	if(ret->engine)
+		{
+		ret->meth = ENGINE_get_DSA(ret->engine);
+		if(!ret->meth)
+			{
+			DSAerr(DSA_F_DSA_NEW_METHOD,
+				ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
+
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
@@ -125,10 +155,12 @@ DSA *DSA_new_method(DSA_METHOD *meth)
 
 	ret->references=1;
 	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
-		CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
@@ -155,9 +187,12 @@ void DSA_free(DSA *r)
 		}
 #endif
 
-	if(r->meth->finish) r->meth->finish(r);
+	if(r->meth->finish)
+		r->meth->finish(r);
+	if(r->engine)
+		ENGINE_finish(r->engine);
 
-	CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->q != NULL) BN_clear_free(r->q);
@@ -169,11 +204,30 @@ void DSA_free(DSA *r)
 	OPENSSL_free(r);
 	}
 
-int DSA_size(DSA *r)
+int DSA_up_ref(DSA *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+	REF_PRINT("DSA",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "DSA_up_ref, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
+int DSA_size(const DSA *r)
 	{
 	int ret,i;
 	ASN1_INTEGER bs;
-	unsigned char buf[4];
+	unsigned char buf[4];	/* 4 bytes looks really small.
+				   However, i2d_ASN1_INTEGER() will not look
+				   beyond the first byte, as long as the second
+				   parameter is NULL. */
 
 	i=BN_num_bits(r->q);
 	bs.length=(i+7)/8;
@@ -191,9 +245,8 @@ int DSA_size(DSA *r)
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	dsa_meth_num++;
-	return(CRYPTO_get_ex_new_index(dsa_meth_num-1,
-		&dsa_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+				new_func, dup_func, free_func);
         }
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
@@ -206,8 +259,8 @@ void *DSA_get_ex_data(DSA *d, int idx)
 	return(CRYPTO_get_ex_data(&d->ex_data,idx));
 	}
 
-#ifndef NO_DH
-DH *DSA_dup_DH(DSA *r)
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
 	{
 	/* DSA has p, q, g, optional pub_key, optional priv_key.
 	 * DH has p, optional length, g, optional pub_key, optional priv_key.
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index cac42c3..37dd5fc 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -91,7 +92,7 @@ dsa_finish,
 NULL
 };
 
-DSA_METHOD *DSA_OpenSSL(void)
+const DSA_METHOD *DSA_OpenSSL(void)
 {
 	return &openssl_dsa_meth;
 }
@@ -234,6 +235,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	BIGNUM u1,u2,t1;
 	BN_MONT_CTX *mont=NULL;
 	int ret = -1;
+	if (!dsa->p || !dsa->q || !dsa->g)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+		return -1;
+		}
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&u1);
diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c
index 8920502..e9469ca 100644
--- a/crypto/openssl/crypto/dsa/dsa_sign.c
+++ b/crypto/openssl/crypto/dsa/dsa_sign.c
@@ -64,6 +64,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c
index 03277f8..066c6b5 100644
--- a/crypto/openssl/crypto/dsa/dsa_vrf.c
+++ b/crypto/openssl/crypto/dsa/dsa_vrf.c
@@ -65,6 +65,7 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/engine.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
@@ -79,7 +80,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
  *     -1: error
  */
 int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-	     unsigned char *sigbuf, int siglen, DSA *dsa)
+	     const unsigned char *sigbuf, int siglen, DSA *dsa)
 	{
 	DSA_SIG *s;
 	int ret=-1;
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c
index 309a7cd..1ab90cf 100644
--- a/crypto/openssl/crypto/dsa/dsatest.c
+++ b/crypto/openssl/crypto/dsa/dsatest.c
@@ -61,15 +61,19 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+
+#include "../e_os.h"
+
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
-#ifdef WINDOWS
+#include <openssl/engine.h>
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
-#ifdef NO_DSA
+#ifdef OPENSSL_NO_DSA
 int main(int argc, char *argv[])
 {
     printf("No DSA support\n");
@@ -78,7 +82,7 @@ int main(int argc, char *argv[])
 #else
 #include <openssl/dsa.h>
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define MS_CALLBACK     _far _loadds
 #else
 #define MS_CALLBACK
@@ -136,14 +140,16 @@ int main(int argc, char **argv)
 	unsigned char sig[256];
 	unsigned int siglen;
 
-	ERR_load_crypto_strings();
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
+	ERR_load_crypto_strings();
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
 	BIO_printf(bio_err,"test generation of DSA parameters\n");
 
 	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
@@ -200,17 +206,25 @@ end:
 	if (!ret)
 		ERR_print_errors(bio_err);
 	if (dsa != NULL) DSA_free(dsa);
+	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
+	ERR_free_strings();
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
 		BIO_free(bio_err);
 		bio_err = NULL;
 		}
-	exit(!ret);
+	EXIT(!ret);
 	return(0);
 	}
 
+static int cb_exit(int ec)
+	{
+	EXIT(ec);
+	return(0);		/* To keep some compilers quiet */
+	}
+
 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
@@ -226,7 +240,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	if (!ok && (p == 0) && (num > 1))
 		{
 		BIO_printf((BIO *)arg,"error in dsatest\n");
-		exit(1);
+		cb_exit(1);
 		}
 	}
 #endif
diff --git a/crypto/openssl/crypto/dso/Makefile.ssl b/crypto/openssl/crypto/dso/Makefile.ssl
index 33630e0..3d00363 100644
--- a/crypto/openssl/crypto/dso/Makefile.ssl
+++ b/crypto/openssl/crypto/dso/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	dso
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -41,8 +42,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -70,7 +70,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -81,61 +81,62 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-dso_dl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_dl.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_dl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dso_dlfcn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_dlfcn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_dlfcn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_dlfcn.o: ../../include/openssl/opensslconf.h
 dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dso_dlfcn.o: ../cryptlib.h
+dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c
 dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-dso_err.o: ../../include/openssl/dso.h ../../include/openssl/err.h
-dso_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dso_err.o: ../../include/openssl/symhacks.h
-dso_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/symhacks.h dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dso_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_null.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_null.o: ../../include/openssl/opensslconf.h
 dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dso_null.o: ../cryptlib.h
-dso_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_openssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_null.o: ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_openssl.o: ../../include/openssl/opensslconf.h
 dso_openssl.o: ../../include/openssl/opensslv.h
 dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dso_vms.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_vms.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_vms.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dso_win32.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dso_win32.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-dso_win32.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dso_win32.o: ../../include/openssl/opensslconf.h
 dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dso_win32.o: ../cryptlib.h
+dso_win32.o: ../cryptlib.h dso_win32.c
diff --git a/crypto/openssl/crypto/dso/README b/crypto/openssl/crypto/dso/README
index 6ba03c5..d0bc9a8 100644
--- a/crypto/openssl/crypto/dso/README
+++ b/crypto/openssl/crypto/dso/README
@@ -1,16 +1,3 @@
-TODO
-----
-
-Find a way where name-translation can be done in a way that is
-sensitive to particular methods (ie. generic code could still do
-different path/filename substitutions on win32 to what it does on
-*nix) but doesn't assume some canonical form. Already one case
-exists where the "blah -> (libblah.so,blah.dll)" mapping doesn't
-suffice. I suspect a callback with an enumerated (or string?)
-parameter could be the way to go here ... DSO_ctrl the callback
-into place and it can be invoked to handle name translation with
-some clue to the calling code as to what kind of system it is.
-
 NOTES
 -----
 
@@ -21,4 +8,15 @@ according to their man page, prefer developers to move to that.
 I'll leave Richard's changes there as I guess dso_dl is needed
 for HPUX10.20.
 
+There is now a callback scheme in place where filename conversion can
+(a) be turned off altogether through the use of the
+    DSO_FLAG_NO_NAME_TRANSLATION flag,
+(b) be handled by default using the default DSO_METHOD's converter
+(c) overriden per-DSO by setting the override callback
+(d) a mix of (b) and (c) - eg. implement an override callback that;
+    (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
+        and if so, convert "blah" into "blah32.dll" (the default is
+	otherwise to make it "blah.dll").
+    (ii) default to the normal behaviour - we're not on win32, eg.
+         finish with (return dso->meth->dso_name_converter(dso,NULL)).
 
diff --git a/crypto/openssl/crypto/dso/dso.h b/crypto/openssl/crypto/dso/dso.h
index c1136ec..aa721f7 100644
--- a/crypto/openssl/crypto/dso/dso.h
+++ b/crypto/openssl/crypto/dso/dso.h
@@ -70,31 +70,51 @@ extern "C" {
 #define DSO_CTRL_SET_FLAGS	2
 #define DSO_CTRL_OR_FLAGS	3
 
-/* These flags control the translation of file-names from canonical to
- * native. Eg. in the CryptoSwift support, the "dl" and "dlfcn"
- * methods will translate "swift" -> "libswift.so" whereas the "win32"
- * method will translate "swift" -> "swift.dll". NB: Until I can figure
- * out how to be more "conventional" with this, the methods will only
- * honour this flag if it looks like it was passed a file without any
- * path and if the filename is small enough.
- */
-#define DSO_FLAG_NAME_TRANSLATION 0x01
+/* By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform (more specifically the DSO_METHOD) using the
+ * dso_name_converter function of the method. Eg. win32 will transform "blah"
+ * into "blah.dll", and dlfcn will transform it into "libblah.so". The
+ * behaviour can be overriden by setting the name_converter callback in the DSO
+ * object (using DSO_set_name_converter()). This callback could even utilise
+ * the DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be set in a
+ * DSO to prevent *any* native name-translation at all - eg. if the caller has
+ * prompted the user for a path to a driver library so the filename should be
+ * interpreted as-is. */
+#define DSO_FLAG_NO_NAME_TRANSLATION		0x01
+/* An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and
+ * other operating systems where the translation also may prefix
+ * the name with something, like 'lib', and ignored everywhere else.
+ * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
+ * at the same time. */
+#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY	0x02
 
 /* The following flag controls the translation of symbol names to upper
  * case.  This is currently only being implemented for OpenVMS.
  */
-#define DSO_FLAG_UPCASE_SYMBOL    0x02
+#define DSO_FLAG_UPCASE_SYMBOL			0x10
 
 
 typedef void (*DSO_FUNC_TYPE)(void);
 
 typedef struct dso_st DSO;
 
+/* The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure pointer
+ * (or NULL if they are to be used independantly of a DSO object) and a
+ * filename to transform. They should either return NULL (if there is an error
+ * condition) or a newly allocated string containing the transformed form that
+ * the caller will need to free with OPENSSL_free() when done. */
+typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+
 typedef struct dso_meth_st
 	{
 	const char *name;
-	/* Loads a shared library */
-	int (*dso_load)(DSO *dso, const char *filename);
+	/* Loads a shared library, NB: new DSO_METHODs must ensure that a
+	 * successful load populates the loaded_filename field, and likewise a
+	 * successful unload OPENSSL_frees and NULLs it out. */
+	int (*dso_load)(DSO *dso);
 	/* Unloads a shared library */
 	int (*dso_unload)(DSO *dso);
 	/* Binds a variable */
@@ -117,6 +137,9 @@ typedef struct dso_meth_st
 	/* The generic (yuck) "ctrl()" function. NB: Negative return
 	 * values (rather than zero) indicate errors. */
 	long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
+	/* The default DSO_METHOD-specific function for converting filenames to
+	 * a canonical native form. */
+	DSO_NAME_CONVERTER_FUNC dso_name_converter;
 
 	/* [De]Initialisation handlers. */
 	int (*init)(DSO *dso);
@@ -140,6 +163,23 @@ struct dso_st
 	/* For use by applications etc ... use this for your bits'n'pieces,
 	 * don't touch meth_data! */
 	CRYPTO_EX_DATA ex_data;
+	/* If this callback function pointer is set to non-NULL, then it will
+	 * be used on DSO_load() in place of meth->dso_name_converter. NB: This
+	 * should normally set using DSO_set_name_converter(). */
+	DSO_NAME_CONVERTER_FUNC name_converter;
+	/* This is populated with (a copy of) the platform-independant
+	 * filename used for this DSO. */
+	char *filename;
+	/* This is populated with (a copy of) the translated filename by which
+	 * the DSO was actually loaded. It is NULL iff the DSO is not currently
+	 * loaded. NB: This is here because the filename translation process
+	 * may involve a callback being invoked more than once not only to
+	 * convert to a platform-specific form, but also to try different
+	 * filenames in the process of trying to perform a load. As such, this
+	 * variable can be used to indicate (a) whether this DSO structure
+	 * corresponds to a loaded library or not, and (b) the filename with
+	 * which it was actually loaded. */
+	char *loaded_filename;
 	};
 
 
@@ -147,10 +187,38 @@ DSO *	DSO_new(void);
 DSO *	DSO_new_method(DSO_METHOD *method);
 int	DSO_free(DSO *dso);
 int	DSO_flags(DSO *dso);
-int	DSO_up(DSO *dso);
+int	DSO_up_ref(DSO *dso);
 long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
 
-void DSO_set_default_method(DSO_METHOD *meth);
+/* This function sets the DSO's name_converter callback. If it is non-NULL,
+ * then it will be used instead of the associated DSO_METHOD's function. If
+ * oldcb is non-NULL then it is set to the function pointer value being
+ * replaced. Return value is non-zero for success. */
+int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+				DSO_NAME_CONVERTER_FUNC *oldcb);
+/* These functions can be used to get/set the platform-independant filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded. */
+const char *DSO_get_filename(DSO *dso);
+int	DSO_set_filename(DSO *dso, const char *filename);
+/* This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
+ * caller-created DSO_METHODs can do the same thing. A non-NULL return value
+ * will need to be OPENSSL_free()'d. */
+char	*DSO_convert_filename(DSO *dso, const char *filename);
+/* If the DSO is currently loaded, this returns the filename that it was loaded
+ * under, otherwise it returns NULL. So it is also useful as a test as to
+ * whether the DSO is currently loaded. NB: This will not necessarily return
+ * the same value as DSO_convert_filename(dso, dso->filename), because the
+ * DSO_METHOD's load function may have tried a variety of filenames (with
+ * and/or without the aid of the converters) before settling on the one it
+ * actually loaded. */
+const char *DSO_get_loaded_filename(DSO *dso);
+
+void	DSO_set_default_method(DSO_METHOD *meth);
 DSO_METHOD *DSO_get_default_method(void);
 DSO_METHOD *DSO_get_method(DSO *dso);
 DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
@@ -159,8 +227,7 @@ DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
  * for the first and third parameters. Use DSO_up and DSO_free for
  * subsequent reference count handling. Any flags passed in will be set
  * in the constructed DSO after its init() function but before the
- * load operation. This will be done with;
- *    DSO_ctrl(dso, DSO_CTRL_SET_FLAGS, flags, NULL); */
+ * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
 DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
 
 /* This function binds to a variable inside a shared library. */
@@ -205,40 +272,47 @@ void ERR_load_DSO_strings(void);
 /* Function codes. */
 #define DSO_F_DLFCN_BIND_FUNC				 100
 #define DSO_F_DLFCN_BIND_VAR				 101
-#define DSO_F_DLFCN_CTRL				 102
-#define DSO_F_DLFCN_LOAD				 103
-#define DSO_F_DLFCN_UNLOAD				 104
-#define DSO_F_DL_BIND_FUNC				 105
-#define DSO_F_DL_BIND_VAR				 106
-#define DSO_F_DL_CTRL					 107
-#define DSO_F_DL_LOAD					 108
-#define DSO_F_DL_UNLOAD					 109
-#define DSO_F_DSO_BIND_FUNC				 110
-#define DSO_F_DSO_BIND_VAR				 111
-#define DSO_F_DSO_CTRL					 112
-#define DSO_F_DSO_FREE					 113
-#define DSO_F_DSO_LOAD					 114
-#define DSO_F_DSO_NEW_METHOD				 115
-#define DSO_F_DSO_UP					 116
-#define DSO_F_VMS_BIND_VAR				 122
-#define DSO_F_VMS_CTRL					 123
-#define DSO_F_VMS_LOAD					 124
-#define DSO_F_VMS_UNLOAD				 125
-#define DSO_F_WIN32_BIND_FUNC				 117
-#define DSO_F_WIN32_BIND_VAR				 118
-#define DSO_F_WIN32_CTRL				 119
+#define DSO_F_DLFCN_LOAD				 102
+#define DSO_F_DLFCN_NAME_CONVERTER			 123
+#define DSO_F_DLFCN_UNLOAD				 103
+#define DSO_F_DL_BIND_FUNC				 104
+#define DSO_F_DL_BIND_VAR				 105
+#define DSO_F_DL_LOAD					 106
+#define DSO_F_DL_NAME_CONVERTER				 124
+#define DSO_F_DL_UNLOAD					 107
+#define DSO_F_DSO_BIND_FUNC				 108
+#define DSO_F_DSO_BIND_VAR				 109
+#define DSO_F_DSO_CONVERT_FILENAME			 126
+#define DSO_F_DSO_CTRL					 110
+#define DSO_F_DSO_FREE					 111
+#define DSO_F_DSO_GET_FILENAME				 127
+#define DSO_F_DSO_GET_LOADED_FILENAME			 128
+#define DSO_F_DSO_LOAD					 112
+#define DSO_F_DSO_NEW_METHOD				 113
+#define DSO_F_DSO_SET_FILENAME				 129
+#define DSO_F_DSO_SET_NAME_CONVERTER			 122
+#define DSO_F_DSO_UP_REF				 114
+#define DSO_F_VMS_BIND_VAR				 115
+#define DSO_F_VMS_LOAD					 116
+#define DSO_F_VMS_UNLOAD				 117
+#define DSO_F_WIN32_BIND_FUNC				 118
+#define DSO_F_WIN32_BIND_VAR				 119
 #define DSO_F_WIN32_LOAD				 120
+#define DSO_F_WIN32_NAME_CONVERTER			 125
 #define DSO_F_WIN32_UNLOAD				 121
 
 /* Reason codes. */
 #define DSO_R_CTRL_FAILED				 100
-#define DSO_R_FILENAME_TOO_BIG				 109
-#define DSO_R_FINISH_FAILED				 101
-#define DSO_R_LOAD_FAILED				 102
-#define DSO_R_NULL_HANDLE				 103
-#define DSO_R_STACK_ERROR				 104
-#define DSO_R_SYM_FAILURE				 105
-#define DSO_R_UNKNOWN_COMMAND				 106
+#define DSO_R_DSO_ALREADY_LOADED			 110
+#define DSO_R_FILENAME_TOO_BIG				 101
+#define DSO_R_FINISH_FAILED				 102
+#define DSO_R_LOAD_FAILED				 103
+#define DSO_R_NAME_TRANSLATION_FAILED			 109
+#define DSO_R_NO_FILENAME				 111
+#define DSO_R_NULL_HANDLE				 104
+#define DSO_R_SET_FILENAME_FAILED			 112
+#define DSO_R_STACK_ERROR				 105
+#define DSO_R_SYM_FAILURE				 106
 #define DSO_R_UNLOAD_FAILED				 107
 #define DSO_R_UNSUPPORTED				 108
 
diff --git a/crypto/openssl/crypto/dso/dso_dl.c b/crypto/openssl/crypto/dso/dso_dl.c
index 455bd66..195717e 100644
--- a/crypto/openssl/crypto/dso/dso_dl.c
+++ b/crypto/openssl/crypto/dso/dso_dl.c
@@ -1,5 +1,5 @@
 /* dso_dl.c */
-/* Written by Richard Levitte (levitte@openssl.org) for the OpenSSL
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
  * project 2000.
  */
 /* ====================================================================
@@ -72,7 +72,7 @@ DSO_METHOD *DSO_METHOD_dl(void)
 /* Part of the hack in "dl_load" ... */
 #define DSO_MAX_TRANSLATED_SIZE 256
 
-static int dl_load(DSO *dso, const char *filename);
+static int dl_load(DSO *dso);
 static int dl_unload(DSO *dso);
 static void *dl_bind_var(DSO *dso, const char *symname);
 static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
@@ -81,8 +81,9 @@ static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
 static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
 static int dl_init(DSO *dso);
 static int dl_finish(DSO *dso);
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
 #endif
-static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+static char *dl_name_converter(DSO *dso, const char *filename);
 
 static DSO_METHOD dso_meth_dl = {
 	"OpenSSL 'dl' shared library method",
@@ -95,7 +96,8 @@ static DSO_METHOD dso_meth_dl = {
 	NULL, /* unbind_var */
 	NULL, /* unbind_func */
 #endif
-	dl_ctrl,
+	NULL, /* ctrl */
+	dl_name_converter,
 	NULL, /* init */
 	NULL  /* finish */
 	};
@@ -111,40 +113,43 @@ DSO_METHOD *DSO_METHOD_dl(void)
  * type so the cast is safe.
  */
 
-#if defined(__hpux)
-static const char extension[] = ".sl";
-#else
-static const char extension[] = ".so";
-#endif
-static int dl_load(DSO *dso, const char *filename)
+static int dl_load(DSO *dso)
 	{
-	shl_t ptr;
-	char translated[DSO_MAX_TRANSLATED_SIZE];
-	int len;
+	shl_t ptr = NULL;
+	/* We don't do any fancy retries or anything, just take the method's
+	 * (or DSO's if it has the callback set) best translation of the
+	 * platform-independant filename and try once with that. */
+	char *filename= DSO_convert_filename(dso, NULL);
 
-	/* The same comment as in dlfcn_load applies here. bleurgh. */
-	len = strlen(filename) + strlen(extension);
-	if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
-			(len + 3 < DSO_MAX_TRANSLATED_SIZE) &&
-			(strstr(filename, "/") == NULL))
+	if(filename == NULL)
 		{
-		sprintf(translated, "lib%s%s", filename, extension);
-		ptr = shl_load(translated, BIND_IMMEDIATE, NULL);
+		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+		goto err;
 		}
-	else
-		ptr = shl_load(filename, BIND_IMMEDIATE, NULL);
+	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
-		return(0);
+		ERR_add_error_data(4, "filename(", filename, "): ",
+			strerror(errno));
+		goto err;
 		}
 	if(!sk_push(dso->meth_data, (char *)ptr))
 		{
 		DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
-		shl_unload(ptr);
-		return(0);
+		goto err;
 		}
+	/* Success, stick the converted filename we've loaded under into the DSO
+	 * (it also serves as the indicator that we are currently loaded). */
+	dso->loaded_filename = filename;
 	return(1);
+err:
+	/* Cleanup! */
+	if(filename != NULL)
+		OPENSSL_free(filename);
+	if(ptr != NULL)
+		shl_unload(ptr);
+	return(0);
 	}
 
 static int dl_unload(DSO *dso)
@@ -195,6 +200,8 @@ static void *dl_bind_var(DSO *dso, const char *symname)
 	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
 		{
 		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ",
+			strerror(errno));
 		return(NULL);
 		}
 	return(sym);
@@ -224,33 +231,54 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
 	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
 		{
 		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ",
+			strerror(errno));
 		return(NULL);
 		}
 	return((DSO_FUNC_TYPE)sym);
 	}
 
-static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
+/* This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
+ * same time, there's no great duplicating the code. Figuring out an elegant 
+ * way to share one copy of the code would be more difficult and would not
+ * leave the implementations independant. */
+#if defined(__hpux)
+static const char extension[] = ".sl";
+#else
+static const char extension[] = ".so";
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename)
 	{
-	if(dso == NULL)
+	char *translated;
+	int len, rsize, transform;
+
+	len = strlen(filename);
+	rsize = len + 1;
+	transform = (strstr(filename, "/") == NULL);
 		{
-		DSOerr(DSO_F_DL_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return(-1);
+		/* We will convert this to "%s.s?" or "lib%s.s?" */
+		rsize += strlen(extension);/* The length of ".s?" */
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			rsize += 3; /* The length of "lib" */
 		}
-	switch(cmd)
+	translated = OPENSSL_malloc(rsize);
+	if(translated == NULL)
 		{
-	case DSO_CTRL_GET_FLAGS:
-		return dso->flags;
-	case DSO_CTRL_SET_FLAGS:
-		dso->flags = larg;
-		return(0);
-	case DSO_CTRL_OR_FLAGS:
-		dso->flags |= larg;
-		return(0);
-	default:
-		break;
+		DSOerr(DSO_F_DL_NAME_CONVERTER,
+				DSO_R_NAME_TRANSLATION_FAILED); 
+		return(NULL);   
 		}
-	DSOerr(DSO_F_DL_CTRL,DSO_R_UNKNOWN_COMMAND);
-	return(-1);
+	if(transform)
+		{
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			sprintf(translated, "lib%s%s", filename, extension);
+		else
+			sprintf(translated, "%s%s", filename, extension);
+		}
+	else
+		sprintf(translated, "%s", filename);
+	return(translated);
 	}
 
 #endif /* DSO_DL */
diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c
index acf09f5..906b470 100644
--- a/crypto/openssl/crypto/dso/dso_dlfcn.c
+++ b/crypto/openssl/crypto/dso/dso_dlfcn.c
@@ -74,7 +74,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 /* Part of the hack in "dlfcn_load" ... */
 #define DSO_MAX_TRANSLATED_SIZE 256
 
-static int dlfcn_load(DSO *dso, const char *filename);
+static int dlfcn_load(DSO *dso);
 static int dlfcn_unload(DSO *dso);
 static void *dlfcn_bind_var(DSO *dso, const char *symname);
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
@@ -82,8 +82,9 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
 static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
 static int dlfcn_init(DSO *dso);
 static int dlfcn_finish(DSO *dso);
-#endif
 static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
 
 static DSO_METHOD dso_meth_dlfcn = {
 	"OpenSSL 'dlfcn' shared library method",
@@ -96,7 +97,8 @@ static DSO_METHOD dso_meth_dlfcn = {
 	NULL, /* unbind_var */
 	NULL, /* unbind_func */
 #endif
-	dlfcn_ctrl,
+	NULL, /* ctrl */
+	dlfcn_name_converter,
 	NULL, /* init */
 	NULL  /* finish */
 	};
@@ -130,41 +132,40 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
  * (i) the handle (void*) returned from dlopen().
  */
 
-static int dlfcn_load(DSO *dso, const char *filename)
+static int dlfcn_load(DSO *dso)
 	{
-	void *ptr;
-	char translated[DSO_MAX_TRANSLATED_SIZE];
-	int len;
+	void *ptr = NULL;
+	/* See applicable comments in dso_dl.c */
+	char *filename = DSO_convert_filename(dso, NULL);
 
-	/* NB: This is a hideous hack, but I'm not yet sure what
-	 * to replace it with. This attempts to convert any filename,
-	 * that looks like it has no path information, into a
-	 * translated form, e. "blah" -> "libblah.so" */
-	len = strlen(filename);
-	if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
-			(len + 6 < DSO_MAX_TRANSLATED_SIZE) &&
-			(strstr(filename, "/") == NULL))
+	if(filename == NULL)
 		{
-		sprintf(translated, "lib%s.so", filename);
-		ptr = dlopen(translated, DLOPEN_FLAG);
-		}
-	else
-		{
-		ptr = dlopen(filename, DLOPEN_FLAG);
+		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
+		goto err;
 		}
+	ptr = dlopen(filename, DLOPEN_FLAG);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
-		return(0);
+		ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+		goto err;
 		}
 	if(!sk_push(dso->meth_data, (char *)ptr))
 		{
 		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
-		dlclose(ptr);
-		return(0);
+		goto err;
 		}
+	/* Success */
+	dso->loaded_filename = filename;
 	return(1);
-	}
+err:
+	/* Cleanup! */
+	if(filename != NULL)
+		OPENSSL_free(filename);
+	if(ptr != NULL)
+		dlclose(ptr);
+	return(0);
+}
 
 static int dlfcn_unload(DSO *dso)
 	{
@@ -214,6 +215,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 	if(sym == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
 		return(NULL);
 		}
 	return(sym);
@@ -244,33 +246,44 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 	if(sym == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
 		return(NULL);
 		}
 	return(sym);
 	}
 
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg)
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
 	{
-	if(dso == NULL)
+	char *translated;
+	int len, rsize, transform;
+
+	len = strlen(filename);
+	rsize = len + 1;
+	transform = (strstr(filename, "/") == NULL);
+	if(transform)
 		{
-		DSOerr(DSO_F_DLFCN_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return(-1);
+		/* We will convert this to "%s.so" or "lib%s.so" */
+		rsize += 3;	/* The length of ".so" */
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			rsize += 3; /* The length of "lib" */
 		}
-	switch(cmd)
+	translated = OPENSSL_malloc(rsize);
+	if(translated == NULL)
 		{
-	case DSO_CTRL_GET_FLAGS:
-		return dso->flags;
-	case DSO_CTRL_SET_FLAGS:
-		dso->flags = (int)larg;
-		return(0);
-	case DSO_CTRL_OR_FLAGS:
-		dso->flags |= (int)larg;
-		return(0);
-	default:
-		break;
+		DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
+				DSO_R_NAME_TRANSLATION_FAILED);
+		return(NULL);
 		}
-	DSOerr(DSO_F_DLFCN_CTRL,DSO_R_UNKNOWN_COMMAND);
-	return(-1);
+	if(transform)
+		{
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			sprintf(translated, "lib%s.so", filename);
+		else
+			sprintf(translated, "%s.so", filename);
+		}
+	else
+		sprintf(translated, "%s", filename);
+	return(translated);
 	}
 
 #endif /* DSO_DLFCN */
diff --git a/crypto/openssl/crypto/dso/dso_err.c b/crypto/openssl/crypto/dso/dso_err.c
index a3d7321..cf452de 100644
--- a/crypto/openssl/crypto/dso/dso_err.c
+++ b/crypto/openssl/crypto/dso/dso_err.c
@@ -63,34 +63,38 @@
 #include <openssl/dso.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA DSO_str_functs[]=
 	{
 {ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0),	"DLFCN_BIND_FUNC"},
 {ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0),	"DLFCN_BIND_VAR"},
-{ERR_PACK(0,DSO_F_DLFCN_CTRL,0),	"DLFCN_CTRL"},
 {ERR_PACK(0,DSO_F_DLFCN_LOAD,0),	"DLFCN_LOAD"},
+{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0),	"DLFCN_NAME_CONVERTER"},
 {ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0),	"DLFCN_UNLOAD"},
 {ERR_PACK(0,DSO_F_DL_BIND_FUNC,0),	"DL_BIND_FUNC"},
 {ERR_PACK(0,DSO_F_DL_BIND_VAR,0),	"DL_BIND_VAR"},
-{ERR_PACK(0,DSO_F_DL_CTRL,0),	"DL_CTRL"},
 {ERR_PACK(0,DSO_F_DL_LOAD,0),	"DL_LOAD"},
+{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0),	"DL_NAME_CONVERTER"},
 {ERR_PACK(0,DSO_F_DL_UNLOAD,0),	"DL_UNLOAD"},
 {ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0),	"DSO_bind_func"},
 {ERR_PACK(0,DSO_F_DSO_BIND_VAR,0),	"DSO_bind_var"},
+{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0),	"DSO_convert_filename"},
 {ERR_PACK(0,DSO_F_DSO_CTRL,0),	"DSO_ctrl"},
 {ERR_PACK(0,DSO_F_DSO_FREE,0),	"DSO_free"},
+{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0),	"DSO_get_filename"},
+{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0),	"DSO_get_loaded_filename"},
 {ERR_PACK(0,DSO_F_DSO_LOAD,0),	"DSO_load"},
 {ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0),	"DSO_new_method"},
-{ERR_PACK(0,DSO_F_DSO_UP,0),	"DSO_up"},
+{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0),	"DSO_set_filename"},
+{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0),	"DSO_set_name_converter"},
+{ERR_PACK(0,DSO_F_DSO_UP_REF,0),	"DSO_up_ref"},
 {ERR_PACK(0,DSO_F_VMS_BIND_VAR,0),	"VMS_BIND_VAR"},
-{ERR_PACK(0,DSO_F_VMS_CTRL,0),	"VMS_CTRL"},
 {ERR_PACK(0,DSO_F_VMS_LOAD,0),	"VMS_LOAD"},
 {ERR_PACK(0,DSO_F_VMS_UNLOAD,0),	"VMS_UNLOAD"},
 {ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0),	"WIN32_BIND_FUNC"},
 {ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0),	"WIN32_BIND_VAR"},
-{ERR_PACK(0,DSO_F_WIN32_CTRL,0),	"WIN32_CTRL"},
 {ERR_PACK(0,DSO_F_WIN32_LOAD,0),	"WIN32_LOAD"},
+{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0),	"WIN32_NAME_CONVERTER"},
 {ERR_PACK(0,DSO_F_WIN32_UNLOAD,0),	"WIN32_UNLOAD"},
 {0,NULL}
 	};
@@ -98,13 +102,16 @@ static ERR_STRING_DATA DSO_str_functs[]=
 static ERR_STRING_DATA DSO_str_reasons[]=
 	{
 {DSO_R_CTRL_FAILED                       ,"control command failed"},
+{DSO_R_DSO_ALREADY_LOADED                ,"dso already loaded"},
 {DSO_R_FILENAME_TOO_BIG                  ,"filename too big"},
 {DSO_R_FINISH_FAILED                     ,"cleanup method function failed"},
 {DSO_R_LOAD_FAILED                       ,"could not load the shared library"},
+{DSO_R_NAME_TRANSLATION_FAILED           ,"name translation failed"},
+{DSO_R_NO_FILENAME                       ,"no filename"},
 {DSO_R_NULL_HANDLE                       ,"a null shared library handle was used"},
+{DSO_R_SET_FILENAME_FAILED               ,"set filename failed"},
 {DSO_R_STACK_ERROR                       ,"the meth_data stack is corrupt"},
 {DSO_R_SYM_FAILURE                       ,"could not bind to the requested symbol name"},
-{DSO_R_UNKNOWN_COMMAND                   ,"unknown control command"},
 {DSO_R_UNLOAD_FAILED                     ,"could not unload the shared library"},
 {DSO_R_UNSUPPORTED                       ,"functionality not supported"},
 {0,NULL}
@@ -119,7 +126,7 @@ void ERR_load_DSO_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_DSO,DSO_str_functs);
 		ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/dso/dso_lib.c b/crypto/openssl/crypto/dso/dso_lib.c
index acd1666..556069b 100644
--- a/crypto/openssl/crypto/dso/dso_lib.c
+++ b/crypto/openssl/crypto/dso/dso_lib.c
@@ -108,7 +108,7 @@ DSO *DSO_new_method(DSO_METHOD *meth)
 		}
 	memset(ret, 0, sizeof(DSO));
 	ret->meth_data = sk_new_null();
-	if((ret->meth_data = sk_new_null()) == NULL)
+	if(ret->meth_data == NULL)
 		{
 		/* sk_new doesn't generate any errors so we do */
 		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
@@ -164,6 +164,10 @@ int DSO_free(DSO *dso)
 		}
 	
 	sk_free(dso->meth_data);
+	if(dso->filename != NULL)
+		OPENSSL_free(dso->filename);
+	if(dso->loaded_filename != NULL)
+		OPENSSL_free(dso->loaded_filename);
  
 	OPENSSL_free(dso);
 	return(1);
@@ -175,11 +179,11 @@ int DSO_flags(DSO *dso)
 	}
 
 
-int DSO_up(DSO *dso)
+int DSO_up_ref(DSO *dso)
 	{
 	if (dso == NULL)
 		{
-		DSOerr(DSO_F_DSO_UP,ERR_R_PASSED_NULL_PARAMETER);
+		DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
 
@@ -192,48 +196,60 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
 	DSO *ret;
 	int allocated = 0;
 
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
 	if(dso == NULL)
 		{
 		ret = DSO_new_method(meth);
 		if(ret == NULL)
 			{
 			DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
-			return(NULL);
+			goto err;
 			}
 		allocated = 1;
+		/* Pass the provided flags to the new DSO object */
+		if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
+			{
+			DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
+			goto err;
+			}
 		}
 	else
 		ret = dso;
-	/* Bleurgh ... have to check for negative return values for
-	 * errors. <grimace> */
-	if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
+	/* Don't load if we're currently already loaded */
+	if(ret->filename != NULL)
 		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
-		if(allocated)
-			DSO_free(ret);
-		return(NULL);
+		DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
+		goto err;
+		}
+	/* filename can only be NULL if we were passed a dso that already has
+	 * one set. */
+	if(filename != NULL)
+		if(!DSO_set_filename(ret, filename))
+			{
+			DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
+			goto err;
+			}
+	filename = ret->filename;
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
+		goto err;
 		}
 	if(ret->meth->dso_load == NULL)
 		{
 		DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
-		if(allocated)
-			DSO_free(ret);
-		return(NULL);
+		goto err;
 		}
-	if(!ret->meth->dso_load(ret, filename))
+	if(!ret->meth->dso_load(ret))
 		{
 		DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
-		if(allocated)
-			DSO_free(ret);
-		return(NULL);
+		goto err;
 		}
 	/* Load succeeded */
 	return(ret);
+err:
+	if(allocated)
+		DSO_free(ret);
+	return(NULL);
 	}
 
 void *DSO_bind_var(DSO *dso, const char *symname)
@@ -297,6 +313,22 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
 		DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
 		return(-1);
 		}
+	/* We should intercept certain generic commands and only pass control
+	 * to the method-specific ctrl() function if it's something we don't
+	 * handle. */
+	switch(cmd)
+		{
+	case DSO_CTRL_GET_FLAGS:
+		return dso->flags;
+	case DSO_CTRL_SET_FLAGS:
+		dso->flags = (int)larg;
+		return(0);
+	case DSO_CTRL_OR_FLAGS:
+		dso->flags |= (int)larg;
+		return(0);
+	default:
+		break;
+		}
 	if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
 		{
 		DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
@@ -304,3 +336,104 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
 		}
 	return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
 	}
+
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+			DSO_NAME_CONVERTER_FUNC *oldcb)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(oldcb)
+		*oldcb = dso->name_converter;
+	dso->name_converter = cb;
+	return(1);
+	}
+
+const char *DSO_get_filename(DSO *dso)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	return(dso->filename);
+	}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+	{
+	char *copied;
+
+	if((dso == NULL) || (filename == NULL))
+		{
+		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(dso->loaded_filename)
+		{
+		DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
+		return(0);
+		}
+	/* We'll duplicate filename */
+	copied = OPENSSL_malloc(strlen(filename) + 1);
+	if(copied == NULL)
+		{
+		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	strcpy(copied, filename);
+	if(dso->filename)
+		OPENSSL_free(dso->filename);
+	dso->filename = copied;
+	return(1);
+	}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+	{
+	char *result = NULL;
+
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(filename == NULL)
+		filename = dso->filename;
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
+		return(NULL);
+		}
+	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
+		{
+		if(dso->name_converter != NULL)
+			result = dso->name_converter(dso, filename);
+		else if(dso->meth->dso_name_converter != NULL)
+			result = dso->meth->dso_name_converter(dso, filename);
+		}
+	if(result == NULL)
+		{
+		result = OPENSSL_malloc(strlen(filename) + 1);
+		if(result == NULL)
+			{
+			DSOerr(DSO_F_DSO_CONVERT_FILENAME,
+					ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(result, filename);
+		}
+	return(result);
+	}
+
+const char *DSO_get_loaded_filename(DSO *dso)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	return(dso->loaded_filename);
+	}
diff --git a/crypto/openssl/crypto/ebcdic.c b/crypto/openssl/crypto/ebcdic.c
index a83536b..d1bece8 100644
--- a/crypto/openssl/crypto/ebcdic.c
+++ b/crypto/openssl/crypto/ebcdic.c
@@ -211,7 +211,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
 }
 
 #else /*CHARSET_EBCDIC*/
-#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
+#include <openssl/e_os2.h>
+#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
 static void *dummy=&dummy;
 #endif
 #endif
diff --git a/crypto/openssl/crypto/ec/Makefile.ssl b/crypto/openssl/crypto/ec/Makefile.ssl
new file mode 100644
index 0000000..c34a49c
--- /dev/null
+++ b/crypto/openssl/crypto/ec/Makefile.ssl
@@ -0,0 +1,128 @@
+#
+# crypto/ec/Makefile
+#
+
+DIR=	ec
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \
+	ec_err.c
+
+LIBOBJ=	ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \
+	ec_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ec.h
+HEADER=	ec_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_err.o: ec_err.c
+ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_lib.o: ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_mult.o: ec_lcl.h ec_mult.c
+ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_mont.o: ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c
+ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_smpl.o: ec_lcl.h ecp_smpl.c
diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/openssl/crypto/ec/ec.h
new file mode 100644
index 0000000..a52d4ed
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ec.h
@@ -0,0 +1,245 @@
+/* crypto/ec/ec.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_EC_H
+#define HEADER_EC_H
+
+#ifdef OPENSSL_NO_EC
+#error EC is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+typedef enum {
+	/* values as defined in X9.62 (ECDSA) and elsewhere */
+	POINT_CONVERSION_COMPRESSED = 2,
+	POINT_CONVERSION_UNCOMPRESSED = 4,
+	POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+
+typedef struct ec_method_st EC_METHOD;
+
+typedef struct ec_group_st
+	/*
+	 EC_METHOD *meth;
+	 -- field definition
+	 -- curve coefficients
+	 -- optional generator with associated information (order, cofactor)
+	 -- optional extra data (TODO: precomputed table for fast computation of multiples of generator)
+	*/
+	EC_GROUP;
+
+typedef struct ec_point_st EC_POINT;
+
+
+/* EC_METHODs for curves over GF(p).
+ * EC_GFp_simple_method provides the basis for the optimized methods.
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+const EC_METHOD *EC_GFp_mont_method(void);
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void); /* TODO */
+const EC_METHOD *EC_GFp_nist_method(void); /* TODO */
+#endif
+
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *);
+void EC_GROUP_free(EC_GROUP *);
+void EC_GROUP_clear_free(EC_GROUP *);
+int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
+	
+
+/* We don't have types for field specifications and field elements in general.
+ * Otherwise we could declare
+ *     int EC_GROUP_set_curve(EC_GROUP *, .....);
+ */
+int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+
+/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp()
+ * after choosing an appropriate EC_METHOD */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+
+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+
+EC_POINT *EC_POINT_new(const EC_GROUP *);
+void EC_POINT_free(EC_POINT *);
+void EC_POINT_clear_free(EC_POINT *);
+int EC_POINT_copy(EC_POINT *, const EC_POINT *);
+ 
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
+
+int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BN_CTX *);
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, int y_bit, BN_CTX *);
+
+size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *);
+int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
+        const unsigned char *buf, size_t len, BN_CTX *);
+
+int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+
+int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+
+
+int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
+int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
+int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
+
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EC_strings(void);
+
+/* Error codes for the EC functions. */
+
+/* Function codes. */
+#define EC_F_COMPUTE_WNAF				 143
+#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133
+#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134
+#define EC_F_EC_GFP_MONT_FIELD_MUL			 131
+#define EC_F_EC_GFP_MONT_FIELD_SQR			 132
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101
+#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102
+#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104
+#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137
+#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
+#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
+#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
+#define EC_F_EC_GROUP_COPY				 106
+#define EC_F_EC_GROUP_GET0_GENERATOR			 139
+#define EC_F_EC_GROUP_GET_COFACTOR			 140
+#define EC_F_EC_GROUP_GET_CURVE_GFP			 130
+#define EC_F_EC_GROUP_GET_EXTRA_DATA			 107
+#define EC_F_EC_GROUP_GET_ORDER				 141
+#define EC_F_EC_GROUP_NEW				 108
+#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
+#define EC_F_EC_GROUP_SET_CURVE_GFP			 109
+#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110
+#define EC_F_EC_GROUP_SET_GENERATOR			 111
+#define EC_F_EC_POINTS_MAKE_AFFINE			 136
+#define EC_F_EC_POINTS_MUL				 138
+#define EC_F_EC_POINT_ADD				 112
+#define EC_F_EC_POINT_CMP				 113
+#define EC_F_EC_POINT_COPY				 114
+#define EC_F_EC_POINT_DBL				 115
+#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116
+#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117
+#define EC_F_EC_POINT_IS_AT_INFINITY			 118
+#define EC_F_EC_POINT_IS_ON_CURVE			 119
+#define EC_F_EC_POINT_MAKE_AFFINE			 120
+#define EC_F_EC_POINT_NEW				 121
+#define EC_F_EC_POINT_OCT2POINT				 122
+#define EC_F_EC_POINT_POINT2OCT				 123
+#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124
+#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125
+#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126
+#define EC_F_EC_POINT_SET_TO_INFINITY			 127
+#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP		 135
+
+/* Reason codes. */
+#define EC_R_BUFFER_TOO_SMALL				 100
+#define EC_R_INCOMPATIBLE_OBJECTS			 101
+#define EC_R_INVALID_ARGUMENT				 112
+#define EC_R_INVALID_COMPRESSED_POINT			 110
+#define EC_R_INVALID_COMPRESSION_BIT			 109
+#define EC_R_INVALID_ENCODING				 102
+#define EC_R_INVALID_FIELD				 103
+#define EC_R_INVALID_FORM				 104
+#define EC_R_NOT_INITIALIZED				 111
+#define EC_R_NO_SUCH_EXTRA_DATA				 105
+#define EC_R_POINT_AT_INFINITY				 106
+#define EC_R_POINT_IS_NOT_ON_CURVE			 107
+#define EC_R_SLOT_FULL					 108
+#define EC_R_UNDEFINED_GENERATOR			 113
+#define EC_R_UNKNOWN_ORDER				 114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/ec/ec_cvt.c b/crypto/openssl/crypto/ec/ec_cvt.c
new file mode 100644
index 0000000..45b0ec3
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ec_cvt.c
@@ -0,0 +1,80 @@
+/* crypto/ec/ec_cvt.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	const EC_METHOD *meth;
+	EC_GROUP *ret;
+	
+	/* Finally, this will use EC_GFp_nist_method if 'p' is a special
+	 * prime with optimized modular arithmetics (for NIST curves)
+	 */
+	meth = EC_GFp_mont_method();
+	
+	ret = EC_GROUP_new(meth);
+	if (ret == NULL)
+		return NULL;
+
+	if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
+		{
+		EC_GROUP_clear_free(ret);
+		return NULL;
+		}
+
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/openssl/crypto/ec/ec_err.c
new file mode 100644
index 0000000..394cdc0
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ec_err.c
@@ -0,0 +1,151 @@
+/* crypto/ec/ec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA EC_str_functs[]=
+	{
+{ERR_PACK(0,EC_F_COMPUTE_WNAF,0),	"COMPUTE_WNAF"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0),	"ec_GFp_mont_field_decode"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0),	"ec_GFp_mont_field_encode"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0),	"ec_GFp_mont_field_mul"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0),	"ec_GFp_mont_field_sqr"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0),	"ec_GFp_simple_group_set_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0),	"ec_GFp_simple_group_set_generator"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0),	"ec_GFp_simple_make_affine"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0),	"ec_GFp_simple_oct2point"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0),	"ec_GFp_simple_point2oct"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0),	"ec_GFp_simple_points_make_affine"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0),	"ec_GFp_simple_point_get_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0),	"ec_GFp_simple_point_set_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0),	"ec_GFp_simple_set_compressed_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_COPY,0),	"EC_GROUP_copy"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0),	"EC_GROUP_get0_generator"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0),	"EC_GROUP_get_cofactor"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0),	"EC_GROUP_get_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0),	"EC_GROUP_get_extra_data"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0),	"EC_GROUP_get_order"},
+{ERR_PACK(0,EC_F_EC_GROUP_NEW,0),	"EC_GROUP_new"},
+{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0),	"EC_GROUP_precompute_mult"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0),	"EC_GROUP_set_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0),	"EC_GROUP_set_extra_data"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0),	"EC_GROUP_set_generator"},
+{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0),	"EC_POINTs_make_affine"},
+{ERR_PACK(0,EC_F_EC_POINTS_MUL,0),	"EC_POINTs_mul"},
+{ERR_PACK(0,EC_F_EC_POINT_ADD,0),	"EC_POINT_add"},
+{ERR_PACK(0,EC_F_EC_POINT_CMP,0),	"EC_POINT_cmp"},
+{ERR_PACK(0,EC_F_EC_POINT_COPY,0),	"EC_POINT_copy"},
+{ERR_PACK(0,EC_F_EC_POINT_DBL,0),	"EC_POINT_dbl"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0),	"EC_POINT_get_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0),	"EC_POINT_get_Jprojective_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0),	"EC_POINT_is_at_infinity"},
+{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0),	"EC_POINT_is_on_curve"},
+{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0),	"EC_POINT_make_affine"},
+{ERR_PACK(0,EC_F_EC_POINT_NEW,0),	"EC_POINT_new"},
+{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0),	"EC_POINT_oct2point"},
+{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0),	"EC_POINT_point2oct"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0),	"EC_POINT_set_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0),	"EC_POINT_set_compressed_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0),	"EC_POINT_set_Jprojective_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0),	"EC_POINT_set_to_infinity"},
+{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0),	"GFP_MONT_GROUP_SET_CURVE_GFP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA EC_str_reasons[]=
+	{
+{EC_R_BUFFER_TOO_SMALL                   ,"buffer too small"},
+{EC_R_INCOMPATIBLE_OBJECTS               ,"incompatible objects"},
+{EC_R_INVALID_ARGUMENT                   ,"invalid argument"},
+{EC_R_INVALID_COMPRESSED_POINT           ,"invalid compressed point"},
+{EC_R_INVALID_COMPRESSION_BIT            ,"invalid compression bit"},
+{EC_R_INVALID_ENCODING                   ,"invalid encoding"},
+{EC_R_INVALID_FIELD                      ,"invalid field"},
+{EC_R_INVALID_FORM                       ,"invalid form"},
+{EC_R_NOT_INITIALIZED                    ,"not initialized"},
+{EC_R_NO_SUCH_EXTRA_DATA                 ,"no such extra data"},
+{EC_R_POINT_AT_INFINITY                  ,"point at infinity"},
+{EC_R_POINT_IS_NOT_ON_CURVE              ,"point is not on curve"},
+{EC_R_SLOT_FULL                          ,"slot full"},
+{EC_R_UNDEFINED_GENERATOR                ,"undefined generator"},
+{EC_R_UNKNOWN_ORDER                      ,"unknown order"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_EC_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_EC,EC_str_functs);
+		ERR_load_strings(ERR_LIB_EC,EC_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/ec/ec_lcl.h b/crypto/openssl/crypto/ec/ec_lcl.h
new file mode 100644
index 0000000..cc4cf27
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ec_lcl.h
@@ -0,0 +1,277 @@
+/* crypto/ec/ec_lcl.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdlib.h>
+
+#include <openssl/ec.h>
+
+
+/* Structure details are not part of the exported interface,
+ * so all this may change in future versions. */
+
+struct ec_method_st {
+	/* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
+	int (*group_init)(EC_GROUP *);
+	void (*group_finish)(EC_GROUP *);
+	void (*group_clear_finish)(EC_GROUP *);
+	int (*group_copy)(EC_GROUP *, const EC_GROUP *);
+
+	/* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */
+	int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+	int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+
+	/* used by EC_GROUP_set_generator, EC_GROUP_get0_generator,
+	 * EC_GROUP_get_order, EC_GROUP_get_cofactor:
+	 */
+	int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator,
+	        const BIGNUM *order, const BIGNUM *cofactor);
+	EC_POINT *(*group_get0_generator)(const EC_GROUP *);
+	int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+	int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+
+	/* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
+	int (*point_init)(EC_POINT *);
+	void (*point_finish)(EC_POINT *);
+	void (*point_clear_finish)(EC_POINT *);
+	int (*point_copy)(EC_POINT *, const EC_POINT *);
+
+	/* used by EC_POINT_set_to_infinity,
+	 * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp,
+	 * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
+	 * EC_POINT_set_compressed_coordinates_GFp:
+	 */
+	int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
+	int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+		const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+	int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
+		BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+	int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+		const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+	int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
+		BIGNUM *x, BIGNUM *y, BN_CTX *);
+	int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+		const BIGNUM *x, int y_bit, BN_CTX *);
+
+	/* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+	size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+	        unsigned char *buf, size_t len, BN_CTX *);
+	int (*oct2point)(const EC_GROUP *, EC_POINT *,
+	        const unsigned char *buf, size_t len, BN_CTX *);
+
+	/* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+	int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+	int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+	int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+	/* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
+	int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
+	int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+	int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+
+	/* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+	int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
+	int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+
+
+	/* internal functions */
+
+	/* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that
+	 * the same implementations of point operations can be used with different
+	 * optimized implementations of expensive field operations: */
+	int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+	int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
+	int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
+	int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+} /* EC_METHOD */;
+
+
+struct ec_group_st {
+	const EC_METHOD *meth;
+
+	void *extra_data;
+	void *(*extra_data_dup_func)(void *);
+	void (*extra_data_free_func)(void *);
+	void (*extra_data_clear_free_func)(void *);
+
+	/* All members except 'meth' and 'extra_data...' are handled by
+	 * the method functions, even if they appear generic */
+	
+	BIGNUM field; /* Field specification.
+	               * For curves over GF(p), this is the modulus. */
+
+	BIGNUM a, b; /* Curve coefficients.
+	              * (Here the assumption is that BIGNUMs can be used
+	              * or abused for all kinds of fields, not just GF(p).)
+	              * For characteristic  > 3,  the curve is defined
+	              * by a Weierstrass equation of the form
+	              *     y^2 = x^3 + a*x + b.
+	              */
+	int a_is_minus3; /* enable optimized point arithmetics for special case */
+
+	EC_POINT *generator; /* optional */
+	BIGNUM order, cofactor;
+
+	void *field_data1; /* method-specific (e.g., Montgomery structure) */
+	void *field_data2; /* method-specific */
+} /* EC_GROUP */;
+
+
+/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
+ * (with visibility limited to 'package' level for now).
+ * We use the function pointers as index for retrieval; this obviates
+ * global ex_data-style index tables.
+ * (Currently, we have one slot only, but is is possible to extend this
+ * if necessary.) */
+int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
+void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
+void EC_GROUP_free_extra_data(EC_GROUP *);
+void EC_GROUP_clear_free_extra_data(EC_GROUP *);
+
+
+
+struct ec_point_st {
+	const EC_METHOD *meth;
+
+	/* All members except 'meth' are handled by the method functions,
+	 * even if they appear generic */
+
+	BIGNUM X;
+	BIGNUM Y;
+	BIGNUM Z; /* Jacobian projective coordinates:
+	           * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */
+	int Z_is_one; /* enable optimized point arithmetics for special case */
+} /* EC_POINT */;
+
+
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
+	const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
+int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, int y_bit, BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+	unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+	const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+
+/* method functions in ecp_recp.c */
+int ec_GFp_recp_group_init(EC_GROUP *);
+int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_recp_group_finish(EC_GROUP *);
+void ec_GFp_recp_group_clear_finish(EC_GROUP *);
+int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_init(EC_GROUP *);
+int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_nist_group_finish(EC_GROUP *);
+void ec_GFp_nist_group_clear_finish(EC_GROUP *);
+int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c
new file mode 100644
index 0000000..1d2cc71
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ec_lib.c
@@ -0,0 +1,654 @@
+/* crypto/ec/ec_lib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
+
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+	{
+	EC_GROUP *ret;
+
+	if (meth == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	if (meth->group_init == 0)
+		{
+		ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return NULL;
+		}
+
+	ret = OPENSSL_malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	ret->meth = meth;
+
+	ret->extra_data = NULL;
+	ret->extra_data_dup_func = 0;
+	ret->extra_data_free_func = 0;
+	ret->extra_data_clear_free_func = 0;
+	
+	if (!meth->group_init(ret))
+		{
+		OPENSSL_free(ret);
+		return NULL;
+		}
+	
+	return ret;
+	}
+
+
+void EC_GROUP_free(EC_GROUP *group)
+	{
+	if (!group) return;
+
+	if (group->meth->group_finish != 0)
+		group->meth->group_finish(group);
+
+	EC_GROUP_free_extra_data(group);
+
+	OPENSSL_free(group);
+	}
+ 
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+	{
+	if (!group) return;
+
+	if (group->meth->group_clear_finish != 0)
+		group->meth->group_clear_finish(group);
+	else if (group->meth != NULL && group->meth->group_finish != 0)
+		group->meth->group_finish(group);
+
+	EC_GROUP_clear_free_extra_data(group);
+
+	OPENSSL_cleanse(group, sizeof *group);
+	OPENSSL_free(group);
+	}
+
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	if (dest->meth->group_copy == 0)
+		{
+		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (dest->meth != src->meth)
+		{
+		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	if (dest == src)
+		return 1;
+	
+	EC_GROUP_clear_free_extra_data(dest);
+	if (src->extra_data_dup_func)
+		{
+		if (src->extra_data != NULL)
+			{
+			dest->extra_data = src->extra_data_dup_func(src->extra_data);
+			if (dest->extra_data == NULL)
+				return 0;
+			}
+
+		dest->extra_data_dup_func = src->extra_data_dup_func;
+		dest->extra_data_free_func = src->extra_data_free_func;
+		dest->extra_data_clear_free_func = src->extra_data_clear_free_func;
+		}
+
+	return dest->meth->group_copy(dest, src);
+	}
+
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+	{
+	return group->meth;
+	}
+
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->meth->group_set_curve_GFp == 0)
+		{
+		ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_set_curve_GFp(group, p, a, b, ctx);
+	}
+
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->meth->group_get_curve_GFp == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get_curve_GFp(group, p, a, b, ctx);
+	}
+
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
+	{
+	if (group->meth->group_set_generator == 0)
+		{
+		ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_set_generator(group, generator, order, cofactor);
+	}
+
+
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+	{
+	if (group->meth->group_get0_generator == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get0_generator(group);
+	}
+
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+	{
+	if (group->meth->group_get_order == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get_order(group, order, ctx);
+	}
+
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
+	{
+	if (group->meth->group_get_cofactor == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get_cofactor(group, cofactor, ctx);
+	}
+
+
+/* this has 'package' visibility */
+int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
+	{
+	if ((group->extra_data != NULL)
+		|| (group->extra_data_dup_func != 0)
+		|| (group->extra_data_free_func != 0)
+		|| (group->extra_data_clear_free_func != 0))
+		{
+		ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
+		return 0;
+		}
+
+	group->extra_data = extra_data;
+	group->extra_data_dup_func = extra_data_dup_func;
+	group->extra_data_free_func = extra_data_free_func;
+	group->extra_data_clear_free_func = extra_data_clear_free_func;
+	return 1;
+	}
+
+
+/* this has 'package' visibility */
+void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
+	{
+	if ((group->extra_data_dup_func != extra_data_dup_func)
+		|| (group->extra_data_free_func != extra_data_free_func)
+		|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
+		{
+		ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA);
+		return NULL;
+		}
+
+	return group->extra_data;
+	}
+
+
+/* this has 'package' visibility */
+void EC_GROUP_free_extra_data(EC_GROUP *group)
+	{
+	if (group->extra_data_free_func)
+		group->extra_data_free_func(group->extra_data);
+	group->extra_data = NULL;
+	group->extra_data_dup_func = 0;
+	group->extra_data_free_func = 0;
+	group->extra_data_clear_free_func = 0;
+	}
+
+
+/* this has 'package' visibility */
+void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
+	{
+	if (group->extra_data_clear_free_func)
+		group->extra_data_clear_free_func(group->extra_data);
+	else if (group->extra_data_free_func)
+		group->extra_data_free_func(group->extra_data);
+	group->extra_data = NULL;
+	group->extra_data_dup_func = 0;
+	group->extra_data_free_func = 0;
+	group->extra_data_clear_free_func = 0;
+	}
+
+
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+	{
+	EC_POINT *ret;
+
+	if (group == NULL)
+		{
+		ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	if (group->meth->point_init == 0)
+		{
+		ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return NULL;
+		}
+
+	ret = OPENSSL_malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	ret->meth = group->meth;
+	
+	if (!ret->meth->point_init(ret))
+		{
+		OPENSSL_free(ret);
+		return NULL;
+		}
+	
+	return ret;
+	}
+
+
+void EC_POINT_free(EC_POINT *point)
+	{
+	if (!point) return;
+
+	if (point->meth->point_finish != 0)
+		point->meth->point_finish(point);
+	OPENSSL_free(point);
+	}
+ 
+
+void EC_POINT_clear_free(EC_POINT *point)
+	{
+	if (!point) return;
+
+	if (point->meth->point_clear_finish != 0)
+		point->meth->point_clear_finish(point);
+	else if (point->meth != NULL && point->meth->point_finish != 0)
+		point->meth->point_finish(point);
+	OPENSSL_cleanse(point, sizeof *point);
+	OPENSSL_free(point);
+	}
+
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+	{
+	if (dest->meth->point_copy == 0)
+		{
+		ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (dest->meth != src->meth)
+		{
+		ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	if (dest == src)
+		return 1;
+	return dest->meth->point_copy(dest, src);
+	}
+
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+	{
+	return point->meth;
+	}
+
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+	{
+	if (group->meth->point_set_to_infinity == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_to_infinity(group, point);
+	}
+
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
+	}
+
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
+	{
+	if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
+	}
+
+
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_affine_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx);
+	}
+
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+	{
+	if (group->meth->point_get_affine_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx);
+	}
+
+
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, int y_bit, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_compressed_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx);
+	}
+
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	if (group->meth->point2oct == 0)
+		{
+		ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point2oct(group, point, form, buf, len, ctx);
+	}
+
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+        const unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	if (group->meth->oct2point == 0)
+		{
+		ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->oct2point(group, point, buf, len, ctx);
+	}
+
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	if (group->meth->add == 0)
+		{
+		ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
+		{
+		ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->add(group, r, a, b, ctx);
+	}
+
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+	{
+	if (group->meth->dbl == 0)
+		{
+		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if ((group->meth != r->meth) || (r->meth != a->meth))
+		{
+		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->dbl(group, r, a, ctx);
+	}
+
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+	{
+	if (group->meth->dbl == 0)
+		{
+		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != a->meth)
+		{
+		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->invert(group, a, ctx);
+	}
+
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+	{
+	if (group->meth->is_at_infinity == 0)
+		{
+		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->is_at_infinity(group, point);
+	}
+
+
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+	{
+	if (group->meth->is_on_curve == 0)
+		{
+		ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->is_on_curve(group, point, ctx);
+	}
+
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	if (group->meth->point_cmp == 0)
+		{
+		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if ((group->meth != a->meth) || (a->meth != b->meth))
+		{
+		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_cmp(group, a, b, ctx);
+	}
+
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	if (group->meth->make_affine == 0)
+		{
+		ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->make_affine(group, point, ctx);
+	}
+
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+	{
+	size_t i;
+
+	if (group->meth->points_make_affine == 0)
+		{
+		ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	for (i = 0; i < num; i++)
+		{
+		if (group->meth != points[i]->meth)
+			{
+			ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+			return 0;
+			}
+		}
+	return group->meth->points_make_affine(group, num, points, ctx);
+	}
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
new file mode 100644
index 0000000..603ba31
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -0,0 +1,473 @@
+/* crypto/ec/ec_mult.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+/* TODO: optional precomputation of multiples of the generator */
+
+
+
+/*
+ * wNAF-based interleaving multi-exponentation method
+ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>)
+ */
+
+
+/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero.
+ */
+static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx)
+	{
+	BIGNUM *c;
+	int ok = 0;
+	signed char *r = NULL;
+	int sign = 1;
+	int bit, next_bit, mask;
+	size_t len = 0, j;
+	
+	BN_CTX_start(ctx);
+	c = BN_CTX_get(ctx);
+	if (c == NULL) goto err;
+	
+	if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
+		{
+		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	bit = 1 << w; /* at most 128 */
+	next_bit = bit << 1; /* at most 256 */
+	mask = next_bit - 1; /* at most 255 */
+
+	if (!BN_copy(c, scalar)) goto err;
+	if (c->neg)
+		{
+		sign = -1;
+		c->neg = 0;
+		}
+
+	len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */
+	r = OPENSSL_malloc(len);
+	if (r == NULL) goto err;
+
+	j = 0;
+	while (!BN_is_zero(c))
+		{
+		int u = 0;
+
+		if (BN_is_odd(c)) 
+			{
+			if (c->d == NULL || c->top == 0)
+				{
+				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			u = c->d[0] & mask;
+			if (u & bit)
+				{
+				u -= next_bit;
+				/* u < 0 */
+				if (!BN_add_word(c, -u)) goto err;
+				}
+			else
+				{
+				/* u > 0 */
+				if (!BN_sub_word(c, u)) goto err;
+				}
+
+			if (u <= -bit || u >= bit || !(u & 1) || c->neg)
+				{
+				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			}
+
+		r[j++] = sign * u;
+		
+		if (BN_is_odd(c))
+			{
+			ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		if (!BN_rshift1(c, c)) goto err;
+		}
+
+	if (j > len)
+		{
+		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	len = j;
+	ok = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (!ok)
+		{
+		OPENSSL_free(r);
+		r = NULL;
+		}
+	if (ok)
+		*ret_len = len;
+	return r;
+	}
+
+
+/* TODO: table should be optimised for the wNAF-based implementation,
+ *       sometimes smaller windows will give better performance
+ *       (thus the boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+		((b) >= 2000 ? 6 : \
+		 (b) >=  800 ? 5 : \
+		 (b) >=  300 ? 4 : \
+		 (b) >=   70 ? 3 : \
+		 (b) >=   20 ? 2 : \
+		  1)
+
+/* Compute
+ *      \sum scalars[i]*points[i],
+ * also including
+ *      scalar*generator
+ * in the addition if scalar != NULL
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	EC_POINT *generator = NULL;
+	EC_POINT *tmp = NULL;
+	size_t totalnum;
+	size_t i, j;
+	int k;
+	int r_is_inverted = 0;
+	int r_is_at_infinity = 1;
+	size_t *wsize = NULL; /* individual window sizes */
+	signed char **wNAF = NULL; /* individual wNAFs */
+	size_t *wNAF_len = NULL;
+	size_t max_len = 0;
+	size_t num_val;
+	EC_POINT **val = NULL; /* precomputation */
+	EC_POINT **v;
+	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
+	int ret = 0;
+	
+	if (scalar != NULL)
+		{
+		generator = EC_GROUP_get0_generator(group);
+		if (generator == NULL)
+			{
+			ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
+			return 0;
+			}
+		}
+	
+	for (i = 0; i < num; i++)
+		{
+		if (group->meth != points[i]->meth)
+			{
+			ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+			return 0;
+			}
+		}
+
+	totalnum = num + (scalar != NULL);
+
+	wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
+	wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
+	wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
+	if (wNAF != NULL)
+		{
+		wNAF[0] = NULL; /* preliminary pivot */
+		}
+	if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err;
+
+	/* num_val := total number of points to precompute */
+	num_val = 0;
+	for (i = 0; i < totalnum; i++)
+		{
+		size_t bits;
+
+		bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+		wsize[i] = EC_window_bits_for_scalar_size(bits);
+		num_val += 1u << (wsize[i] - 1);
+		}
+
+	/* all precomputed points go into a single array 'val',
+	 * 'val_sub[i]' is a pointer to the subarray for the i-th point */
+	val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+	if (val == NULL) goto err;
+	val[num_val] = NULL; /* pivot element */
+
+	val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+	if (val_sub == NULL) goto err;
+
+	/* allocate points for precomputation */
+	v = val;
+	for (i = 0; i < totalnum; i++)
+		{
+		val_sub[i] = v;
+		for (j = 0; j < (1u << (wsize[i] - 1)); j++)
+			{
+			*v = EC_POINT_new(group);
+			if (*v == NULL) goto err;
+			v++;
+			}
+		}
+	if (!(v == val + num_val))
+		{
+		ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			goto err;
+		}
+	
+	tmp = EC_POINT_new(group);
+	if (tmp == NULL) goto err;
+
+	/* prepare precomputed values:
+	 *    val_sub[i][0] :=     points[i]
+	 *    val_sub[i][1] := 3 * points[i]
+	 *    val_sub[i][2] := 5 * points[i]
+	 *    ...
+	 */
+	for (i = 0; i < totalnum; i++)
+		{
+		if (i < num)
+			{
+			if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
+			}
+		else
+			{
+			if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
+			}
+
+		if (wsize[i] > 1)
+			{
+			if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
+			for (j = 1; j < (1u << (wsize[i] - 1)); j++)
+				{
+				if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
+				}
+			}
+
+		wNAF[i + 1] = NULL; /* make sure we always have a pivot */
+		wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx);
+		if (wNAF[i] == NULL) goto err;
+		if (wNAF_len[i] > max_len)
+			max_len = wNAF_len[i];
+		}
+
+#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
+	if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err;
+#endif
+
+	r_is_at_infinity = 1;
+
+	for (k = max_len - 1; k >= 0; k--)
+		{
+		if (!r_is_at_infinity)
+			{
+			if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
+			}
+		
+		for (i = 0; i < totalnum; i++)
+			{
+			if (wNAF_len[i] > (size_t)k)
+				{
+				int digit = wNAF[i][k];
+				int is_neg;
+
+				if (digit) 
+					{
+					is_neg = digit < 0;
+
+					if (is_neg)
+						digit = -digit;
+
+					if (is_neg != r_is_inverted)
+						{
+						if (!r_is_at_infinity)
+							{
+							if (!EC_POINT_invert(group, r, ctx)) goto err;
+							}
+						r_is_inverted = !r_is_inverted;
+						}
+
+					/* digit > 0 */
+
+					if (r_is_at_infinity)
+						{
+						if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
+						r_is_at_infinity = 0;
+						}
+					else
+						{
+						if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
+						}
+					}
+				}
+			}
+		}
+
+	if (r_is_at_infinity)
+		{
+		if (!EC_POINT_set_to_infinity(group, r)) goto err;
+		}
+	else
+		{
+		if (r_is_inverted)
+			if (!EC_POINT_invert(group, r, ctx)) goto err;
+		}
+	
+	ret = 1;
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (tmp != NULL)
+		EC_POINT_free(tmp);
+	if (wsize != NULL)
+		OPENSSL_free(wsize);
+	if (wNAF_len != NULL)
+		OPENSSL_free(wNAF_len);
+	if (wNAF != NULL)
+		{
+		signed char **w;
+		
+		for (w = wNAF; *w != NULL; w++)
+			OPENSSL_free(*w);
+		
+		OPENSSL_free(wNAF);
+		}
+	if (val != NULL)
+		{
+		for (v = val; *v != NULL; v++)
+			EC_POINT_clear_free(*v);
+
+		OPENSSL_free(val);
+		}
+	if (val_sub != NULL)
+		{
+		OPENSSL_free(val_sub);
+		}
+	return ret;
+	}
+
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+	{
+	const EC_POINT *points[1];
+	const BIGNUM *scalars[1];
+
+	points[0] = point;
+	scalars[0] = p_scalar;
+
+	return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
+	}
+
+
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+	{
+	const EC_POINT *generator;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *order;
+	int ret = 0;
+
+	generator = EC_GROUP_get0_generator(group);
+	if (generator == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+	
+	BN_CTX_start(ctx);
+	order = BN_CTX_get(ctx);
+	if (order == NULL) goto err;
+	
+	if (!EC_GROUP_get_order(group, order, ctx)) return 0;
+	if (BN_is_zero(order))
+		{
+		ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+		goto err;
+		}
+
+	/* TODO */
+
+	ret = 1;
+	
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/ec/ecp_mont.c b/crypto/openssl/crypto/ec/ecp_mont.c
new file mode 100644
index 0000000..7b30d4c
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ecp_mont.c
@@ -0,0 +1,304 @@
+/* crypto/ec/ecp_mont.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+const EC_METHOD *EC_GFp_mont_method(void)
+	{
+	static const EC_METHOD ret = {
+		ec_GFp_mont_group_init,
+		ec_GFp_mont_group_finish,
+		ec_GFp_mont_group_clear_finish,
+		ec_GFp_mont_group_copy,
+		ec_GFp_mont_group_set_curve_GFp,
+		ec_GFp_simple_group_get_curve_GFp,
+		ec_GFp_simple_group_set_generator,
+		ec_GFp_simple_group_get0_generator,
+		ec_GFp_simple_group_get_order,
+		ec_GFp_simple_group_get_cofactor,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates_GFp,
+		ec_GFp_simple_point_get_affine_coordinates_GFp,
+		ec_GFp_simple_set_compressed_coordinates_GFp,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_mont_field_mul,
+		ec_GFp_mont_field_sqr,
+		ec_GFp_mont_field_encode,
+		ec_GFp_mont_field_decode,
+		ec_GFp_mont_field_set_to_one };
+
+	return &ret;
+	}
+
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+	{
+	int ok;
+
+	ok = ec_GFp_simple_group_init(group);
+	group->field_data1 = NULL;
+	group->field_data2 = NULL;
+	return ok;
+	}
+
+
+int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BN_MONT_CTX *mont = NULL;
+	BIGNUM *one = NULL;
+	int ret = 0;
+
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	mont = BN_MONT_CTX_new();
+	if (mont == NULL) goto err;
+	if (!BN_MONT_CTX_set(mont, p, ctx))
+		{
+		ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB);
+		goto err;
+		}
+	one = BN_new();
+	if (one == NULL) goto err;
+	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
+
+	group->field_data1 = mont;
+	mont = NULL;
+	group->field_data2 = one;
+	one = NULL;
+
+	ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx);
+
+	if (!ret)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (mont != NULL)
+		BN_MONT_CTX_free(mont);
+	return ret;
+	}
+
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+	{
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	ec_GFp_simple_group_finish(group);
+	}
+
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+	{
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_clear_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	ec_GFp_simple_group_clear_finish(group);
+	}
+
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	if (dest->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(dest->field_data1);
+		dest->field_data1 = NULL;
+		}
+	if (dest->field_data2 != NULL)
+		{
+		BN_clear_free(dest->field_data2);
+		dest->field_data2 = NULL;
+		}
+
+	if (!ec_GFp_simple_group_copy(dest, src)) return 0;
+
+	if (src->field_data1 != NULL)
+		{
+		dest->field_data1 = BN_MONT_CTX_new();
+		if (dest->field_data1 == NULL) return 0;
+		if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
+		}
+	if (src->field_data2 != NULL)
+		{
+		dest->field_data2 = BN_dup(src->field_data2);
+		if (dest->field_data2 == NULL) goto err;
+		}
+
+	return 1;
+
+ err:
+	if (dest->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(dest->field_data1);
+		dest->field_data1 = NULL;
+		}
+	return 0;	
+	}
+
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_from_montgomery(r, a, group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
+	{
+	if (group->field_data2 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	if (!BN_copy(r, group->field_data2)) return 0;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/ec/ecp_nist.c b/crypto/openssl/crypto/ec/ecp_nist.c
new file mode 100644
index 0000000..ed07748
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ecp_nist.c
@@ -0,0 +1,134 @@
+/* crypto/ec/ecp_nist.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+
+#if 0
+const EC_METHOD *EC_GFp_nist_method(void)
+	{
+	static const EC_METHOD ret = {
+		ec_GFp_nist_group_init,
+		ec_GFp_nist_group_finish,
+		ec_GFp_nist_group_clear_finish,
+		ec_GFp_nist_group_copy,
+		ec_GFp_nist_group_set_curve_GFp,
+		ec_GFp_simple_group_get_curve_GFp,
+		ec_GFp_simple_group_set_generator,
+		ec_GFp_simple_group_get0_generator,
+		ec_GFp_simple_group_get_order,
+		ec_GFp_simple_group_get_cofactor,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates_GFp,
+		ec_GFp_simple_point_get_affine_coordinates_GFp,
+		ec_GFp_simple_set_compressed_coordinates_GFp,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_nist_field_mul,
+		ec_GFp_nist_field_sqr,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+#endif
+
+
+int ec_GFp_nist_group_init(EC_GROUP *group)
+	{
+	int ok;
+
+	ok = ec_GFp_simple_group_init(group);
+	group->field_data1 = NULL;
+	return ok;
+	}
+
+
+int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+void ec_GFp_nist_group_finish(EC_GROUP *group);
+/* TODO */
+
+
+void ec_GFp_nist_group_clear_finish(EC_GROUP *group);
+/* TODO */
+
+
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+/* TODO */
+
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/* TODO */
diff --git a/crypto/openssl/crypto/ec/ecp_recp.c b/crypto/openssl/crypto/ec/ecp_recp.c
new file mode 100644
index 0000000..fec843b
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ecp_recp.c
@@ -0,0 +1,133 @@
+/* crypto/ec/ecp_recp.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void)
+	{
+	static const EC_METHOD ret = {
+		ec_GFp_recp_group_init,
+		ec_GFp_recp_group_finish,
+		ec_GFp_recp_group_clear_finish,
+		ec_GFp_recp_group_copy,
+		ec_GFp_recp_group_set_curve_GFp,
+		ec_GFp_simple_group_get_curve_GFp,
+		ec_GFp_simple_group_set_generator,
+		ec_GFp_simple_group_get0_generator,
+		ec_GFp_simple_group_get_order,
+		ec_GFp_simple_group_get_cofactor,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates_GFp,
+		ec_GFp_simple_point_get_affine_coordinates_GFp,
+		ec_GFp_simple_set_compressed_coordinates_GFp,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_recp_field_mul,
+		ec_GFp_recp_field_sqr,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+#endif
+
+int ec_GFp_recp_group_init(EC_GROUP *group)
+	{
+	int ok;
+
+	ok = ec_GFp_simple_group_init(group);
+	group->field_data1 = NULL;
+	return ok;
+	}
+
+
+int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+void ec_GFp_recp_group_finish(EC_GROUP *group);
+/* TODO */
+
+
+void ec_GFp_recp_group_clear_finish(EC_GROUP *group);
+/* TODO */
+
+
+int ec_GFp_recp_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+/* TODO */
+
+
+int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/* TODO */
diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c
new file mode 100644
index 0000000..4666a05
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ecp_smpl.c
@@ -0,0 +1,1717 @@
+/* crypto/ec/ecp_smpl.c */
+/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+const EC_METHOD *EC_GFp_simple_method(void)
+	{
+	static const EC_METHOD ret = {
+		ec_GFp_simple_group_init,
+		ec_GFp_simple_group_finish,
+		ec_GFp_simple_group_clear_finish,
+		ec_GFp_simple_group_copy,
+		ec_GFp_simple_group_set_curve_GFp,
+		ec_GFp_simple_group_get_curve_GFp,
+		ec_GFp_simple_group_set_generator,
+		ec_GFp_simple_group_get0_generator,
+		ec_GFp_simple_group_get_order,
+		ec_GFp_simple_group_get_cofactor,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates_GFp,
+		ec_GFp_simple_point_get_affine_coordinates_GFp,
+		ec_GFp_simple_set_compressed_coordinates_GFp,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_simple_field_mul,
+		ec_GFp_simple_field_sqr,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+	{
+	BN_init(&group->field);
+	BN_init(&group->a);
+	BN_init(&group->b);
+	group->a_is_minus3 = 0;
+	group->generator = NULL;
+	BN_init(&group->order);
+	BN_init(&group->cofactor);
+	return 1;
+	}
+
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+	{
+	BN_free(&group->field);
+	BN_free(&group->a);
+	BN_free(&group->b);
+	if (group->generator != NULL)
+		EC_POINT_free(group->generator);
+	BN_free(&group->order);
+	BN_free(&group->cofactor);
+	}
+
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+	{
+	BN_clear_free(&group->field);
+	BN_clear_free(&group->a);
+	BN_clear_free(&group->b);
+	if (group->generator != NULL)
+		{
+		EC_POINT_clear_free(group->generator);
+		group->generator = NULL;
+		}
+	BN_clear_free(&group->order);
+	BN_clear_free(&group->cofactor);
+	}
+
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	if (!BN_copy(&dest->field, &src->field)) return 0;
+	if (!BN_copy(&dest->a, &src->a)) return 0;
+	if (!BN_copy(&dest->b, &src->b)) return 0;
+
+	dest->a_is_minus3 = src->a_is_minus3;
+
+	if (src->generator != NULL)
+		{
+		if (dest->generator == NULL)
+			{
+			dest->generator = EC_POINT_new(dest);
+			if (dest->generator == NULL) return 0;
+			}
+		if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
+		}
+	else
+		{
+		/* src->generator == NULL */
+		if (dest->generator != NULL)
+			{
+			EC_POINT_clear_free(dest->generator);
+			dest->generator = NULL;
+			}
+		}
+
+	if (!BN_copy(&dest->order, &src->order)) return 0;
+	if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
+
+	return 1;
+	}
+
+
+int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group,
+	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp_a;
+	
+	/* p must be a prime > 3 */
+	if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	tmp_a = BN_CTX_get(ctx);
+	if (tmp_a == NULL) goto err;
+
+	/* group->field */
+	if (!BN_copy(&group->field, p)) goto err;
+	group->field.neg = 0;
+
+	/* group->a */
+	if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
+	if (group->meth->field_encode)
+		{ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }	
+	else
+		if (!BN_copy(&group->a, tmp_a)) goto err;
+	
+	/* group->b */
+	if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
+	if (group->meth->field_encode)
+		if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
+	
+	/* group->a_is_minus3 */
+	if (!BN_add_word(tmp_a, 3)) goto err;
+	group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BN_CTX *new_ctx = NULL;
+	
+	if (p != NULL)
+		{
+		if (!BN_copy(p, &group->field)) return 0;
+		}
+
+	if (a != NULL || b != NULL)
+		{
+		if (group->meth->field_decode)
+			{
+			if (ctx == NULL)
+				{
+				ctx = new_ctx = BN_CTX_new();
+				if (ctx == NULL)
+					return 0;
+				}
+			if (a != NULL)
+				{
+				if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
+				}
+			if (b != NULL)
+				{
+				if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
+				}
+			}
+		else
+			{
+			if (a != NULL)
+				{
+				if (!BN_copy(a, &group->a)) goto err;
+				}
+			if (b != NULL)
+				{
+				if (!BN_copy(b, &group->b)) goto err;
+				}
+			}
+		}
+	
+	ret = 1;
+	
+ err:
+	if (new_ctx)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+
+int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator,
+	const BIGNUM *order, const BIGNUM *cofactor)
+	{
+	if (generator == NULL)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+		return 0   ;
+		}
+
+	if (group->generator == NULL)
+		{
+		group->generator = EC_POINT_new(group);
+		if (group->generator == NULL) return 0;
+		}
+	if (!EC_POINT_copy(group->generator, generator)) return 0;
+
+	if (order != NULL)
+		{ if (!BN_copy(&group->order, order)) return 0; }	
+	else
+		{ if (!BN_zero(&group->order)) return 0; }	
+
+	if (cofactor != NULL)
+		{ if (!BN_copy(&group->cofactor, cofactor)) return 0; }	
+	else
+		{ if (!BN_zero(&group->cofactor)) return 0; }	
+
+	return 1;
+	}
+
+
+EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group)
+	{
+	return group->generator;
+	}
+
+
+int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+	{
+	if (!BN_copy(order, &group->order))
+		return 0;
+
+	return !BN_is_zero(&group->order);
+	}
+
+
+int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
+	{
+	if (!BN_copy(cofactor, &group->cofactor))
+		return 0;
+
+	return !BN_is_zero(&group->cofactor);
+	}
+
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+	{
+	BN_init(&point->X);
+	BN_init(&point->Y);
+	BN_init(&point->Z);
+	point->Z_is_one = 0;
+
+	return 1;
+	}
+
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+	{
+	BN_free(&point->X);
+	BN_free(&point->Y);
+	BN_free(&point->Z);
+	}
+
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+	{
+	BN_clear_free(&point->X);
+	BN_clear_free(&point->Y);
+	BN_clear_free(&point->Z);
+	point->Z_is_one = 0;
+	}
+
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+	{
+	if (!BN_copy(&dest->X, &src->X)) return 0;
+	if (!BN_copy(&dest->Y, &src->Y)) return 0;
+	if (!BN_copy(&dest->Z, &src->Z)) return 0;
+	dest->Z_is_one = src->Z_is_one;
+
+	return 1;
+	}
+
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+	{
+	point->Z_is_one = 0;
+	return (BN_zero(&point->Z));
+	}
+
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	int ret = 0;
+	
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	if (x != NULL)
+		{
+		if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
+		if (group->meth->field_encode)
+			{
+			if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
+			}
+		}
+	
+	if (y != NULL)
+		{
+		if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
+		if (group->meth->field_encode)
+			{
+			if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
+			}
+		}
+	
+	if (z != NULL)
+		{
+		int Z_is_one;
+
+		if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
+		Z_is_one = BN_is_one(&point->Z);
+		if (group->meth->field_encode)
+			{
+			if (Z_is_one && (group->meth->field_set_to_one != 0))
+				{
+				if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
+				}
+			else
+				{
+				if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
+				}
+			}
+		point->Z_is_one = Z_is_one;
+		}
+	
+	ret = 1;
+	
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	int ret = 0;
+	
+	if (group->meth->field_decode != 0)
+		{
+		if (ctx == NULL)
+			{
+			ctx = new_ctx = BN_CTX_new();
+			if (ctx == NULL)
+				return 0;
+			}
+
+		if (x != NULL)
+			{
+			if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
+			}
+		if (y != NULL)
+			{
+			if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
+			}
+		if (z != NULL)
+			{
+			if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
+			}
+		}
+	else	
+		{
+		if (x != NULL)
+			{
+			if (!BN_copy(x, &point->X)) goto err;
+			}
+		if (y != NULL)
+			{
+			if (!BN_copy(y, &point->Y)) goto err;
+			}
+		if (z != NULL)
+			{
+			if (!BN_copy(z, &point->Z)) goto err;
+			}
+		}
+	
+	ret = 1;
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+	{
+	if (x == NULL || y == NULL)
+		{
+		/* unlike for projective coordinates, we do not tolerate this */
+		ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+
+	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
+	}
+
+
+int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3;
+	const BIGNUM *X_, *Y_, *Z_;
+	int ret = 0;
+
+	if (EC_POINT_is_at_infinity(group, point))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	X = BN_CTX_get(ctx);
+	Y = BN_CTX_get(ctx);
+	Z = BN_CTX_get(ctx);
+	Z_1 = BN_CTX_get(ctx);
+	Z_2 = BN_CTX_get(ctx);
+	Z_3 = BN_CTX_get(ctx);
+	if (Z_3 == NULL) goto err;
+
+	/* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+	
+	if (group->meth->field_decode)
+		{
+		if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err;
+		if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err;
+		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
+		X_ = X; Y_ = Y;	Z_ = Z;
+		}
+	else
+		{
+		X_ = &point->X;
+		Y_ = &point->Y;
+		Z_ = &point->Z;
+		}
+	
+	if (BN_is_one(Z_))
+		{
+		if (x != NULL)
+			{
+			if (!BN_copy(x, X_)) goto err;
+			}
+		if (y != NULL)
+			{
+			if (!BN_copy(y, Y_)) goto err;
+			}
+		}
+	else
+		{
+		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB);
+			goto err;
+			}
+		
+		if (group->meth->field_encode == 0)
+			{
+			/* field_sqr works on standard representation */
+			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
+			}
+		else
+			{
+			if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
+			}
+	
+		if (x != NULL)
+			{
+			if (group->meth->field_encode == 0)
+				{
+				/* field_mul works on standard representation */
+				if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err;
+				}
+			else
+				{
+				if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err;
+				}
+			}
+
+		if (y != NULL)
+			{
+			if (group->meth->field_encode == 0)
+				{
+				/* field_mul works on standard representation */
+				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
+				if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err;
+				
+				}
+			else
+				{
+				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
+				if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err;
+				}
+			}
+		}
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x_, int y_bit, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp1, *tmp2, *x, *y;
+	int ret = 0;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	y_bit = (y_bit != 0);
+
+	BN_CTX_start(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	tmp2 = BN_CTX_get(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+
+	/* Recover y.  We have a Weierstrass equation
+	 *     y^2 = x^3 + a*x + b,
+	 * so  y  is one of the square roots of  x^3 + a*x + b.
+	 */
+
+	/* tmp1 := x^3 */
+	if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
+	if (group->meth->field_decode == 0)
+		{
+		/* field_{sqr,mul} work on standard representation */
+		if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
+		if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
+		if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
+		}
+	
+	/* tmp1 := tmp1 + a*x */
+	if (group->a_is_minus3)
+		{
+		if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
+		if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
+		if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+		}
+	else
+		{
+		if (group->meth->field_decode)
+			{
+			if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
+			if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
+			}
+		else
+			{
+			/* field_mul works on standard representation */
+			if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
+			}
+		
+		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+		}
+	
+	/* tmp1 := tmp1 + b */
+	if (group->meth->field_decode)
+		{
+		if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
+		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+		}
+	else
+		{
+		if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
+		}
+	
+	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
+		{
+		unsigned long err = ERR_peek_error();
+		
+		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
+			{
+			(void)ERR_get_error();
+			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
+			}
+		else
+			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB);
+		goto err;
+		}
+	/* If tmp1 is not a square (i.e. there is no point on the curve with
+	 * our x), then y now is a nonsense value too */
+
+	if (y_bit != BN_is_odd(y))
+		{
+		if (BN_is_zero(y))
+			{
+			int kron;
+
+			kron = BN_kronecker(x, &group->field, ctx);
+			if (kron == -2) goto err;
+
+			if (kron == 1)
+				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT);
+			else
+				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
+			goto err;
+			}
+		if (!BN_usub(y, &group->field, y)) goto err;
+		}
+	if (y_bit != BN_is_odd(y))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+
+	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+	unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	size_t ret;
+	BN_CTX *new_ctx = NULL;
+	int used_ctx = 0;
+	BIGNUM *x, *y;
+	size_t field_len, i, skip;
+
+	if ((form != POINT_CONVERSION_COMPRESSED)
+		&& (form != POINT_CONVERSION_UNCOMPRESSED)
+		&& (form != POINT_CONVERSION_HYBRID))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+		goto err;
+		}
+
+	if (EC_POINT_is_at_infinity(group, point))
+		{
+		/* encodes to a single 0 octet */
+		if (buf != NULL)
+			{
+			if (len < 1)
+				{
+				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+				return 0;
+				}
+			buf[0] = 0;
+			}
+		return 1;
+		}
+
+
+	/* ret := required output buffer length */
+	field_len = BN_num_bytes(&group->field);
+	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+	/* if 'buf' is NULL, just return required length */
+	if (buf != NULL)
+		{
+		if (len < ret)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+			goto err;
+			}
+
+		if (ctx == NULL)
+			{
+			ctx = new_ctx = BN_CTX_new();
+			if (ctx == NULL)
+				return 0;
+			}
+
+		BN_CTX_start(ctx);
+		used_ctx = 1;
+		x = BN_CTX_get(ctx);
+		y = BN_CTX_get(ctx);
+		if (y == NULL) goto err;
+
+		if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+
+		if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+			buf[0] = form + 1;
+		else
+			buf[0] = form;
+	
+		i = 1;
+		
+		skip = field_len - BN_num_bytes(x);
+		if (skip > field_len)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		while (skip > 0)
+			{
+			buf[i++] = 0;
+			skip--;
+			}
+		skip = BN_bn2bin(x, buf + i);
+		i += skip;
+		if (i != 1 + field_len)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+
+		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
+			{
+			skip = field_len - BN_num_bytes(y);
+			if (skip > field_len)
+				{
+				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			while (skip > 0)
+				{
+				buf[i++] = 0;
+				skip--;
+				}
+			skip = BN_bn2bin(y, buf + i);
+			i += skip;
+			}
+
+		if (i != ret)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+	
+	if (used_ctx)
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+
+ err:
+	if (used_ctx)
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return 0;
+	}
+
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+	const unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	point_conversion_form_t form;
+	int y_bit;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x, *y;
+	size_t field_len, enc_len;
+	int ret = 0;
+
+	if (len == 0)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+		}
+	form = buf[0];
+	y_bit = form & 1;
+	form = form & ~1;
+	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
+		&& (form != POINT_CONVERSION_UNCOMPRESSED)
+		&& (form != POINT_CONVERSION_HYBRID))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+
+	if (form == 0)
+		{
+		if (len != 1)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+			return 0;
+			}
+
+		return EC_POINT_set_to_infinity(group, point);
+		}
+	
+	field_len = BN_num_bytes(&group->field);
+	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+	if (len != enc_len)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+
+	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
+	if (BN_ucmp(x, &group->field) >= 0)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		goto err;
+		}
+
+	if (form == POINT_CONVERSION_COMPRESSED)
+		{
+		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
+		if (BN_ucmp(y, &group->field) >= 0)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+			goto err;
+			}
+		if (form == POINT_CONVERSION_HYBRID)
+			{
+			if (y_bit != BN_is_odd(y))
+				{
+				ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+				goto err;
+				}
+			}
+
+		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+		}
+	
+	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+		goto err;
+		}
+
+	ret = 1;
+	
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	const BIGNUM *p;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+	int ret = 0;
+	
+	if (a == b)
+		return EC_POINT_dbl(group, r, a, ctx);
+	if (EC_POINT_is_at_infinity(group, a))
+		return EC_POINT_copy(r, b);
+	if (EC_POINT_is_at_infinity(group, b))
+		return EC_POINT_copy(r, a);
+	
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+	p = &group->field;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	n4 = BN_CTX_get(ctx);
+	n5 = BN_CTX_get(ctx);
+	n6 = BN_CTX_get(ctx);
+	if (n6 == NULL) goto end;
+
+	/* Note that in this function we must not read components of 'a' or 'b'
+	 * once we have written the corresponding components of 'r'.
+	 * ('r' might be one of 'a' or 'b'.)
+	 */
+
+	/* n1, n2 */
+	if (b->Z_is_one)
+		{
+		if (!BN_copy(n1, &a->X)) goto end;
+		if (!BN_copy(n2, &a->Y)) goto end;
+		/* n1 = X_a */
+		/* n2 = Y_a */
+		}
+	else
+		{
+		if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
+		if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
+		/* n1 = X_a * Z_b^2 */
+
+		if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
+		if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
+		/* n2 = Y_a * Z_b^3 */
+		}
+
+	/* n3, n4 */
+	if (a->Z_is_one)
+		{
+		if (!BN_copy(n3, &b->X)) goto end;
+		if (!BN_copy(n4, &b->Y)) goto end;
+		/* n3 = X_b */
+		/* n4 = Y_b */
+		}
+	else
+		{
+		if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
+		if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
+		/* n3 = X_b * Z_a^2 */
+
+		if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
+		if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
+		/* n4 = Y_b * Z_a^3 */
+		}
+
+	/* n5, n6 */
+	if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
+	if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
+	/* n5 = n1 - n3 */
+	/* n6 = n2 - n4 */
+
+	if (BN_is_zero(n5))
+		{
+		if (BN_is_zero(n6))
+			{
+			/* a is the same point as b */
+			BN_CTX_end(ctx);
+			ret = EC_POINT_dbl(group, r, a, ctx);
+			ctx = NULL;
+			goto end;
+			}
+		else
+			{
+			/* a is the inverse of b */
+			if (!BN_zero(&r->Z)) goto end;
+			r->Z_is_one = 0;
+			ret = 1;
+			goto end;
+			}
+		}
+
+	/* 'n7', 'n8' */
+	if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
+	if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
+	/* 'n7' = n1 + n3 */
+	/* 'n8' = n2 + n4 */
+
+	/* Z_r */
+	if (a->Z_is_one && b->Z_is_one)
+		{
+		if (!BN_copy(&r->Z, n5)) goto end;
+		}
+	else
+		{
+		if (a->Z_is_one)
+			{ if (!BN_copy(n0, &b->Z)) goto end; }
+		else if (b->Z_is_one)
+			{ if (!BN_copy(n0, &a->Z)) goto end; }
+		else
+			{ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
+		if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
+		}
+	r->Z_is_one = 0;
+	/* Z_r = Z_a * Z_b * n5 */
+
+	/* X_r */
+	if (!field_sqr(group, n0, n6, ctx)) goto end;
+	if (!field_sqr(group, n4, n5, ctx)) goto end;
+	if (!field_mul(group, n3, n1, n4, ctx)) goto end;
+	if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
+	/* X_r = n6^2 - n5^2 * 'n7' */
+	
+	/* 'n9' */
+	if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
+	if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
+	/* n9 = n5^2 * 'n7' - 2 * X_r */
+
+	/* Y_r */
+	if (!field_mul(group, n0, n0, n6, ctx)) goto end;
+	if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
+	if (!field_mul(group, n1, n2, n5, ctx)) goto end;
+	if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
+	if (BN_is_odd(n0))
+		if (!BN_add(n0, n0, p)) goto end;
+	/* now  0 <= n0 < 2*p,  and n0 is even */
+	if (!BN_rshift1(&r->Y, n0)) goto end;
+	/* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+	ret = 1;
+
+ end:
+	if (ctx) /* otherwise we already called BN_CTX_end */
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+	{
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	const BIGNUM *p;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *n0, *n1, *n2, *n3;
+	int ret = 0;
+	
+	if (EC_POINT_is_at_infinity(group, a))
+		{
+		if (!BN_zero(&r->Z)) return 0;
+		r->Z_is_one = 0;
+		return 1;
+		}
+
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+	p = &group->field;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	if (n3 == NULL) goto err;
+
+	/* Note that in this function we must not read components of 'a'
+	 * once we have written the corresponding components of 'r'.
+	 * ('r' might the same as 'a'.)
+	 */
+
+	/* n1 */
+	if (a->Z_is_one)
+		{
+		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
+		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
+		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
+		if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
+		/* n1 = 3 * X_a^2 + a_curve */
+		}
+	else if (group->a_is_minus3)
+		{
+		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
+		if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
+		if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
+		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
+		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
+		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
+		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+		 *    = 3 * X_a^2 - 3 * Z_a^4 */
+		}
+	else
+		{
+		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
+		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
+		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
+		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
+		if (!field_sqr(group, n1, n1, ctx)) goto err;
+		if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
+		if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
+		/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+		}
+
+	/* Z_r */
+	if (a->Z_is_one)
+		{
+		if (!BN_copy(n0, &a->Y)) goto err;
+		}
+	else
+		{
+		if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
+		}
+	if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
+	r->Z_is_one = 0;
+	/* Z_r = 2 * Y_a * Z_a */
+
+	/* n2 */
+	if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
+	if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
+	if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
+	/* n2 = 4 * X_a * Y_a^2 */
+
+	/* X_r */
+	if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
+	if (!field_sqr(group, &r->X, n1, ctx)) goto err;
+	if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
+	/* X_r = n1^2 - 2 * n2 */
+	
+	/* n3 */
+	if (!field_sqr(group, n0, n3, ctx)) goto err;
+	if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
+	/* n3 = 8 * Y_a^4 */
+	
+	/* Y_r */
+	if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
+	if (!field_mul(group, n0, n1, n0, ctx)) goto err;
+	if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
+	/* Y_r = n1 * (n2 - X_r) - n3 */
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+		/* point is its own inverse */
+		return 1;
+	
+	return BN_usub(&point->Y, &group->field, &point->Y);
+	}
+
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+	{
+	return BN_is_zero(&point->Z);
+	}
+
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+	{
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	const BIGNUM *p;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6;
+	int ret = -1;
+
+	if (EC_POINT_is_at_infinity(group, point))
+		return 1;
+	
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+	p = &group->field;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return -1;
+		}
+
+	BN_CTX_start(ctx);
+	rh = BN_CTX_get(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	tmp2 = BN_CTX_get(ctx);
+	Z4 = BN_CTX_get(ctx);
+	Z6 = BN_CTX_get(ctx);
+	if (Z6 == NULL) goto err;
+
+	/* We have a curve defined by a Weierstrass equation
+	 *      y^2 = x^3 + a*x + b.
+	 * The point to consider is given in Jacobian projective coordinates
+	 * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+	 * Substituting this and multiplying by  Z^6  transforms the above equation into
+	 *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+	 * To test this, we add up the right-hand side in 'rh'.
+	 */
+
+	/* rh := X^3 */
+	if (!field_sqr(group, rh, &point->X, ctx)) goto err;
+	if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
+
+	if (!point->Z_is_one)
+		{
+		if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err;
+		if (!field_sqr(group, Z4, tmp1, ctx)) goto err;
+		if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err;
+
+		/* rh := rh + a*X*Z^4 */
+		if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err;
+		if (group->a_is_minus3)
+			{
+			if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err;
+			if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err;
+			if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+			}
+		else
+			{
+			if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err;
+			if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+			}
+
+		/* rh := rh + b*Z^6 */
+		if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err;
+		if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err;
+		}
+	else
+		{
+		/* point->Z_is_one */
+
+		/* rh := rh + a*X */
+		if (group->a_is_minus3)
+			{
+			if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err;
+			if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err;
+			if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+			}
+		else
+			{
+			if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err;
+			if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+			}
+
+		/* rh := rh + b */
+		if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
+		}
+
+	/* 'lh' := Y^2 */
+	if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err;
+
+	ret = (0 == BN_cmp(tmp1, rh));
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	/* return values:
+	 *  -1   error
+	 *   0   equal (in affine coordinates)
+	 *   1   not equal
+	 */
+
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+	const BIGNUM *tmp1_, *tmp2_;
+	int ret = -1;
+	
+	if (EC_POINT_is_at_infinity(group, a))
+		{
+		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+		}
+	
+	if (a->Z_is_one && b->Z_is_one)
+		{
+		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+		}
+
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return -1;
+		}
+
+	BN_CTX_start(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	tmp2 = BN_CTX_get(ctx);
+	Za23 = BN_CTX_get(ctx);
+	Zb23 = BN_CTX_get(ctx);
+	if (Zb23 == NULL) goto end;
+
+	/* We have to decide whether
+	 *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+	 * or equivalently, whether
+	 *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+	 */
+
+	if (!b->Z_is_one)
+		{
+		if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
+		if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
+		tmp1_ = tmp1;
+		}
+	else
+		tmp1_ = &a->X;
+	if (!a->Z_is_one)
+		{
+		if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
+		if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
+		tmp2_ = tmp2;
+		}
+	else
+		tmp2_ = &b->X;
+	
+	/* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+	if (BN_cmp(tmp1_, tmp2_) != 0)
+		{
+		ret = 1; /* points differ */
+		goto end;
+		}
+
+
+	if (!b->Z_is_one)
+		{
+		if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
+		if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
+		/* tmp1_ = tmp1 */
+		}
+	else
+		tmp1_ = &a->Y;
+	if (!a->Z_is_one)
+		{
+		if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
+		if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
+		/* tmp2_ = tmp2 */
+		}
+	else
+		tmp2_ = &b->Y;
+
+	/* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+	if (BN_cmp(tmp1_, tmp2_) != 0)
+		{
+		ret = 1; /* points differ */
+		goto end;
+		}
+
+	/* points are equal */
+	ret = 0;
+
+ end:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x, *y;
+	int ret = 0;
+
+	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+		return 1;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+	if (!point->Z_is_one)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp0, *tmp1;
+	size_t pow2 = 0;
+	BIGNUM **heap = NULL;
+	size_t i;
+	int ret = 0;
+
+	if (num == 0)
+		return 1;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	tmp0 = BN_CTX_get(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	if (tmp0  == NULL || tmp1 == NULL) goto err;
+
+	/* Before converting the individual points, compute inverses of all Z values.
+	 * Modular inversion is rather slow, but luckily we can do with a single
+	 * explicit inversion, plus about 3 multiplications per input value.
+	 */
+
+	pow2 = 1;
+	while (num > pow2)
+		pow2 <<= 1;
+	/* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
+	 * We need twice that. */
+	pow2 <<= 1;
+
+	heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
+	if (heap == NULL) goto err;
+	
+	/* The array is used as a binary tree, exactly as in heapsort:
+	 *
+	 *                               heap[1]
+	 *                 heap[2]                     heap[3]
+	 *          heap[4]       heap[5]       heap[6]       heap[7]
+	 *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
+	 *
+	 * We put the Z's in the last line;
+	 * then we set each other node to the product of its two child-nodes (where
+	 * empty or 0 entries are treated as ones);
+	 * then we invert heap[1];
+	 * then we invert each other node by replacing it by the product of its
+	 * parent (after inversion) and its sibling (before inversion).
+	 */
+	heap[0] = NULL;
+	for (i = pow2/2 - 1; i > 0; i--)
+		heap[i] = NULL;
+	for (i = 0; i < num; i++)
+		heap[pow2/2 + i] = &points[i]->Z;
+	for (i = pow2/2 + num; i < pow2; i++)
+		heap[i] = NULL;
+	
+	/* set each node to the product of its children */
+	for (i = pow2/2 - 1; i > 0; i--)
+		{
+		heap[i] = BN_new();
+		if (heap[i] == NULL) goto err;
+		
+		if (heap[2*i] != NULL)
+			{
+			if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
+				{
+				if (!BN_copy(heap[i], heap[2*i])) goto err;
+				}
+			else
+				{
+				if (BN_is_zero(heap[2*i]))
+					{
+					if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
+					}
+				else
+					{
+					if (!group->meth->field_mul(group, heap[i],
+						heap[2*i], heap[2*i + 1], ctx)) goto err;
+					}
+				}
+			}
+		}
+
+	/* invert heap[1] */
+	if (!BN_is_zero(heap[1]))
+		{
+		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+			goto err;
+			}
+		}
+	if (group->meth->field_encode != 0)
+		{
+		/* in the Montgomery case, we just turned  R*H  (representing H)
+		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
+		 * i.e. we have need to multiply by the Montgomery factor twice */
+		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+		}
+
+	/* set other heap[i]'s to their inverses */
+	for (i = 2; i < pow2/2 + num; i += 2)
+		{
+		/* i is even */
+		if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
+			{
+			if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
+			if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
+			if (!BN_copy(heap[i], tmp0)) goto err;
+			if (!BN_copy(heap[i + 1], tmp1)) goto err;
+			}
+		else
+			{
+			if (!BN_copy(heap[i], heap[i/2])) goto err;
+			}
+		}
+
+	/* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+	for (i = 0; i < num; i++)
+		{
+		EC_POINT *p = points[i];
+		
+		if (!BN_is_zero(&p->Z))
+			{
+			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+			if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+
+			if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
+		
+			if (group->meth->field_set_to_one != 0)
+				{
+				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
+				}
+			else
+				{
+				if (!BN_one(&p->Z)) goto err;
+				}
+			p->Z_is_one = 1;
+			}
+		}
+
+	ret = 1;
+		
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (heap != NULL)
+		{
+		/* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
+		for (i = pow2/2 - 1; i > 0; i--)
+			{
+			if (heap[i] != NULL)
+				BN_clear_free(heap[i]);
+			}
+		OPENSSL_free(heap);
+		}
+	return ret;
+	}
+
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	return BN_mod_mul(r, a, b, &group->field, ctx);
+	}
+
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	return BN_mod_sqr(r, a, &group->field, ctx);
+	}
diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c
new file mode 100644
index 0000000..5d7b6b2
--- /dev/null
+++ b/crypto/openssl/crypto/ec/ectest.c
@@ -0,0 +1,639 @@
+/* crypto/ec/ectest.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+#else
+
+
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+#define ABORT do { \
+	fflush(stdout); \
+	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+	ERR_print_errors_fp(stderr); \
+	EXIT(1); \
+} while (0)
+
+#if 0
+static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
+	{
+	clock_t clck;
+	int i, j;
+	BIGNUM *s, *s0;
+	EC_POINT *P;
+		
+	s = BN_new();
+	s0 = BN_new();
+	if (s == NULL || s0 == NULL) ABORT;
+
+	if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT;
+	fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s));
+	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
+	fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s));
+	fflush(stdout);
+
+	P = EC_POINT_new(group);
+	if (P == NULL) ABORT;
+	EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+	clck = clock();
+	for (i = 0; i < 10; i++)
+		{
+		if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT;
+		if (multi)
+			{
+			if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT;
+			}
+		for (j = 0; j < 10; j++)
+			{
+			if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT;
+			}
+		fprintf(stdout, ".");
+		fflush(stdout);
+		}
+	fprintf(stdout, "\n");
+	
+	clck = clock() - clck;
+
+#ifdef CLOCKS_PER_SEC
+	/* "To determine the time in seconds, the value returned
+	 * by the clock function should be divided by the value
+	 * of the macro CLOCKS_PER_SEC."
+	 *                                       -- ISO/IEC 9899 */
+#	define UNIT "s"
+#else
+	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+	 *                            -- cc on NeXTstep/OpenStep */
+#	define UNIT "units"
+#	define CLOCKS_PER_SEC 1
+#endif
+
+	fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+		multi ? "s*P+t*Q operations" : "point multiplications",
+		(double)clck/CLOCKS_PER_SEC);
+	fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
+
+	EC_POINT_free(P);
+	BN_free(s);
+	BN_free(s0);
+	}
+#endif
+
+int main(int argc, char *argv[])
+	{	
+	BN_CTX *ctx = NULL;
+	BIGNUM *p, *a, *b;
+	EC_GROUP *group;
+	EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+	EC_POINT *P, *Q, *R;
+	BIGNUM *x, *y, *z;
+	unsigned char buf[100];
+	size_t i, len;
+	int k;
+	
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+	ERR_load_crypto_strings();
+
+#if 1 /* optional */
+	ctx = BN_CTX_new();
+	if (!ctx) ABORT;
+#endif
+
+	p = BN_new();
+	a = BN_new();
+	b = BN_new();
+	if (!p || !a || !b) ABORT;
+
+	if (!BN_hex2bn(&p, "17")) ABORT;
+	if (!BN_hex2bn(&a, "1")) ABORT;
+	if (!BN_hex2bn(&b, "1")) ABORT;
+	
+	group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+	                                             * so that the library gets to choose the EC_METHOD */
+	if (!group) ABORT;
+
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	{
+		EC_GROUP *tmp;
+		tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+		if (!tmp) ABORT;
+		if (!EC_GROUP_copy(tmp, group));
+		EC_GROUP_free(group);
+		group = tmp;
+	}
+	
+	if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
+	BN_print_fp(stdout, p);
+	fprintf(stdout, ")\n     a = 0x");
+	BN_print_fp(stdout, a);
+	fprintf(stdout, "\n     b = 0x");
+	BN_print_fp(stdout, b);
+	fprintf(stdout, "\n");
+
+	P = EC_POINT_new(group);
+	Q = EC_POINT_new(group);
+	R = EC_POINT_new(group);
+	if (!P || !Q || !R) ABORT;
+	
+	if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	buf[0] = 0;
+	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	x = BN_new();
+	y = BN_new();
+	z = BN_new();
+	if (!x || !y || !z) ABORT;
+
+	if (!BN_hex2bn(&x, "D")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, Q, ctx))
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+		fprintf(stderr, "Point is not on curve: x = 0x");
+		BN_print_fp(stderr, x);
+		fprintf(stderr, ", y = 0x");
+		BN_print_fp(stderr, y);
+		fprintf(stderr, "\n");
+		ABORT;
+		}
+
+	fprintf(stdout, "A cyclic subgroup:\n");
+	k = 100;
+	do
+		{
+		if (k-- == 0) ABORT;
+
+		if (EC_POINT_is_at_infinity(group, P))
+			fprintf(stdout, "     point at infinity\n");
+		else
+			{
+			if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+
+			fprintf(stdout, "     x = 0x");
+			BN_print_fp(stdout, x);
+			fprintf(stdout, ", y = 0x");
+			BN_print_fp(stdout, y);
+			fprintf(stdout, "\n");
+			}
+		
+		if (!EC_POINT_copy(R, P)) ABORT;
+		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+
+#if 0 /* optional */
+		{
+			EC_POINT *points[3];
+		
+			points[0] = R;
+			points[1] = Q;
+			points[2] = P;
+			if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
+		}
+#endif
+
+		}
+	while (!EC_POINT_is_at_infinity(group, P));
+
+	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "Generator as octect string, compressed form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "\nGenerator as octect string, hybrid form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+	if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
+	fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, ", Y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, ", Z = 0x");
+	BN_print_fp(stdout, z);
+	fprintf(stdout, "\n");
+
+	if (!EC_POINT_invert(group, P, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+	/* Curve P-192 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_192, group)) ABORT;
+
+
+	/* Curve P-224 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
+	if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_224, group)) ABORT;
+
+
+	/* Curve P-256 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+		"84F3B9CAC2FC632551")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_256, group)) ABORT;
+
+
+	/* Curve P-384 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+		"120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+		"7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_384, group)) ABORT;
+
+
+	/* Curve P-521 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+		"DF883D2C34F1EF451FD46B503F00")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+		"C9B8899C47AEBB6FB71E91386409")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+		"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+		"7086A272C24088BE94769FD16650")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
+	/* more tests using the last curve */
+
+	if (!EC_POINT_copy(Q, P)) ABORT;
+	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+	{
+		const EC_POINT *points[3];
+		const BIGNUM *scalars[3];
+	
+		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+		points[0] = Q;
+		points[1] = Q;
+		points[2] = Q;
+
+		if (!BN_add(y, z, BN_value_one())) ABORT;
+		if (BN_is_odd(y)) ABORT;
+		if (!BN_rshift1(y, y)) ABORT;
+		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+		scalars[1] = y;
+
+		fprintf(stdout, "combined multiplication ...");
+		fflush(stdout);
+
+		/* z is still the group order */
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+		if (!BN_add(z, z, y)) ABORT;
+		z->neg = 1;
+		scalars[0] = y;
+		scalars[1] = z; /* z = -(order + y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+		if (!BN_add(z, x, y)) ABORT;
+		z->neg = 1;
+		scalars[0] = x;
+		scalars[1] = y;
+		scalars[2] = z; /* z = -(x+y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, " ok\n\n");
+	}
+
+
+#if 0
+	timings(P_192, 0, ctx);
+	timings(P_192, 1, ctx);
+	timings(P_224, 0, ctx);
+	timings(P_224, 1, ctx);
+	timings(P_256, 0, ctx);
+	timings(P_256, 1, ctx);
+	timings(P_384, 0, ctx);
+	timings(P_384, 1, ctx);
+	timings(P_521, 0, ctx);
+	timings(P_521, 1, ctx);
+#endif
+
+
+	if (ctx)
+		BN_CTX_free(ctx);
+	BN_free(p); BN_free(a);	BN_free(b);
+	EC_GROUP_free(group);
+	EC_POINT_free(P);
+	EC_POINT_free(Q);
+	EC_POINT_free(R);
+	BN_free(x); BN_free(y); BN_free(z);
+
+	if (P_192) EC_GROUP_free(P_192);
+	if (P_224) EC_GROUP_free(P_224);
+	if (P_256) EC_GROUP_free(P_256);
+	if (P_384) EC_GROUP_free(P_384);
+	if (P_521) EC_GROUP_free(P_521);
+
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+	ERR_free_strings();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	
+	return 0;
+	}
+#endif
diff --git a/crypto/openssl/crypto/engine/Makefile.ssl b/crypto/openssl/crypto/engine/Makefile.ssl
new file mode 100644
index 0000000..cecc06f
--- /dev/null
+++ b/crypto/openssl/crypto/engine/Makefile.ssl
@@ -0,0 +1,538 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=	engine
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+	tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+	eng_openssl.c eng_dyn.c eng_cnf.c \
+	hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+	hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+	eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+	tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+	eng_openssl.o eng_dyn.o eng_cnf.o \
+	hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+	hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+errors:
+	$(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+		-nostatic -staticloader -write hw_*.c
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/crypto/openssl/crypto/engine/README b/crypto/openssl/crypto/engine/README
new file mode 100644
index 0000000..6b69b70
--- /dev/null
+++ b/crypto/openssl/crypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly; 
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independant of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a gracefull restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can interally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome: geoff@openssl.org
+
diff --git a/crypto/openssl/crypto/engine/eng_all.c b/crypto/openssl/crypto/engine/eng_all.c
new file mode 100644
index 0000000..e4d48da
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_all.c
@@ -0,0 +1,113 @@
+/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+	{
+	/* There's no longer any need for an "openssl" ENGINE unless, one day,
+	 * it is the *only* way for standard builtin implementations to be be
+	 * accessed (ie. it would be possible to statically link binaries with
+	 * *no* builtin implementations). */
+#if 0
+	ENGINE_load_openssl();
+#endif
+	ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+	ENGINE_load_cswift();
+#endif
+#ifndef OPENSSL_NO_HW_NCIPHER
+	ENGINE_load_chil();
+#endif
+#ifndef OPENSSL_NO_HW_ATALLA
+	ENGINE_load_atalla();
+#endif
+#ifndef OPENSSL_NO_HW_NURON
+	ENGINE_load_nuron();
+#endif
+#ifndef OPENSSL_NO_HW_UBSEC
+	ENGINE_load_ubsec();
+#endif
+#ifndef OPENSSL_NO_HW_AEP
+	ENGINE_load_aep();
+#endif
+#ifndef OPENSSL_NO_HW_SUREWARE
+	ENGINE_load_sureware();
+#endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+	ENGINE_load_4758cca();
+#endif
+#ifdef __OpenBSD__
+	ENGINE_load_cryptodev();
+#endif
+#endif
+	}
+
+#ifdef __OpenBSD__
+void ENGINE_setup_openbsd(void) {
+	static int openbsd_default_loaded = 0;
+	if (!openbsd_default_loaded) {
+		ENGINE_load_cryptodev();
+		ENGINE_register_all_complete();
+	}
+	openbsd_default_loaded=1;
+}
+#endif
diff --git a/crypto/openssl/crypto/engine/eng_cnf.c b/crypto/openssl/crypto/engine/eng_cnf.c
new file mode 100644
index 0000000..cdf6709
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_cnf.c
@@ -0,0 +1,242 @@
+/* eng_cnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static char *skip_dot(char *name)
+	{
+	char *p;
+	p = strchr(name, '.');
+	if (p)
+		return p + 1;
+	return name;
+	}
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+	{
+	if (!ENGINE_init(e))
+		return 0;
+	if (!initialized_engines)
+		initialized_engines = sk_ENGINE_new_null();
+	if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
+		{
+		ENGINE_finish(e);
+		return 0;
+		}
+	return 1;
+	}
+	
+
+static int int_engine_configure(char *name, char *value, const CONF *cnf)
+	{
+	int i;
+	int ret = 0;
+	long do_init = -1;
+	STACK_OF(CONF_VALUE) *ecmds;
+	CONF_VALUE *ecmd;
+	char *ctrlname, *ctrlvalue;
+	ENGINE *e = NULL;
+	name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+	fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+	/* Value is a section containing ENGINE commands */
+	ecmds = NCONF_get_section(cnf, value);
+
+	if (!ecmds)
+		{
+		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
+		return 0;
+		}
+
+	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
+		{
+		ecmd = sk_CONF_VALUE_value(ecmds, i);
+		ctrlname = skip_dot(ecmd->name);
+		ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
+#endif
+
+		/* First handle some special pseudo ctrls */
+
+		/* Override engine name to use */
+		if (!strcmp(ctrlname, "engine_id"))
+			name = ctrlvalue;
+		/* Load a dynamic ENGINE */
+		else if (!strcmp(ctrlname, "dynamic_path"))
+			{
+			e = ENGINE_by_id("dynamic");
+			if (!e)
+				goto err;
+			if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+				goto err;
+			if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+				goto err;
+			if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+				goto err;
+			}
+		/* ... add other pseudos here ... */
+		else
+			{
+			/* At this point we need an ENGINE structural reference
+			 * if we don't already have one.
+			 */
+			if (!e)
+				{
+				e = ENGINE_by_id(name);
+				if (!e)
+					return 0;
+				}
+			/* Allow "EMPTY" to mean no value: this allows a valid
+			 * "value" to be passed to ctrls of type NO_INPUT
+		 	 */
+			if (!strcmp(ctrlvalue, "EMPTY"))
+				ctrlvalue = NULL;
+			else if (!strcmp(ctrlname, "init"))
+				{
+				if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+					goto err;
+				if (do_init == 1)
+					{
+					if (!int_engine_init(e))
+						goto err;
+					}
+				else if (do_init != 0)
+					{
+					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
+					goto err;
+					}
+				}
+			else if (!strcmp(ctrlname, "default_algorithms"))
+				{
+				if (!ENGINE_set_default_string(e, ctrlvalue))
+					goto err;
+				}
+			else if (!ENGINE_ctrl_cmd_string(e,
+					ctrlname, ctrlvalue, 0))
+				return 0;
+			}
+
+
+
+		}
+	if (e && (do_init == -1) && !int_engine_init(e))
+		goto err;
+	ret = 1;
+	err:
+	if (e)
+		ENGINE_free(e);
+	return ret;
+	}
+
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+	{
+	STACK_OF(CONF_VALUE) *elist;
+	CONF_VALUE *cval;
+	int i;
+#ifdef ENGINE_CONF_DEBUG
+	fprintf(stderr, "Called engine module: name %s, value %s\n",
+			CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+	/* Value is a section containing ENGINEs to configure */
+	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+	if (!elist)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
+		return 0;
+		}
+
+	for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
+		{
+		cval = sk_CONF_VALUE_value(elist, i);
+		if (!int_engine_configure(cval->name, cval->value, cnf))
+			return 0;
+		}
+
+	return 1;
+	}
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+	{
+	ENGINE *e;
+	while ((e = sk_ENGINE_pop(initialized_engines)))
+		ENGINE_finish(e);
+	sk_ENGINE_free(initialized_engines);
+	initialized_engines = NULL;
+	}
+	
+
+void ENGINE_add_conf_module(void)
+	{
+	CONF_module_add("engines",
+			int_engine_module_init,
+			int_engine_module_finish);
+	}
diff --git a/crypto/openssl/crypto/engine/eng_ctrl.c b/crypto/openssl/crypto/engine/eng_ctrl.c
new file mode 100644
index 0000000..ad38583
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_ctrl.c
@@ -0,0 +1,387 @@
+/* crypto/engine/eng_ctrl.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* When querying a ENGINE-specific control command's 'description', this string
+ * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+static const char *int_no_description = "";
+
+/* These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+	{
+	if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+		return 1;
+	return 0;
+	}
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+	{
+	int idx = 0;
+	while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
+		{
+		idx++;
+		defn++;
+		}
+	if(int_ctrl_cmd_is_null(defn))
+		/* The given name wasn't found */
+		return -1;
+	return idx;
+	}
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+	{
+	int idx = 0;
+	/* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+	 * our searches don't need to take any longer than necessary. */
+	while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
+		{
+		idx++;
+		defn++;
+		}
+	if(defn->cmd_num == num)
+		return idx;
+	/* The given cmd_num wasn't found */
+	return -1;
+	}
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int idx;
+	char *s = (char *)p;
+	/* Take care of the easy one first (eg. it requires no searches) */
+	if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
+		{
+		if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+			return 0;
+		return e->cmd_defns->cmd_num;
+		}
+	/* One or two commands require that "p" be a valid string buffer */
+	if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+			(cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+			(cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
+		{
+		if(s == NULL)
+			{
+			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+				ERR_R_PASSED_NULL_PARAMETER);
+			return -1;
+			}
+		}
+	/* Now handle cmd_name -> cmd_num conversion */
+	if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
+		{
+		if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
+						e->cmd_defns, s)) < 0))
+			{
+			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+				ENGINE_R_INVALID_CMD_NAME);
+			return -1;
+			}
+		return e->cmd_defns[idx].cmd_num;
+		}
+	/* For the rest of the commands, the 'long' argument must specify a
+	 * valie command number - so we need to conduct a search. */
+	if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+					(unsigned int)i)) < 0))
+		{
+		ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+			ENGINE_R_INVALID_CMD_NUMBER);
+		return -1;
+		}
+	/* Now the logic splits depending on command type */
+	switch(cmd)
+		{
+	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+		idx++;
+		if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
+			/* end-of-list */
+			return 0;
+		else
+			return e->cmd_defns[idx].cmd_num;
+	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+		return strlen(e->cmd_defns[idx].cmd_name);
+	case ENGINE_CTRL_GET_NAME_FROM_CMD:
+		return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
+	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+		if(e->cmd_defns[idx].cmd_desc)
+			return strlen(e->cmd_defns[idx].cmd_desc);
+		return strlen(int_no_description);
+	case ENGINE_CTRL_GET_DESC_FROM_CMD:
+		if(e->cmd_defns[idx].cmd_desc)
+			return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
+		return sprintf(s, "%s", int_no_description);
+	case ENGINE_CTRL_GET_CMD_FLAGS:
+		return e->cmd_defns[idx].cmd_flags;
+		}
+	/* Shouldn't really be here ... */
+	ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
+	return -1;
+	}
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int ctrl_exists, ref_exists;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+	if(!ref_exists)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+		return 0;
+		}
+	/* Intercept any "root-level" commands before trying to hand them on to
+	 * ctrl() handlers. */
+	switch(cmd)
+		{
+	case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+		return ctrl_exists;
+	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+	case ENGINE_CTRL_GET_CMD_FROM_NAME:
+	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+	case ENGINE_CTRL_GET_NAME_FROM_CMD:
+	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+	case ENGINE_CTRL_GET_DESC_FROM_CMD:
+	case ENGINE_CTRL_GET_CMD_FLAGS:
+		if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+			return int_ctrl_helper(e,cmd,i,p,f);
+		if(!ctrl_exists)
+			{
+			ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+			/* For these cmd-related functions, failure is indicated
+			 * by a -1 return value (because 0 is used as a valid
+			 * return in some places). */
+			return -1;
+			}
+	default:
+		break;
+		}
+	/* Anything else requires a ctrl() handler to exist. */
+	if(!ctrl_exists)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+		return 0;
+		}
+	return e->ctrl(e, cmd, i, p, f);
+	}
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+	{
+	int flags;
+	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+			ENGINE_R_INVALID_CMD_NUMBER);
+		return 0;
+		}
+	if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+			!(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+			!(flags & ENGINE_CMD_FLAG_STRING))
+		return 0;
+	return 1;
+	}
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional)
+        {
+	int num;
+
+	if((e == NULL) || (cmd_name == NULL))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+					ENGINE_CTRL_GET_CMD_FROM_NAME,
+					0, (void *)cmd_name, NULL)) <= 0))
+		{
+		/* If the command didn't *have* to be supported, we fake
+		 * success. This allows certain settings to be specified for
+		 * multiple ENGINEs and only require a change of ENGINE id
+		 * (without having to selectively apply settings). Eg. changing
+		 * from a hardware device back to the regular software ENGINE
+		 * without editing the config file, etc. */
+		if(cmd_optional)
+			{
+			ERR_clear_error();
+			return 1;
+			}
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
+			ENGINE_R_INVALID_CMD_NAME);
+		return 0;
+		}
+	/* Force the result of the control command to 0 or 1, for the reasons
+	 * mentioned before. */
+        if (ENGINE_ctrl(e, num, i, p, f))
+                return 1;
+        return 0;
+        }
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+				int cmd_optional)
+	{
+	int num, flags;
+	long l;
+	char *ptr;
+	if((e == NULL) || (cmd_name == NULL))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+					ENGINE_CTRL_GET_CMD_FROM_NAME,
+					0, (void *)cmd_name, NULL)) <= 0))
+		{
+		/* If the command didn't *have* to be supported, we fake
+		 * success. This allows certain settings to be specified for
+		 * multiple ENGINEs and only require a change of ENGINE id
+		 * (without having to selectively apply settings). Eg. changing
+		 * from a hardware device back to the regular software ENGINE
+		 * without editing the config file, etc. */
+		if(cmd_optional)
+			{
+			ERR_clear_error();
+			return 1;
+			}
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_INVALID_CMD_NAME);
+		return 0;
+		}
+	if(!ENGINE_cmd_is_executable(e, num))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_CMD_NOT_EXECUTABLE);
+		return 0;
+		}
+	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
+		{
+		/* Shouldn't happen, given that ENGINE_cmd_is_executable()
+		 * returned success. */
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		return 0;
+		}
+	/* If the command takes no input, there must be no input. And vice
+	 * versa. */
+	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+		{
+		if(arg != NULL)
+			{
+			ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+				ENGINE_R_COMMAND_TAKES_NO_INPUT);
+			return 0;
+			}
+		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1
+		 * rather than returning it as "return data". This is to ensure
+		 * usage of these commands is consistent across applications and
+		 * that certain applications don't understand it one way, and
+		 * others another. */
+		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+			return 1;
+		return 0;
+		}
+	/* So, we require input */
+	if(arg == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_COMMAND_TAKES_INPUT);
+		return 0;
+		}
+	/* If it takes string input, that's easy */
+	if(flags & ENGINE_CMD_FLAG_STRING)
+		{
+		/* Same explanation as above */
+		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+			return 1;
+		return 0;
+		}
+	/* If it doesn't take numeric either, then it is unsupported for use in
+	 * a config-setting situation, which is what this function is for. This
+	 * should never happen though, because ENGINE_cmd_is_executable() was
+	 * used. */
+	if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		return 0;
+		}
+	l = strtol(arg, &ptr, 10);
+	if((arg == ptr) || (*ptr != '\0'))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+		return 0;
+		}
+	/* Force the result of the control command to 0 or 1, for the reasons
+	 * mentioned before. */
+	if(ENGINE_ctrl(e, num, l, NULL, NULL))
+		return 1;
+	return 0;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_dyn.c b/crypto/openssl/crypto/engine/eng_dyn.c
new file mode 100644
index 0000000..4139a16
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_dyn.c
@@ -0,0 +1,460 @@
+/* crypto/engine/eng_dyn.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+
+/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
+ * should implement the hook-up functions with the following prototypes. */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH		ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK		(ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID			(ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD		(ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_LOAD		(ENGINE_CMD_BASE + 4)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+	{DYNAMIC_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the new ENGINE shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{DYNAMIC_CMD_NO_VCHECK,
+		"NO_VCHECK",
+		"Specifies to continue even if version checking fails (boolean)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{DYNAMIC_CMD_ID,
+		"ID",
+		"Specifies an ENGINE id name for loading",
+		ENGINE_CMD_FLAG_STRING},
+	{DYNAMIC_CMD_LIST_ADD,
+		"LIST_ADD",
+		"Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{DYNAMIC_CMD_LOAD,
+		"LOAD",
+		"Load up the ENGINE specified by other settings",
+		ENGINE_CMD_FLAG_NO_INPUT},
+	{0, NULL, NULL, 0}
+	};
+static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
+	{0, NULL, NULL, 0}
+	};
+
+/* Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack. */
+struct st_dynamic_data_ctx
+	{
+	/* The DSO object we load that supplies the ENGINE code */
+	DSO *dynamic_dso;
+	/* The function pointer to the version checking shared library function */
+	dynamic_v_check_fn v_check;
+	/* The function pointer to the engine-binding shared library function */
+	dynamic_bind_engine bind_engine;
+	/* The default name/path for loading the shared library */
+	const char *DYNAMIC_LIBNAME;
+	/* Whether to continue loading on a version check failure */
+	int no_vcheck;
+	/* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+	const char *engine_id;
+	/* If non-zero, a successfully loaded ENGINE should be added to the internal
+	 * ENGINE list. If 2, the add must succeed or the entire load should fail. */
+	int list_add_value;
+	/* The symbol name for the version checking function */
+	const char *DYNAMIC_F1;
+	/* The symbol name for the "initialise ENGINE structure" function */
+	const char *DYNAMIC_F2;
+	};
+
+/* This is the "ex_data" index we obtain and reserve for use with our context
+ * structure. */
+static int dynamic_ex_data_idx = -1;
+
+/* Because our ex_data element may or may not get allocated depending on whether
+ * a "first-use" occurs before the ENGINE is freed, we have a memory leak
+ * problem to solve. We can't declare a "new" handler for the ex_data as we
+ * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
+ * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
+ * handler and that will get called if an ENGINE is being destroyed and there
+ * was an ex_data element corresponding to our context type. */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+			CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
+	{
+	if(ptr)
+		{
+		dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+		if(ctx->dynamic_dso)
+			DSO_free(ctx->dynamic_dso);
+		if(ctx->DYNAMIC_LIBNAME)
+			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+		if(ctx->engine_id)
+			OPENSSL_free((void*)ctx->engine_id);
+		OPENSSL_free(ctx);
+		}
+	}
+
+/* Construct the per-ENGINE context. We create it blindly and then use a lock to
+ * check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse. */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+	{
+	dynamic_data_ctx *c;
+	c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+	if(!c)
+		{
+		ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	memset(c, 0, sizeof(dynamic_data_ctx));
+	c->dynamic_dso = NULL;
+	c->v_check = NULL;
+	c->bind_engine = NULL;
+	c->DYNAMIC_LIBNAME = NULL;
+	c->no_vcheck = 0;
+	c->engine_id = NULL;
+	c->list_add_value = 0;
+	c->DYNAMIC_F1 = "v_check";
+	c->DYNAMIC_F2 = "bind_engine";
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+				dynamic_ex_data_idx)) == NULL)
+		{
+		/* Good, we're the first */
+		ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+		*ctx = c;
+		c = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* If we lost the race to set the context, c is non-NULL and *ctx is the
+	 * context of the thread that won. */
+	if(c)
+		OPENSSL_free(c);
+	return 1;
+	}
+
+/* This function retrieves the context structure from an ENGINE's "ex_data", or
+ * if it doesn't exist yet, sets it up. */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+	{
+	dynamic_data_ctx *ctx;
+	if(dynamic_ex_data_idx < 0)
+		{
+		/* Create and register the ENGINE ex_data, and associate our
+		 * "free" function with it to ensure any allocated contexts get
+		 * freed when an ENGINE goes underground. */
+		int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+					dynamic_data_ctx_free_func);
+		if(new_idx == -1)
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
+			return NULL;
+			}
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		/* Avoid a race by checking again inside this lock */
+		if(dynamic_ex_data_idx < 0)
+			{
+			/* Good, someone didn't beat us to it */
+			dynamic_ex_data_idx = new_idx;
+			new_idx = -1;
+			}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		/* In theory we could "give back" the index here if
+		 * (new_idx>-1), but it's not possible and wouldn't gain us much
+		 * if it were. */
+		}
+	ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+	/* Check if the context needs to be created */
+	if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+		/* "set_data" will set errors if necessary */
+		return NULL;
+	return ctx;
+	}
+
+static ENGINE *engine_dynamic(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!ENGINE_set_id(ret, engine_dynamic_id) ||
+			!ENGINE_set_name(ret, engine_dynamic_name) ||
+			!ENGINE_set_init_function(ret, dynamic_init) ||
+			!ENGINE_set_finish_function(ret, dynamic_finish) ||
+			!ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+			!ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+			!ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_dynamic(void)
+	{
+	ENGINE *toadd = engine_dynamic();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	/* If the "add" worked, it gets a structural reference. So either way,
+	 * we release our just-created reference. */
+	ENGINE_free(toadd);
+	/* If the "add" didn't work, it was probably a conflict because it was
+	 * already added (eg. someone calling ENGINE_load_blah then calling
+	 * ENGINE_load_builtin_engines() perhaps). */
+	ERR_clear_error();
+	}
+
+static int dynamic_init(ENGINE *e)
+	{
+	/* We always return failure - the "dyanamic" engine itself can't be used
+	 * for anything. */
+	return 0;
+	}
+
+static int dynamic_finish(ENGINE *e)
+	{
+	/* This should never be called on account of "dynamic_init" always
+	 * failing. */
+	return 0;
+	}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+	int initialised;
+	
+	if(!ctx)
+		{
+		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
+		return 0;
+		}
+	initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+	/* All our control commands require the ENGINE to be uninitialised */
+	if(initialised)
+		{
+		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+			ENGINE_R_ALREADY_LOADED);
+		return 0;
+		}
+	switch(cmd)
+		{
+	case DYNAMIC_CMD_SO_PATH:
+		/* a NULL 'p' or a string of zero-length is the same thing */
+		if(p && (strlen((const char *)p) < 1))
+			p = NULL;
+		if(ctx->DYNAMIC_LIBNAME)
+			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+		if(p)
+			ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+		else
+			ctx->DYNAMIC_LIBNAME = NULL;
+		return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+	case DYNAMIC_CMD_NO_VCHECK:
+		ctx->no_vcheck = ((i == 0) ? 0 : 1);
+		return 1;
+	case DYNAMIC_CMD_ID:
+		/* a NULL 'p' or a string of zero-length is the same thing */
+		if(p && (strlen((const char *)p) < 1))
+			p = NULL;
+		if(ctx->engine_id)
+			OPENSSL_free((void*)ctx->engine_id);
+		if(p)
+			ctx->engine_id = BUF_strdup(p);
+		else
+			ctx->engine_id = NULL;
+		return (ctx->engine_id ? 1 : 0);
+	case DYNAMIC_CMD_LIST_ADD:
+		if((i < 0) || (i > 2))
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+				ENGINE_R_INVALID_ARGUMENT);
+			return 0;
+			}
+		ctx->list_add_value = (int)i;
+		return 1;
+	case DYNAMIC_CMD_LOAD:
+		return dynamic_load(e, ctx);
+	default:
+		break;
+		}
+	ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+	{
+	ENGINE cpy;
+	dynamic_fns fns;
+
+	if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL,
+				ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL))
+		{
+		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+			ENGINE_R_DSO_NOT_FOUND);
+		return 0;
+		}
+	/* We have to find a bind function otherwise it'll always end badly */
+	if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
+					ctx->dynamic_dso, ctx->DYNAMIC_F2)))
+		{
+		ctx->bind_engine = NULL;
+		DSO_free(ctx->dynamic_dso);
+		ctx->dynamic_dso = NULL;
+		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+			ENGINE_R_DSO_FAILURE);
+		return 0;
+		}
+	/* Do we perform version checking? */
+	if(!ctx->no_vcheck)
+		{
+		unsigned long vcheck_res = 0;
+		/* Now we try to find a version checking function and decide how
+		 * to cope with failure if/when it fails. */
+		ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
+				ctx->dynamic_dso, ctx->DYNAMIC_F1);
+		if(ctx->v_check)
+			vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+		/* We fail if the version checker veto'd the load *or* if it is
+		 * deferring to us (by returning its version) and we think it is
+		 * too old. */
+		if(vcheck_res < OSSL_DYNAMIC_OLDEST)
+			{
+			/* Fail */
+			ctx->bind_engine = NULL;
+			ctx->v_check = NULL;
+			DSO_free(ctx->dynamic_dso);
+			ctx->dynamic_dso = NULL;
+			ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+				ENGINE_R_VERSION_INCOMPATIBILITY);
+			return 0;
+			}
+		}
+	/* First binary copy the ENGINE structure so that we can roll back if
+	 * the hand-over fails */
+	memcpy(&cpy, e, sizeof(ENGINE));
+	/* Provide the ERR, "ex_data", memory, and locking callbacks so the
+	 * loaded library uses our state rather than its own. FIXME: As noted in
+	 * engine.h, much of this would be simplified if each area of code
+	 * provided its own "summary" structure of all related callbacks. It
+	 * would also increase opaqueness. */
+	fns.err_fns = ERR_get_implementation();
+	fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+	CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+				&fns.mem_fns.realloc_cb,
+				&fns.mem_fns.free_cb);
+	fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+	fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+	fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+	fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+	fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+	/* Now that we've loaded the dynamic engine, make sure no "dynamic"
+	 * ENGINE elements will show through. */
+	engine_set_all_null(e);
+
+	/* Try to bind the ENGINE onto our own ENGINE structure */
+	if(!ctx->bind_engine(e, ctx->engine_id, &fns))
+		{
+		ctx->bind_engine = NULL;
+		ctx->v_check = NULL;
+		DSO_free(ctx->dynamic_dso);
+		ctx->dynamic_dso = NULL;
+		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
+		/* Copy the original ENGINE structure back */
+		memcpy(e, &cpy, sizeof(ENGINE));
+		return 0;
+		}
+	/* Do we try to add this ENGINE to the internal list too? */
+	if(ctx->list_add_value > 0)
+		{
+		if(!ENGINE_add(e))
+			{
+			/* Do we tolerate this or fail? */
+			if(ctx->list_add_value > 1)
+				{
+				/* Fail - NB: By this time, it's too late to
+				 * rollback, and trying to do so allows the
+				 * bind_engine() code to have created leaks. We
+				 * just have to fail where we are, after the
+				 * ENGINE has changed. */
+				ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+					ENGINE_R_CONFLICTING_ENGINE_ID);
+				return 0;
+				}
+			/* Tolerate */
+			ERR_clear_error();
+			}
+		}
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_err.c b/crypto/openssl/crypto/engine/eng_err.c
new file mode 100644
index 0000000..814d95e
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_err.c
@@ -0,0 +1,166 @@
+/* crypto/engine/eng_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+	{
+{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),	"DYNAMIC_CTRL"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),	"DYNAMIC_GET_DATA_CTX"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),	"DYNAMIC_LOAD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),	"ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),	"ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0),	"ENGINE_cmd_is_executable"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),	"ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0),	"ENGINE_ctrl_cmd"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0),	"ENGINE_ctrl_cmd_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),	"ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),	"ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0),	"ENGINE_get_cipher"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0),	"ENGINE_GET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0),	"ENGINE_get_digest"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),	"ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),	"ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),	"ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),	"ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),	"ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),	"ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0),	"ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0),	"ENGINE_MODULE_INIT"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),	"ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),	"ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0),	"ENGINE_set_default_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),	"ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),	"ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),	"ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),	"ENGINE_TABLE_REGISTER"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),	"ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0),	"ENGINE_up_ref"},
+{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),	"INT_CTRL_HELPER"},
+{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),	"INT_ENGINE_CONFIGURE"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),	"LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),	"SET_DATA_CTX"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+	{
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER       ,"argument is not a number"},
+{ENGINE_R_CMD_NOT_EXECUTABLE             ,"cmd not executable"},
+{ENGINE_R_COMMAND_TAKES_INPUT            ,"command takes input"},
+{ENGINE_R_COMMAND_TAKES_NO_INPUT         ,"command takes no input"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DH_NOT_IMPLEMENTED             ,"dh not implemented"},
+{ENGINE_R_DSA_NOT_IMPLEMENTED            ,"dsa not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ENGINE_R_ENGINES_SECTION_ERROR          ,"engines section error"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_ENGINE_SECTION_ERROR           ,"engine section error"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_INVALID_ARGUMENT               ,"invalid argument"},
+{ENGINE_R_INVALID_CMD_NAME               ,"invalid cmd name"},
+{ENGINE_R_INVALID_CMD_NUMBER             ,"invalid cmd number"},
+{ENGINE_R_INVALID_INIT_VALUE             ,"invalid init value"},
+{ENGINE_R_INVALID_STRING                 ,"invalid string"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_INDEX                       ,"no index"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_RSA_NOT_IMPLEMENTED            ,"rsa not implemented"},
+{ENGINE_R_UNIMPLEMENTED_CIPHER           ,"unimplemented cipher"},
+{ENGINE_R_UNIMPLEMENTED_DIGEST           ,"unimplemented digest"},
+{ENGINE_R_VERSION_INCOMPATIBILITY        ,"version incompatibility"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/engine/eng_fat.c b/crypto/openssl/crypto/engine/eng_fat.c
new file mode 100644
index 0000000..f7edb5a
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_fat.c
@@ -0,0 +1,147 @@
+/* crypto/engine/eng_fat.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+	{
+	if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+		return 0;
+	if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+		return 0;
+#ifndef OPENSSL_NO_RSA
+	if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e))
+		return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+	if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e))
+		return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+	if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
+		return 0;
+#endif
+	if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
+		return 0;
+	return 1;
+	}
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+	{
+	unsigned int *pflags = arg;
+	if (!strncmp(alg, "ALL", len))
+		*pflags |= ENGINE_METHOD_ALL;
+	else if (!strncmp(alg, "RSA", len))
+		*pflags |= ENGINE_METHOD_RSA;
+	else if (!strncmp(alg, "DSA", len))
+		*pflags |= ENGINE_METHOD_DSA;
+	else if (!strncmp(alg, "DH", len))
+		*pflags |= ENGINE_METHOD_DH;
+	else if (!strncmp(alg, "RAND", len))
+		*pflags |= ENGINE_METHOD_RAND;
+	else if (!strncmp(alg, "CIPHERS", len))
+		*pflags |= ENGINE_METHOD_CIPHERS;
+	else if (!strncmp(alg, "DIGESTS", len))
+		*pflags |= ENGINE_METHOD_DIGESTS;
+	else
+		return 0;
+	return 1;
+	}
+
+
+int ENGINE_set_default_string(ENGINE *e, const char *list)
+	{
+	unsigned int flags = 0;
+	if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+					ENGINE_R_INVALID_STRING);
+		ERR_add_error_data(2, "str=",list);
+		return 0;
+		}
+	return ENGINE_set_default(e, flags);
+	}
+
+int ENGINE_register_complete(ENGINE *e)
+	{
+	ENGINE_register_ciphers(e);
+	ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+	ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+	ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+	ENGINE_register_DH(e);
+#endif
+	ENGINE_register_RAND(e);
+	return 1;
+	}
+
+int ENGINE_register_all_complete(void)
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_complete(e);
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_init.c b/crypto/openssl/crypto/engine/eng_init.c
new file mode 100644
index 0000000..170c179
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_init.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_init.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). This version is only used internally. */
+int engine_unlocked_init(ENGINE *e)
+	{
+	int to_return = 1;
+
+	if((e->funct_ref == 0) && e->init)
+		/* This is the first functional reference and the engine
+		 * requires initialisation so we do it now. */
+		to_return = e->init(e);
+	if(to_return)
+		{
+		/* OK, we return a functional reference which is also a
+		 * structural reference. */
+		e->struct_ref++;
+		e->funct_ref++;
+		engine_ref_debug(e, 0, 1)
+		engine_ref_debug(e, 1, 1)
+		}
+	return to_return;
+	}
+
+/* Free a functional reference to a engine type. This version is only used
+ * internally. */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+	{
+	int to_return = 1;
+
+	/* Reduce the functional reference count here so if it's the terminating
+	 * case, we can release the lock safely and call the finish() handler
+	 * without risk of a race. We get a race if we leave the count until
+	 * after and something else is calling "finish" at the same time -
+	 * there's a chance that both threads will together take the count from
+	 * 2 to 0 without either calling finish(). */
+	e->funct_ref--;
+	engine_ref_debug(e, 1, -1);
+	if((e->funct_ref == 0) && e->finish)
+		{
+		if(unlock_for_handlers)
+			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		to_return = e->finish(e);
+		if(unlock_for_handlers)
+			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		if(!to_return)
+			return 0;
+		}
+#ifdef REF_CHECK
+	if(e->funct_ref < 0)
+		{
+		fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
+		abort();
+		}
+#endif
+	/* Release the structural reference too */
+	if(!engine_free_util(e, 0))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+		return 0;
+		}
+	return to_return;
+	}
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+	{
+	int ret;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_unlocked_init(e);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+	{
+	int to_return = 1;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	to_return = engine_unlocked_finish(e, 1);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if(!to_return)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+		return 0;
+		}
+	return to_return;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_int.h b/crypto/openssl/crypto/engine/eng_int.h
new file mode 100644
index 0000000..38335f9
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_int.h
@@ -0,0 +1,185 @@
+/* crypto/engine/eng_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+/* Take public definitions from engine.h */
+#include <openssl/engine.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for each
+ * change. This prints the engine's pointer address (truncated to unsigned int),
+ * "struct" or "funct" to indicate the reference type, the before and after
+ * reference count, and the file:line-number pair. The "engine_ref_debug"
+ * statements must come *after* the change. */
+#ifdef ENGINE_REF_COUNT_DEBUG
+
+#define engine_ref_debug(e, isfunct, diff) \
+	fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+		(unsigned int)(e), (isfunct ? "funct" : "struct"), \
+		((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+		((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+		(__FILE__), (__LINE__));
+
+#else
+
+#define engine_ref_debug(e, isfunct, diff)
+
+#endif
+
+/* Any code that will need cleanup operations should use these functions to
+ * register callbacks. ENGINE_cleanup() will call all registered callbacks in
+ * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
+ * held (in "write" mode). */
+typedef void (ENGINE_CLEANUP_CB)(void);
+typedef struct st_engine_cleanup_item
+	{
+	ENGINE_CLEANUP_CB *cb;
+	} ENGINE_CLEANUP_ITEM;
+DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DECLARE_STACK_OF(ENGINE)
+
+/* If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
+ * functional references (etc), will display debugging summaries to stderr. */
+/* #define ENGINE_TABLE_DEBUG */
+
+/* This represents an implementation table. Dependent code should instantiate it
+ * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+		ENGINE *e, const int *nids, int num_nids, int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
+#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#endif
+
+/* Internal versions of API functions that have control over locking. These are
+ * used between C files when functionality needs to be shared but the caller may
+ * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
+
+/* This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all the
+ * ENGINE_set_***() functions with a NULL value. */
+void engine_set_all_null(ENGINE *e);
+
+/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
+ * in engine.h. */
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+struct engine_st
+	{
+	const char *id;
+	const char *name;
+	const RSA_METHOD *rsa_meth;
+	const DSA_METHOD *dsa_meth;
+	const DH_METHOD *dh_meth;
+	const RAND_METHOD *rand_meth;
+	/* Cipher handling is via this callback */
+	ENGINE_CIPHERS_PTR ciphers;
+	/* Digest handling is via this callback */
+	ENGINE_DIGESTS_PTR digests;
+
+
+	ENGINE_GEN_INT_FUNC_PTR	destroy;
+
+	ENGINE_GEN_INT_FUNC_PTR init;
+	ENGINE_GEN_INT_FUNC_PTR finish;
+	ENGINE_CTRL_FUNC_PTR ctrl;
+	ENGINE_LOAD_KEY_PTR load_privkey;
+	ENGINE_LOAD_KEY_PTR load_pubkey;
+
+	const ENGINE_CMD_DEFN *cmd_defns;
+	int flags;
+	/* reference count on the structure itself */
+	int struct_ref;
+	/* reference count on usability of the engine type. NB: This
+	 * controls the loading and initialisation of any functionlity
+	 * required by this engine, whereas the previous count is
+	 * simply to cope with (de)allocation of this structure. Hence,
+	 * running_ref <= struct_ref at all times. */
+	int funct_ref;
+	/* A place to store per-ENGINE data */
+	CRYPTO_EX_DATA ex_data;
+	/* Used to maintain the linked-list of engines. */
+	struct engine_st *prev;
+	struct engine_st *next;
+	};
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/openssl/crypto/engine/eng_lib.c
new file mode 100644
index 0000000..a66d0f0
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_lib.c
@@ -0,0 +1,321 @@
+/* crypto/engine/eng_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
+#include <openssl/engine.h>
+
+/* The "new"/"free" stuff first */
+
+ENGINE *ENGINE_new(void)
+	{
+	ENGINE *ret;
+
+	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+	if(ret == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+	memset(ret, 0, sizeof(ENGINE));
+	ret->struct_ref = 1;
+	engine_ref_debug(ret, 0, 1)
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+	return ret;
+	}
+
+/* Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here. */
+void engine_set_all_null(ENGINE *e)
+	{
+	e->id = NULL;
+	e->name = NULL;
+	e->rsa_meth = NULL;
+	e->dsa_meth = NULL;
+	e->dh_meth = NULL;
+	e->rand_meth = NULL;
+	e->ciphers = NULL;
+	e->digests = NULL;
+	e->destroy = NULL;
+	e->init = NULL;
+	e->finish = NULL;
+	e->ctrl = NULL;
+	e->load_privkey = NULL;
+	e->load_pubkey = NULL;
+	e->cmd_defns = NULL;
+	e->flags = 0;
+	}
+
+int engine_free_util(ENGINE *e, int locked)
+	{
+	int i;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FREE,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if(locked)
+		i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+	else
+		i = --e->struct_ref;
+	engine_ref_debug(e, 0, -1)
+	if (i > 0) return 1;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"ENGINE_free, bad structural reference count\n");
+		abort();
+		}
+#endif
+	/* Give the ENGINE a chance to do any structural cleanup corresponding
+	 * to allocation it did in its constructor (eg. unload error strings) */
+	if(e->destroy)
+		e->destroy(e);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+	OPENSSL_free(e);
+	return 1;
+	}
+
+int ENGINE_free(ENGINE *e)
+	{
+	return engine_free_util(e, 1);
+	}
+
+/* Cleanup stuff */
+
+/* ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get linker
+ * bloat by referring to all *possible* cleanups, but any linker bloat into code
+ * "X" will cause X's cleanup function to end up here. */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+	{
+	if(cleanup_stack) return 1;
+	if(!create) return 0;
+	cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+	return (cleanup_stack ? 1 : 0);
+	}
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+	{
+	ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
+					ENGINE_CLEANUP_ITEM));
+	if(!item) return NULL;
+	item->cb = cb;
+	return item;
+	}
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+	{
+	ENGINE_CLEANUP_ITEM *item;
+	if(!int_cleanup_check(1)) return;
+	item = int_cleanup_item(cb);
+	if(item)
+		sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+	}
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+	{
+	ENGINE_CLEANUP_ITEM *item;
+	if(!int_cleanup_check(1)) return;
+	item = int_cleanup_item(cb);
+	if(item)
+		sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+	}
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+	{
+	(*(item->cb))();
+	OPENSSL_free(item);
+	}
+void ENGINE_cleanup(void)
+	{
+	if(int_cleanup_check(0))
+		{
+		sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+			engine_cleanup_cb_free);
+		cleanup_stack = NULL;
+		}
+	/* FIXME: This should be handled (somehow) through RAND, eg. by it
+	 * registering a cleanup callback. */
+	RAND_set_rand_method(NULL);
+	}
+
+/* Now the "ex_data" support */
+
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+			new_func, dup_func, free_func);
+	}
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+	}
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+	{
+	return(CRYPTO_get_ex_data(&e->ex_data, idx));
+	}
+
+/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself. */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+	{
+	if(id == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	e->id = id;
+	return 1;
+	}
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+	{
+	if(name == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	e->name = name;
+	return 1;
+	}
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+	{
+	e->destroy = destroy_f;
+	return 1;
+	}
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+	{
+	e->init = init_f;
+	return 1;
+	}
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+	{
+	e->finish = finish_f;
+	return 1;
+	}
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+	{
+	e->ctrl = ctrl_f;
+	return 1;
+	}
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+	{
+	e->flags = flags;
+	return 1;
+	}
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+	{
+	e->cmd_defns = defns;
+	return 1;
+	}
+
+const char *ENGINE_get_id(const ENGINE *e)
+	{
+	return e->id;
+	}
+
+const char *ENGINE_get_name(const ENGINE *e)
+	{
+	return e->name;
+	}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+	{
+	return e->destroy;
+	}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+	{
+	return e->init;
+	}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+	{
+	return e->finish;
+	}
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+	{
+	return e->ctrl;
+	}
+
+int ENGINE_get_flags(const ENGINE *e)
+	{
+	return e->flags;
+	}
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+	{
+	return e->cmd_defns;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c
new file mode 100644
index 0000000..1cc3217
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_list.c
@@ -0,0 +1,394 @@
+/* crypto/engine/eng_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/* This cleanup function is only needed internally. If it should be called, we
+ * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+
+static void engine_list_cleanup(void)
+	{
+	ENGINE *iterator = engine_list_head;
+
+	while(iterator != NULL)
+		{
+		ENGINE_remove(iterator);
+		iterator = engine_list_head;
+		}
+	return;
+	}
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+	{
+	int conflict = 0;
+	ENGINE *iterator = NULL;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	iterator = engine_list_head;
+	while(iterator && !conflict)
+		{
+		conflict = (strcmp(iterator->id, e->id) == 0);
+		iterator = iterator->next;
+		}
+	if(conflict)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+			ENGINE_R_CONFLICTING_ENGINE_ID);
+		return 0;
+		}
+	if(engine_list_head == NULL)
+		{
+		/* We are adding to an empty list. */
+		if(engine_list_tail)
+			{
+			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+				ENGINE_R_INTERNAL_LIST_ERROR);
+			return 0;
+			}
+		engine_list_head = e;
+		e->prev = NULL;
+		/* The first time the list allocates, we should register the
+		 * cleanup. */
+		engine_cleanup_add_last(engine_list_cleanup);
+		}
+	else
+		{
+		/* We are adding to the tail of an existing list. */
+		if((engine_list_tail == NULL) ||
+				(engine_list_tail->next != NULL))
+			{
+			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+				ENGINE_R_INTERNAL_LIST_ERROR);
+			return 0;
+			}
+		engine_list_tail->next = e;
+		e->prev = engine_list_tail;
+		}
+	/* Having the engine in the list assumes a structural
+	 * reference. */
+	e->struct_ref++;
+	engine_ref_debug(e, 0, 1)
+	/* However it came to be, e is the last item in the list. */
+	engine_list_tail = e;
+	e->next = NULL;
+	return 1;
+	}
+
+static int engine_list_remove(ENGINE *e)
+	{
+	ENGINE *iterator;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	/* We need to check that e is in our linked list! */
+	iterator = engine_list_head;
+	while(iterator && (iterator != e))
+		iterator = iterator->next;
+	if(iterator == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+			ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+		return 0;
+		}
+	/* un-link e from the chain. */
+	if(e->next)
+		e->next->prev = e->prev;
+	if(e->prev)
+		e->prev->next = e->next;
+	/* Correct our head/tail if necessary. */
+	if(engine_list_head == e)
+		engine_list_head = e->next;
+	if(engine_list_tail == e)
+		engine_list_tail = e->prev;
+	engine_free_util(e, 0);
+	return 1;
+	}
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+	{
+	ENGINE *ret;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_list_head;
+	if(ret)
+		{
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+
+ENGINE *ENGINE_get_last(void)
+	{
+	ENGINE *ret;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_list_tail;
+	if(ret)
+		{
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+	{
+	ENGINE *ret = NULL;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = e->next;
+	if(ret)
+		{
+		/* Return a valid structural refernce to the next ENGINE */
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* Release the structural reference to the previous ENGINE */
+	ENGINE_free(e);
+	return ret;
+	}
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+	{
+	ENGINE *ret = NULL;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = e->prev;
+	if(ret)
+		{
+		/* Return a valid structural reference to the next ENGINE */
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* Release the structural reference to the previous ENGINE */
+	ENGINE_free(e);
+	return ret;
+	}
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+	{
+	int to_return = 1;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_ADD,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if((e->id == NULL) || (e->name == NULL))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_ADD,
+			ENGINE_R_ID_OR_NAME_MISSING);
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(!engine_list_add(e))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_ADD,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		to_return = 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return to_return;
+	}
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+	{
+	int to_return = 1;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(!engine_list_remove(e))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		to_return = 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return to_return;
+	}
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+	{
+	dest->id = src->id;
+	dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+	dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+	dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+	dest->dh_meth = src->dh_meth;
+#endif
+	dest->rand_meth = src->rand_meth;
+	dest->ciphers = src->ciphers;
+	dest->digests = src->digests;
+	dest->destroy = src->destroy;
+	dest->init = src->init;
+	dest->finish = src->finish;
+	dest->ctrl = src->ctrl;
+	dest->load_privkey = src->load_privkey;
+	dest->load_pubkey = src->load_pubkey;
+	dest->cmd_defns = src->cmd_defns;
+	dest->flags = src->flags;
+	}
+
+ENGINE *ENGINE_by_id(const char *id)
+	{
+	ENGINE *iterator;
+	if(id == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	iterator = engine_list_head;
+	while(iterator && (strcmp(id, iterator->id) != 0))
+		iterator = iterator->next;
+	if(iterator)
+		{
+		/* We need to return a structural reference. If this is an
+		 * ENGINE type that returns copies, make a duplicate - otherwise
+		 * increment the existing ENGINE's reference count. */
+		if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
+			{
+			ENGINE *cp = ENGINE_new();
+			if(!cp)
+				iterator = NULL;
+			else
+				{
+				engine_cpy(cp, iterator);
+				iterator = cp;
+				}
+			}
+		else
+			{
+			iterator->struct_ref++;
+			engine_ref_debug(iterator, 0, 1)
+			}
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if(iterator == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+			ENGINE_R_NO_SUCH_ENGINE);
+		ERR_add_error_data(2, "id=", id);
+		}
+	return iterator;
+	}
+
+int ENGINE_up_ref(ENGINE *e)
+	{
+	if (e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_openssl.c b/crypto/openssl/crypto/engine/eng_openssl.c
new file mode 100644
index 0000000..54579ee
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_openssl.c
@@ -0,0 +1,361 @@
+/* crypto/engine/eng_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+/* This testing gunk is implemented (and explained) lower down. It also assumes
+ * the application explicitly calls "ENGINE_load_openssl()" because this is no
+ * longer automatic in ENGINE_load_builtin_engines(). */
+#define TEST_ENG_OPENSSL_RC4
+#define TEST_ENG_OPENSSL_PKEY
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+#undef TEST_ENG_OPENSSL_RC4
+#undef TEST_ENG_OPENSSL_RC4_OTHERS
+#undef TEST_ENG_OPENSSL_RC4_P_INIT
+#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
+#undef TEST_ENG_OPENSSL_SHA
+#undef TEST_ENG_OPENSSL_SHA_OTHERS
+#undef TEST_ENG_OPENSSL_SHA_P_INIT
+#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
+#endif
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+				const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+				const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/* This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+	if(!ENGINE_set_id(e, engine_openssl_id)
+			|| !ENGINE_set_name(e, engine_openssl_name)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+#ifndef OPENSSL_NO_RSA
+			|| !ENGINE_set_RSA(e, RSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DSA
+			|| !ENGINE_set_DSA(e, DSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DH
+			|| !ENGINE_set_DH(e, DH_get_default_method())
+#endif
+			|| !ENGINE_set_RAND(e, RAND_SSLeay())
+#ifdef TEST_ENG_OPENSSL_RC4
+			|| !ENGINE_set_ciphers(e, openssl_ciphers)
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+			|| !ENGINE_set_digests(e, openssl_digests)
+#endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+			)
+		return 0;
+	/* If we add errors to this ENGINE, ensure the error handling is setup here */
+	/* openssl_load_error_strings(); */
+	return 1;
+	}
+
+static ENGINE *engine_openssl(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_openssl(void)
+	{
+	ENGINE *toadd = engine_openssl();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	/* If the "add" worked, it gets a structural reference. So either way,
+	 * we release our just-created reference. */
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_openssl_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#ifdef TEST_ENG_OPENSSL_RC4
+/* This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+#include <openssl/rc4.h>
+#define TEST_RC4_KEY_SIZE		16
+static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+static int test_cipher_nids_number = 2;
+typedef struct {
+	unsigned char key[TEST_RC4_KEY_SIZE];
+	RC4_KEY ks;
+	} TEST_RC4_KEY;
+#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
+	{
+#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+#endif
+	memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
+	RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		test(ctx)->key);
+	return 1;
+	}
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		      const unsigned char *in, unsigned int inl)
+	{
+#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+#endif
+	RC4(&test(ctx)->ks,inl,in,out);
+	return 1;
+	}
+static const EVP_CIPHER test_r4_cipher=
+	{
+	NID_rc4,
+	1,TEST_RC4_KEY_SIZE,0,
+	EVP_CIPH_VARIABLE_LENGTH,
+	test_rc4_init_key,
+	test_rc4_cipher,
+	NULL,
+	sizeof(TEST_RC4_KEY),
+	NULL,
+	NULL,
+	NULL
+	};
+static const EVP_CIPHER test_r4_40_cipher=
+	{
+	NID_rc4_40,
+	1,5 /* 40 bit */,0,
+	EVP_CIPH_VARIABLE_LENGTH,
+	test_rc4_init_key,
+	test_rc4_cipher,
+	NULL,
+	sizeof(TEST_RC4_KEY),
+	NULL, 
+	NULL,
+	NULL
+	};
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+			const int **nids, int nid)
+	{
+	if(!cipher)
+		{
+		/* We are returning a list of supported nids */
+		*nids = test_cipher_nids;
+		return test_cipher_nids_number;
+		}
+	/* We are being asked for a specific cipher */
+	if(nid == NID_rc4)
+		*cipher = &test_r4_cipher;
+	else if(nid == NID_rc4_40)
+		*cipher = &test_r4_40_cipher;
+	else
+		{
+#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+		fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+				"nid %d\n", nid);
+#endif
+		*cipher = NULL;
+		return 0;
+		}
+	return 1;
+	}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+#include <openssl/sha.h>
+static int test_digest_nids[] = {NID_sha1};
+static int test_digest_nids_number = 1;
+static int test_sha1_init(EVP_MD_CTX *ctx)
+	{
+#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+#endif
+	return SHA1_Init(ctx->md_data);
+	}
+static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{
+#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+#endif
+	return SHA1_Update(ctx->md_data,data,count);
+	}
+static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{
+#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+#endif
+	return SHA1_Final(md,ctx->md_data);
+	}
+static const EVP_MD test_sha_md=
+	{
+	NID_sha1,
+	NID_sha1WithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	0,
+	test_sha1_init,
+	test_sha1_update,
+	test_sha1_final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+			const int **nids, int nid)
+	{
+	if(!digest)
+		{
+		/* We are returning a list of supported nids */
+		*nids = test_digest_nids;
+		return test_digest_nids_number;
+		}
+	/* We are being asked for a specific digest */
+	if(nid == NID_sha1)
+		*digest = &test_sha_md;
+	else
+		{
+#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+		fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+				"nid %d\n", nid);
+#endif
+		*digest = NULL;
+		return 0;
+		}
+	return 1;
+	}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	BIO *in;
+	EVP_PKEY *key;
+	fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
+	in = BIO_new_file(key_id, "r");
+	if (!in)
+		return NULL;
+	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+	BIO_free(in);
+	return key;
+	}
+#endif
diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/openssl/crypto/engine/eng_pkey.c
new file mode 100644
index 0000000..8c69171
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_pkey.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_pkey.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
+	{
+	e->load_privkey = loadpriv_f;
+	return 1;
+	}
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+	{
+	e->load_pubkey = loadpub_f;
+	return 1;
+	}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+	{
+	return e->load_privkey;
+	}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+	{
+	return e->load_pubkey;
+	}
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	EVP_PKEY *pkey;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(e->funct_ref == 0)
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ENGINE_R_NOT_INITIALISED);
+		return 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if (!e->load_privkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ENGINE_R_NO_LOAD_FUNCTION);
+		return 0;
+		}
+	pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+	if (!pkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+		return 0;
+		}
+	return pkey;
+	}
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	EVP_PKEY *pkey;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(e->funct_ref == 0)
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ENGINE_R_NOT_INITIALISED);
+		return 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if (!e->load_pubkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ENGINE_R_NO_LOAD_FUNCTION);
+		return 0;
+		}
+	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+	if (!pkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+		return 0;
+		}
+	return pkey;
+	}
diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c
new file mode 100644
index 0000000..c69a84a
--- /dev/null
+++ b/crypto/openssl/crypto/engine/eng_table.c
@@ -0,0 +1,361 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
+ * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
+ * pointers. These pointers aren't references, because they're inserted and
+ * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
+ * that *exist* (ie. have a structural reference count greater than zero) rather
+ * than ENGINEs that are *functional*. Each pointer in those stacks are to
+ * ENGINEs that implements the algorithm corresponding to each 'nid'. */
+
+/* The type of the items in the table */
+typedef struct st_engine_pile
+	{
+	/* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
+	 * */
+	int nid;
+	/* A stack of ENGINE pointers for ENGINEs that support this
+	 * algorithm/mode. In the event that 'funct' is NULL, the first entry in
+	 * this stack that initialises will be set as 'funct' and assumed as the
+	 * default for operations of this type. */
+	STACK_OF(ENGINE) *sk;
+	/* The default ENGINE to perform this algorithm/mode. */
+	ENGINE *funct;
+	/* This value optimises engine_table_select(). If it is called it sets
+	 * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
+	 * As such, no ENGINE_init() thrashing is done unless ENGINEs
+	 * continually register (and/or unregister). */
+	int uptodate;
+	} ENGINE_PILE;
+
+/* The type of the hash table of ENGINE_PILE structures such that each are
+ * unique and keyed by the 'nid' value. */
+struct st_engine_table
+	{
+	LHASH piles;
+	}; /* ENGINE_TABLE */
+
+/* This value stores global options controlling behaviour of (mostly) the
+ * engine_table_select() function. It's a bitmask of flag values of the form
+ * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
+ * ENGINE_[get|set]_table_flags() function. */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+	{
+	return table_flags;
+	}
+void ENGINE_set_table_flags(unsigned int flags)
+	{
+	table_flags = flags;
+	}
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+	{
+	return c->nid;
+	}
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+	{
+	return a->nid - b->nid;
+	}
+static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static int int_table_check(ENGINE_TABLE **t, int create)
+	{
+	LHASH *lh;
+	if(*t)
+		return 1;
+	if(!create)
+		return 0;
+	if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+			LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+		return 0;
+	*t = (ENGINE_TABLE *)lh;
+	return 1;
+	}
+
+/* Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+		ENGINE *e, const int *nids, int num_nids, int setdefault)
+	{
+	int ret = 0, added = 0;
+	ENGINE_PILE tmplate, *fnd;
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(!(*table))
+		added = 1;
+	if(!int_table_check(table, 1))
+		goto end;
+	if(added)
+		/* The cleanup callback needs to be added */
+		engine_cleanup_add_first(cleanup);
+	while(num_nids--)
+		{
+		tmplate.nid = *nids;
+		fnd = lh_retrieve(&(*table)->piles, &tmplate);
+		if(!fnd)
+			{
+			fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+			if(!fnd)
+				goto end;
+			fnd->uptodate = 1;
+			fnd->nid = *nids;
+			fnd->sk = sk_ENGINE_new_null();
+			if(!fnd->sk)
+				{
+				OPENSSL_free(fnd);
+				goto end;
+				}
+			fnd->funct= NULL;
+			lh_insert(&(*table)->piles, fnd);
+			}
+		/* A registration shouldn't add duplciate entries */
+		sk_ENGINE_delete_ptr(fnd->sk, e);
+		/* if 'setdefault', this ENGINE goes to the head of the list */
+		if(!sk_ENGINE_push(fnd->sk, e))
+			goto end;
+		/* "touch" this ENGINE_PILE */
+		fnd->uptodate = 0;
+		if(setdefault)
+			{
+			if(!engine_unlocked_init(e))
+				{
+				ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+						ENGINE_R_INIT_FAILED);
+				goto end;
+				}
+			if(fnd->funct)
+				engine_unlocked_finish(fnd->funct, 0);
+			fnd->funct = e;
+			}
+		nids++;
+		}
+	ret = 1;
+end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+	{
+	int n;
+	/* Iterate the 'c->sk' stack removing any occurance of 'e' */
+	while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
+		{
+		sk_ENGINE_delete(pile->sk, n);
+		/* "touch" this ENGINE_CIPHER */
+		pile->uptodate = 0;
+		}
+	if(pile->funct == e)
+		{
+		engine_unlocked_finish(e, 0);
+		pile->funct = NULL;
+		}
+	}
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(int_table_check(table, 0))
+		lh_doall_arg(&(*table)->piles,
+			LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	}
+
+static void int_cleanup_cb(ENGINE_PILE *p)
+	{
+	sk_ENGINE_free(p->sk);
+	if(p->funct)
+		engine_unlocked_finish(p->funct, 0);
+	OPENSSL_free(p);
+	}
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+void engine_table_cleanup(ENGINE_TABLE **table)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(*table)
+		{
+		lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+		lh_free(&(*table)->piles);
+		*table = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+#endif
+	{
+	ENGINE *ret = NULL;
+	ENGINE_PILE tmplate, *fnd=NULL;
+	int initres, loop = 0;
+
+	/* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
+	 * ENGINEs have registered any implementations! */
+	if(!(*table))
+		{
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+			"registered for anything!\n", f, l, nid);
+#endif
+		return NULL;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	/* Check again inside the lock otherwise we could race against cleanup
+	 * operations. But don't worry about a fprintf(stderr). */
+	if(!int_table_check(table, 0))
+		goto end;
+	tmplate.nid = nid;
+	fnd = lh_retrieve(&(*table)->piles, &tmplate);
+	if(!fnd)
+		goto end;
+	if(fnd->funct && engine_unlocked_init(fnd->funct))
+		{
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+			"ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+		ret = fnd->funct;
+		goto end;
+		}
+	if(fnd->uptodate)
+		{
+		ret = fnd->funct;
+		goto end;
+		}
+trynext:
+	ret = sk_ENGINE_value(fnd->sk, loop++);
+	if(!ret)
+		{
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+				"registered implementations would initialise\n",
+				f, l, nid);
+#endif
+		goto end;
+		}
+#if 0
+	/* Don't need to get a reference if we hold the lock. If the locking has
+	 * to change in future, that would be different ... */
+	ret->struct_ref++; engine_ref_debug(ret, 0, 1)
+#endif
+	/* Try and initialise the ENGINE if it's already functional *or* if the
+	 * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
+	if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+		initres = engine_unlocked_init(ret);
+	else
+		initres = 0;
+#if 0
+	/* Release the structural reference */
+	ret->struct_ref--; engine_ref_debug(ret, 0, -1);
+#endif
+	if(initres)
+		{
+		/* If we didn't have a default (functional reference) for this
+		 * 'nid' (or we had one but for whatever reason we're now
+		 * initialising a different one), use this opportunity to set
+		 * 'funct'. */
+		if((fnd->funct != ret) && engine_unlocked_init(ret))
+			{
+			/* If there was a previous default we release it. */
+			if(fnd->funct)
+				engine_unlocked_finish(fnd->funct, 0);
+			/* We got an extra functional reference for the
+			 * per-'nid' default */
+			fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+			fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+				"setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+			}
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+				"newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+		goto end;
+		}
+	goto trynext;
+end:
+	/* Whatever happened - we should "untouch" our uptodate file seeing as
+	 * we have tried our best to find a functional reference for 'nid'. If
+	 * it failed, it is unlikely to succeed again until some future
+	 * registrations (or unregistrations) have taken place that affect that
+	 * 'nid'. */
+	if(fnd)
+		fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+	if(ret)
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+				"ENGINE '%s'\n", f, l, nid, ret->id);
+	else
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+				"'no matching ENGINE'\n", f, l, nid);
+#endif
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* Whatever happened, any failed init()s are not failures in this
+	 * context, so clear our error state. */
+	ERR_clear_error();
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h
new file mode 100644
index 0000000..10e7444
--- /dev/null
+++ b/crypto/openssl/crypto/engine/engine.h
@@ -0,0 +1,716 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/ossl_typ.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/ui.h>
+#include <openssl/symhacks.h>
+#include <openssl/err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Fixups for missing algorithms */
+#ifdef OPENSSL_NO_RSA
+typedef void RSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DSA
+typedef void DSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DH
+typedef void DH_METHOD;
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA		(unsigned int)0x0001
+#define ENGINE_METHOD_DSA		(unsigned int)0x0002
+#define ENGINE_METHOD_DH		(unsigned int)0x0004
+#define ENGINE_METHOD_RAND		(unsigned int)0x0008
+#define ENGINE_METHOD_CIPHERS		(unsigned int)0x0040
+#define ENGINE_METHOD_DIGESTS		(unsigned int)0x0080
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE		(unsigned int)0x0000
+
+/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be set
+ * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised. */
+#define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */
+
+/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles these
+ * control commands on behalf of the ENGINE using their "cmd_defns" data. */
+#define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002
+
+/* This flag is for ENGINEs who return new duplicate structures when found via
+ * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
+ * commands are called in sequence as part of some stateful process like
+ * key-generation setup and execution), it can set this flag - then each attempt
+ * to obtain the ENGINE will result in it being copied into a new structure.
+ * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
+ * the existing ENGINE's structural reference count. */
+#define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004
+
+/* ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
+ * command expects. Currently only numeric and string input is supported. If a
+ * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
+ * then it is regarded as an "internal" control command - and not for use in
+ * config setting situations. As such, they're not available to the
+ * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
+ * this list of 'command types' should be reflected carefully in
+ * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
+/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
+ * ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002
+/* Indicates that the control command takes *no* input. Ie. the control command
+ * is unparameterised. */
+#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004
+/* Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function. */
+#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008
+
+/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
+ * relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate the
+ * same functionality to their own ENGINE-specific control functions that can be
+ * "discovered" by calling applications. The fact these control commands
+ * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
+ * fact that application code can find and use them without requiring per-ENGINE
+ * hacking. */
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines.  In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM		1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
+#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any
+						     handles/connections etc. */
+#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
+#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
+                                                     when calling the password
+                                                     callback and the user
+                                                     interface */
+
+/* These control commands allow an application to deal with an arbitrary engine
+ * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
+ * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
+ * including ENGINE-specific command types, return zero for an error.
+ *
+ * An ENGINE can choose to implement these ctrl functions, and can internally
+ * manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
+ * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
+ * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
+ * handler need only implement its own commands - the above "meta" commands will
+ * be taken care of. */
+
+/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
+ * all the remaining control commands will return failure, so it is worth
+ * checking this first if the caller is trying to "discover" the engine's
+ * capabilities and doesn't want errors generated unnecessarily. */
+#define ENGINE_CTRL_HAS_CTRL_FUNCTION		10
+/* Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported. */
+#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
+/* The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more. */
+#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
+/* The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it. */
+#define ENGINE_CTRL_GET_CMD_FROM_NAME		13
+/* The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
+ * case, the return value is the length of the command name (not counting a
+ * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
+ * large enough, and it will be populated with the name of the command (WITH a
+ * trailing EOL). */
+#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
+#define ENGINE_CTRL_GET_NAME_FROM_CMD		15
+/* The next two are similar but give a "short description" of a command. */
+#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
+#define ENGINE_CTRL_GET_DESC_FROM_CMD		17
+/* With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects. */
+#define ENGINE_CTRL_GET_CMD_FLAGS		18
+
+/* ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
+#define ENGINE_CMD_BASE		200
+
+/* NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before these
+ * are removed. */
+
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100
+	/* Depending on the value of the (long)i argument, this sets or
+	 * unsets the SimpleForkCheck flag in the CHIL API to enable or
+	 * disable checking and workarounds for applications that fork().
+	 */
+#define ENGINE_CTRL_CHIL_NO_LOCKING		101
+	/* This prevents the initialisation function from providing mutex
+	 * callbacks to the nCipher library. */
+
+/* If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
+ * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
+ * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
+ * supports the stated commands (ie. the "cmd_num" entries as described by the
+ * array). NB: The array must be ordered in increasing order of cmd_num.
+ * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
+ * to zero and/or cmd_name set to NULL. */
+typedef struct ENGINE_CMD_DEFN_st
+	{
+	unsigned int cmd_num; /* The command number */
+	const char *cmd_name; /* The command name itself */
+	const char *cmd_desc; /* A short description of the command */
+	unsigned int cmd_flags; /* The input the command expects */
+	} ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
+/* Generic load_key function pointer */
+typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+	UI_METHOD *ui_method, void *callback_data);
+/* These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/* Returns to a pointer to the array of supported cipher 'nid's. If the second
+ * parameter is non-NULL it is set to the size of the returned array. */
+typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+
+/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
+ * structures where the pointers have a "structural reference". This means that
+ * their reference is to allowed access to the structure but it does not imply
+ * that the structure is functional. To simply increment or decrement the
+ * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
+ * required when iterating using ENGINE_get_next as it will automatically
+ * decrement the structural reference count of the "current" ENGINE and
+ * increment the structural reference count of the ENGINE it returns (unless it
+ * is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+/* Add all the built-in engines. */
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
+void ENGINE_load_cswift(void);
+void ENGINE_load_chil(void);
+void ENGINE_load_atalla(void);
+void ENGINE_load_nuron(void);
+void ENGINE_load_ubsec(void);
+void ENGINE_load_aep(void);
+void ENGINE_load_sureware(void);
+void ENGINE_load_4758cca(void);
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
+
+/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/* Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required, so
+ * ENGINE_cleanup() will reverse any "register" operations. */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+/* These functions register all support from the above categories. Note, use of
+ * these functions can result in static linkage of code your application may not
+ * need. If you only need a subset of functionality, consider using more
+ * selective initialisation. */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/* Send parametrised control commands to the engine. The possibilities to send
+ * down an integer, a pointer to data or a function pointer are provided. Any of
+ * the parameters may or may not be NULL, depending on the command number. In
+ * actuality, this function only requires a structural (rather than functional)
+ * reference to an engine, but many control commands may require the engine be
+ * functional. The caller should be aware of trying commands that require an
+ * operational ENGINE, and only use functional references in such situations. */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* This function tests if an ENGINE-specific command is usable as a "setting".
+ * Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/* This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional commands.
+ * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
+ * use the cmd_name and cmd_optional. */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional);
+
+/* This function passes a command-name and argument to an ENGINE. The cmd_name
+ * is converted to a command number and the control command is called using
+ * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
+ * which case no control command is called). The command is checked for input
+ * flags, and if necessary the argument will be converted to a numeric value. If
+ * cmd_optional is non-zero, then if the ENGINE doesn't support the given
+ * cmd_name the return value will be success anyway. This function is intended
+ * for applications to use so that users (or config files) can supply
+ * engine-specific config data to the ENGINE at run-time to control behaviour of
+ * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
+ * functions that return data, deal with binary data, or that are otherwise
+ * supposed to be used directly through ENGINE_ctrl() in application code. Any
+ * "return" data from an ENGINE_ctrl() operation in this function will be lost -
+ * the return value is interpreted as failure if the return value is zero,
+ * success otherwise, and this function returns a boolean value as a result. In
+ * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
+ * implementations with parameterisations that work in this scheme, so that
+ * compliant ENGINE-based applications can work consistently with the same
+ * configuration for the same ENGINE-enabled devices, across applications. */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+				int cmd_optional);
+
+/* These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an ENGINE
+ * structure with personalised implementations of things prior to using it
+ * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
+ * here so that the ENGINE structure doesn't have to be exposed and break binary
+ * compatibility! */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions (and the "get" function lower down) allow control over any
+ * per-structure ENGINE data. */
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+
+/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
+ * automatically ensures the list cleanup function is registered to be called
+ * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
+ * ENGINE_cleanup() will clean up after them. */
+void ENGINE_cleanup(void);
+
+/* These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic! */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/* These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid". */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00010100
+/* Binary versions older than this are too old for us (whether we're a loader or
+ * a loadee) */
+#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00010100
+
+/* When compiling an ENGINE entirely as an external shared library, loadable by
+ * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
+ * type provides the calling application's (or library's) error functionality
+ * and memory management function pointers to the loaded library. These should
+ * be used/set in the loaded library code so that the loading application's
+ * 'state' will be used/changed in all operations. */
+typedef void *(*dyn_MEM_malloc_cb)(size_t);
+typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
+typedef void (*dyn_MEM_free_cb)(void *);
+typedef struct st_dynamic_MEM_fns {
+	dyn_MEM_malloc_cb			malloc_cb;
+	dyn_MEM_realloc_cb			realloc_cb;
+	dyn_MEM_free_cb				free_cb;
+	} dynamic_MEM_fns;
+/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
+ * these types so we (and any other dependant code) can simplify a bit?? */
+typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
+typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
+						const char *,int);
+typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
+						const char *,int);
+typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
+						const char *,int);
+typedef struct st_dynamic_LOCK_fns {
+	dyn_lock_locking_cb			lock_locking_cb;
+	dyn_lock_add_lock_cb			lock_add_lock_cb;
+	dyn_dynlock_create_cb			dynlock_create_cb;
+	dyn_dynlock_lock_cb			dynlock_lock_cb;
+	dyn_dynlock_destroy_cb			dynlock_destroy_cb;
+	} dynamic_LOCK_fns;
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+	const ERR_FNS				*err_fns;
+	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;
+	dynamic_MEM_fns				mem_fns;
+	dynamic_LOCK_fns			lock_fns;
+	} dynamic_fns;
+
+/* The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
+ * If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's version
+ * is unsatisfactory and could veto the load. The function is expected to
+ * be implemented with the symbol name "v_check", and a default implementation
+ * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
+typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
+#define IMPLEMENT_DYNAMIC_CHECK_FN() \
+	unsigned long v_check(unsigned long v) { \
+		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+		return 0; }
+
+/* This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load will
+ * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
+ * structure, and (c) the shared library will be unloaded. So implementations
+ * should do their own internal cleanup in failure circumstances otherwise they
+ * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
+ * the loader is looking for. If this is NULL, the shared library can choose to
+ * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
+ * library must initialise only an ENGINE matching the passed 'id'. The function
+ * is expected to be implemented with the symbol name "bind_engine". A standard
+ * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
+ * the parameter 'fn' is a callback function that populates the ENGINE structure
+ * and returns an int value (zero for failure). 'fn' should have prototype;
+ *    [static] int fn(ENGINE *e, const char *id); */
+typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+				const dynamic_fns *fns);
+#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+			return 0; \
+		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+			return 0; \
+		if(!ERR_set_implementation(fns->err_fns)) return 0; \
+		if(!fn(e,id)) return 0; \
+		return 1; }
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ENGINE_strings(void);
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_DYNAMIC_CTRL				 180
+#define ENGINE_F_DYNAMIC_GET_DATA_CTX			 181
+#define ENGINE_F_DYNAMIC_LOAD				 182
+#define ENGINE_F_ENGINE_ADD				 105
+#define ENGINE_F_ENGINE_BY_ID				 106
+#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE		 170
+#define ENGINE_F_ENGINE_CTRL				 142
+#define ENGINE_F_ENGINE_CTRL_CMD			 178
+#define ENGINE_F_ENGINE_CTRL_CMD_STRING			 171
+#define ENGINE_F_ENGINE_FINISH				 107
+#define ENGINE_F_ENGINE_FREE				 108
+#define ENGINE_F_ENGINE_GET_CIPHER			 185
+#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE		 177
+#define ENGINE_F_ENGINE_GET_DIGEST			 186
+#define ENGINE_F_ENGINE_GET_NEXT			 115
+#define ENGINE_F_ENGINE_GET_PREV			 116
+#define ENGINE_F_ENGINE_INIT				 119
+#define ENGINE_F_ENGINE_LIST_ADD			 120
+#define ENGINE_F_ENGINE_LIST_REMOVE			 121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151
+#define ENGINE_F_ENGINE_MODULE_INIT			 187
+#define ENGINE_F_ENGINE_NEW				 122
+#define ENGINE_F_ENGINE_REMOVE				 123
+#define ENGINE_F_ENGINE_SET_DEFAULT_STRING		 189
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126
+#define ENGINE_F_ENGINE_SET_ID				 129
+#define ENGINE_F_ENGINE_SET_NAME			 130
+#define ENGINE_F_ENGINE_TABLE_REGISTER			 184
+#define ENGINE_F_ENGINE_UNLOAD_KEY			 152
+#define ENGINE_F_ENGINE_UP_REF				 190
+#define ENGINE_F_INT_CTRL_HELPER			 172
+#define ENGINE_F_INT_ENGINE_CONFIGURE			 188
+#define ENGINE_F_LOG_MESSAGE				 141
+#define ENGINE_F_SET_DATA_CTX				 183
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED				 100
+#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER		 133
+#define ENGINE_R_CMD_NOT_EXECUTABLE			 134
+#define ENGINE_R_COMMAND_TAKES_INPUT			 135
+#define ENGINE_R_COMMAND_TAKES_NO_INPUT			 136
+#define ENGINE_R_CONFLICTING_ENGINE_ID			 103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
+#define ENGINE_R_DH_NOT_IMPLEMENTED			 139
+#define ENGINE_R_DSA_NOT_IMPLEMENTED			 140
+#define ENGINE_R_DSO_FAILURE				 104
+#define ENGINE_R_DSO_NOT_FOUND				 132
+#define ENGINE_R_ENGINES_SECTION_ERROR			 148
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
+#define ENGINE_R_ENGINE_SECTION_ERROR			 149
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
+#define ENGINE_R_FINISH_FAILED				 106
+#define ENGINE_R_GET_HANDLE_FAILED			 107
+#define ENGINE_R_ID_OR_NAME_MISSING			 108
+#define ENGINE_R_INIT_FAILED				 109
+#define ENGINE_R_INTERNAL_LIST_ERROR			 110
+#define ENGINE_R_INVALID_ARGUMENT			 143
+#define ENGINE_R_INVALID_CMD_NAME			 137
+#define ENGINE_R_INVALID_CMD_NUMBER			 138
+#define ENGINE_R_INVALID_INIT_VALUE			 151
+#define ENGINE_R_INVALID_STRING				 150
+#define ENGINE_R_NOT_INITIALISED			 117
+#define ENGINE_R_NOT_LOADED				 112
+#define ENGINE_R_NO_CONTROL_FUNCTION			 120
+#define ENGINE_R_NO_INDEX				 144
+#define ENGINE_R_NO_LOAD_FUNCTION			 125
+#define ENGINE_R_NO_REFERENCE				 130
+#define ENGINE_R_NO_SUCH_ENGINE				 116
+#define ENGINE_R_NO_UNLOAD_FUNCTION			 126
+#define ENGINE_R_PROVIDE_PARAMETERS			 113
+#define ENGINE_R_RSA_NOT_IMPLEMENTED			 141
+#define ENGINE_R_UNIMPLEMENTED_CIPHER			 146
+#define ENGINE_R_UNIMPLEMENTED_DIGEST			 147
+#define ENGINE_R_VERSION_INCOMPATIBILITY		 145
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/enginetest.c b/crypto/openssl/crypto/engine/enginetest.c
new file mode 100644
index 0000000..87fa8c5
--- /dev/null
+++ b/crypto/openssl/crypto/engine/enginetest.c
@@ -0,0 +1,274 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+	{
+	ENGINE *h;
+	int loop;
+
+	h = ENGINE_get_first();
+	loop = 0;
+	printf("listing available engine types\n");
+	while(h)
+		{
+		printf("engine %i, id = \"%s\", name = \"%s\"\n",
+			loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+		h = ENGINE_get_next(h);
+		}
+	printf("end of list\n");
+	/* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+	ENGINE_free(h);
+	}
+
+int main(int argc, char *argv[])
+	{
+	ENGINE *block[512];
+	char buf[256];
+	const char *id, *name;
+	ENGINE *ptr;
+	int loop;
+	int to_return = 1;
+	ENGINE *new_h1 = NULL;
+	ENGINE *new_h2 = NULL;
+	ENGINE *new_h3 = NULL;
+	ENGINE *new_h4 = NULL;
+
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+	ERR_load_crypto_strings();
+
+	memset(block, 0, 512 * sizeof(ENGINE *));
+	if(((new_h1 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h1, "test_id0") ||
+			!ENGINE_set_name(new_h1, "First test item") ||
+			((new_h2 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h2, "test_id1") ||
+			!ENGINE_set_name(new_h2, "Second test item") ||
+			((new_h3 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h3, "test_id2") ||
+			!ENGINE_set_name(new_h3, "Third test item") ||
+			((new_h4 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h4, "test_id3") ||
+			!ENGINE_set_name(new_h4, "Fourth test item"))
+		{
+		printf("Couldn't set up test ENGINE structures\n");
+		goto end;
+		}
+	printf("\nenginetest beginning\n\n");
+	display_engine_list();
+	if(!ENGINE_add(new_h1))
+		{
+		printf("Add failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	ptr = ENGINE_get_first();
+	if(!ENGINE_remove(ptr))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	if (ptr)
+		ENGINE_free(ptr);
+	display_engine_list();
+	if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+		{
+		printf("Add failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(!ENGINE_remove(new_h2))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(!ENGINE_add(new_h4))
+		{
+		printf("Add failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(ENGINE_add(new_h3))
+		{
+		printf("Add *should* have failed but didn't!\n");
+		goto end;
+		}
+	else
+		printf("Add that should fail did.\n");
+	ERR_clear_error();
+	if(ENGINE_remove(new_h2))
+		{
+		printf("Remove *should* have failed but didn't!\n");
+		goto end;
+		}
+	else
+		printf("Remove that should fail did.\n");
+	ERR_clear_error();
+	if(!ENGINE_remove(new_h3))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(!ENGINE_remove(new_h4))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	/* Depending on whether there's any hardware support compiled
+	 * in, this remove may be destined to fail. */
+	ptr = ENGINE_get_first();
+	if(ptr)
+		if(!ENGINE_remove(ptr))
+			printf("Remove failed!i - probably no hardware "
+				"support present.\n");
+	if (ptr)
+		ENGINE_free(ptr);
+	display_engine_list();
+	if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+		{
+		printf("Couldn't add and remove to an empty list!\n");
+		goto end;
+		}
+	else
+		printf("Successfully added and removed to an empty list!\n");
+	printf("About to beef up the engine-type list\n");
+	for(loop = 0; loop < 512; loop++)
+		{
+		sprintf(buf, "id%i", loop);
+		id = BUF_strdup(buf);
+		sprintf(buf, "Fake engine type %i", loop);
+		name = BUF_strdup(buf);
+		if(((block[loop] = ENGINE_new()) == NULL) ||
+				!ENGINE_set_id(block[loop], id) ||
+				!ENGINE_set_name(block[loop], name))
+			{
+			printf("Couldn't create block of ENGINE structures.\n"
+				"I'll probably also core-dump now, damn.\n");
+			goto end;
+			}
+		}
+	for(loop = 0; loop < 512; loop++)
+		{
+		if(!ENGINE_add(block[loop]))
+			{
+			printf("\nAdding stopped at %i, (%s,%s)\n",
+				loop, ENGINE_get_id(block[loop]),
+				ENGINE_get_name(block[loop]));
+			goto cleanup_loop;
+			}
+		else
+			printf("."); fflush(stdout);
+		}
+cleanup_loop:
+	printf("\nAbout to empty the engine-type list\n");
+	while((ptr = ENGINE_get_first()) != NULL)
+		{
+		if(!ENGINE_remove(ptr))
+			{
+			printf("\nRemove failed!\n");
+			goto end;
+			}
+		ENGINE_free(ptr);
+		printf("."); fflush(stdout);
+		}
+	for(loop = 0; loop < 512; loop++)
+		{
+		OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+		OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+		}
+	printf("\nTests completed happily\n");
+	to_return = 0;
+end:
+	if(to_return)
+		ERR_print_errors_fp(stderr);
+	if(new_h1) ENGINE_free(new_h1);
+	if(new_h2) ENGINE_free(new_h2);
+	if(new_h3) ENGINE_free(new_h3);
+	if(new_h4) ENGINE_free(new_h4);
+	for(loop = 0; loop < 512; loop++)
+		if(block[loop])
+			ENGINE_free(block[loop]);
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+	ERR_free_strings();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	return to_return;
+	}
diff --git a/crypto/openssl/crypto/engine/hw.ec b/crypto/openssl/crypto/engine/hw.ec
new file mode 100644
index 0000000..5481a43
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw.ec
@@ -0,0 +1,8 @@
+L AEPHK		hw_aep_err.h			hw_aep_err.c
+L ATALLA	hw_atalla_err.h			hw_atalla_err.c
+L CSWIFT	hw_cswift_err.h			hw_cswift_err.c
+L HWCRHK	hw_ncipher_err.h		hw_ncipher_err.c
+L NURON		hw_nuron_err.h			hw_nuron_err.c
+L SUREWARE	hw_sureware_err.h		hw_sureware_err.c
+L UBSEC		hw_ubsec_err.h			hw_ubsec_err.c
+L CCA4758	hw_4758_cca_err.h		hw_4758_cca_err.c
diff --git a/crypto/openssl/crypto/engine/hw_4758_cca.c b/crypto/openssl/crypto/engine/hw_4758_cca.c
new file mode 100644
index 0000000..4f5ae8a
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_4758_cca.c
@@ -0,0 +1,969 @@
+/* Author: Maurice Gittens <maurice@gittens.nl>                       */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+/* #include <openssl/pem.h> */
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_4758_CCA
+
+#ifdef FLAT_INC
+#include "hw_4758_cca.h"
+#else
+#include "vendor_defns/hw_4758_cca.h"
+#endif
+
+#include "hw_4758_cca_err.c"
+
+static int ibm_4758_cca_destroy(ENGINE *e);
+static int ibm_4758_cca_init(ENGINE *e);
+static int ibm_4758_cca_finish(ENGINE *e);
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* rsa functions */
+/*---------------*/
+#ifndef OPENSSL_NO_RSA
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+
+/* utility functions */
+/*-----------------------*/
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
+		UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
+		UI_METHOD *ui_method, void *callback_data);
+
+static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
+		unsigned char *exponent, long *modulusLength,
+		long *modulusFieldLength, unsigned char *modulus);
+#endif
+
+/* RAND number functions */
+/*-----------------------*/
+static int cca_get_random_bytes(unsigned char*, int );
+static int cca_random_status(void);
+
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+		int idx,long argl, void *argp);
+
+/* Function pointers for CCA verbs */
+/*---------------------------------*/
+#ifndef OPENSSL_NO_RSA
+static F_KEYRECORDREAD keyRecordRead;
+static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
+static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
+static F_PUBLICKEYEXTRACT publicKeyExtract;
+static F_PKAENCRYPT pkaEncrypt;
+static F_PKADECRYPT pkaDecrypt;
+#endif
+static F_RANDOMNUMBERGENERATE randomNumberGenerate;
+
+/* static variables */
+/*------------------*/
+static const char *CCA4758_LIB_NAME = NULL;
+static const char *get_CCA4758_LIB_NAME(void)
+	{
+	if(CCA4758_LIB_NAME)
+		return CCA4758_LIB_NAME;
+	return CCA_LIB_NAME;
+	}
+static void free_CCA4758_LIB_NAME(void)
+	{
+	if(CCA4758_LIB_NAME)
+		OPENSSL_free((void*)CCA4758_LIB_NAME);
+	CCA4758_LIB_NAME = NULL;
+	}
+static long set_CCA4758_LIB_NAME(const char *name)
+	{
+	free_CCA4758_LIB_NAME();
+	return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+#ifndef OPENSSL_NO_RSA
+static const char* n_keyRecordRead = CSNDKRR;
+static const char* n_digitalSignatureGenerate = CSNDDSG;
+static const char* n_digitalSignatureVerify = CSNDDSV;
+static const char* n_publicKeyExtract = CSNDPKX;
+static const char* n_pkaEncrypt = CSNDPKE;
+static const char* n_pkaDecrypt = CSNDPKD;
+#endif
+static const char* n_randomNumberGenerate = CSNBRNG;
+
+static int hndidx = -1;
+static DSO *dso = NULL;
+
+/* openssl engine initialization structures */
+/*------------------------------------------*/
+
+#define CCA4758_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN	cca4758_cmd_defns[] = {
+	{CCA4758_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the '4758cca' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD ibm_4758_cca_rsa =
+	{
+	"IBM 4758 CCA RSA method",
+	cca_rsa_pub_enc,
+	NULL,
+	NULL,
+	cca_rsa_priv_dec,
+	NULL, /*rsa_mod_exp,*/
+	NULL, /*mod_exp_mont,*/
+	NULL, /* init */
+	NULL, /* finish */
+	RSA_FLAG_SIGN_VER,	  /* flags */
+	NULL, /* app_data */
+	cca_rsa_sign, /* rsa_sign */
+	cca_rsa_verify  /* rsa_verify */
+	};
+#endif
+
+static RAND_METHOD ibm_4758_cca_rand =
+	{
+	/* "IBM 4758 RAND method", */
+	NULL, /* seed */
+	cca_get_random_bytes, /* get random bytes from the card */
+	NULL, /* cleanup */
+	NULL, /* add */
+	cca_get_random_bytes, /* pseudo rand */
+	cca_random_status, /* status */
+	};
+
+static const char *engine_4758_cca_id = "4758cca";
+static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
+
+/* engine implementation */
+/*-----------------------*/
+static int bind_helper(ENGINE *e)
+	{
+	if(!ENGINE_set_id(e, engine_4758_cca_id) ||
+			!ENGINE_set_name(e, engine_4758_cca_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
+#endif
+			!ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
+			!ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
+			!ENGINE_set_init_function(e, ibm_4758_cca_init) ||
+			!ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
+			!ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+			!ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
+			!ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+			!ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
+		return 0;
+	/* Ensure the error handling is set up */
+	ERR_load_CCA4758_strings();
+	return 1;
+	}
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_4758_cca(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_4758cca(void)
+	{
+	ENGINE *e_4758 = engine_4758_cca();
+	if (!e_4758) return;
+	ENGINE_add(e_4758);
+	ENGINE_free(e_4758);
+	ERR_clear_error();   
+	}
+#endif
+
+static int ibm_4758_cca_destroy(ENGINE *e)
+	{
+	ERR_unload_CCA4758_strings();
+	free_CCA4758_LIB_NAME();
+	return 1;
+	}
+
+static int ibm_4758_cca_init(ENGINE *e)
+	{
+	if(dso)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
+		goto err;
+		}
+
+	dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
+	if(!dso)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+		goto err;
+		}
+
+#ifndef OPENSSL_NO_RSA
+	if(!(keyRecordRead = (F_KEYRECORDREAD)
+				DSO_bind_func(dso, n_keyRecordRead)) ||
+			!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+				DSO_bind_func(dso, n_randomNumberGenerate)) ||
+			!(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
+				DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
+			!(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
+				DSO_bind_func(dso, n_digitalSignatureVerify)) ||
+			!(publicKeyExtract = (F_PUBLICKEYEXTRACT)
+				DSO_bind_func(dso, n_publicKeyExtract)) ||
+			!(pkaEncrypt = (F_PKAENCRYPT)
+				DSO_bind_func(dso, n_pkaEncrypt)) ||
+			!(pkaDecrypt = (F_PKADECRYPT)
+				DSO_bind_func(dso, n_pkaDecrypt)))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+		goto err;
+		}
+#else
+	if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+				DSO_bind_func(dso, n_randomNumberGenerate)))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+		goto err;
+		}
+#endif
+
+	hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
+		NULL, NULL, cca_ex_free);
+
+	return 1;
+err:
+	if(dso)
+		DSO_free(dso);
+	dso = NULL;
+
+	keyRecordRead = (F_KEYRECORDREAD)0;
+	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+	digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+	digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+	publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+	pkaEncrypt = (F_PKAENCRYPT)0;
+	pkaDecrypt = (F_PKADECRYPT)0;
+	return 0;
+	}
+
+static int ibm_4758_cca_finish(ENGINE *e)
+	{
+	free_CCA4758_LIB_NAME();
+	if(!dso)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+				CCA4758_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(dso))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+				CCA4758_R_UNIT_FAILURE);
+		return 0;
+		}
+	dso = NULL;
+	keyRecordRead = (F_KEYRECORDREAD)0;
+	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+	digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+	digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+	publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+	pkaEncrypt = (F_PKAENCRYPT)0;
+	pkaDecrypt = (F_PKADECRYPT)0;
+	return 1;
+	}
+
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case CCA4758_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+					ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+					CCA4758_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_CCA4758_LIB_NAME((const char *)p);
+	default:
+		break;
+		}
+	CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+			CCA4758_R_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+#ifndef OPENSSL_NO_RSA
+
+#define MAX_CCA_PKA_TOKEN_SIZE 2500
+
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
+			UI_METHOD *ui_method, void *callback_data)
+	{
+	RSA *rtmp = NULL;
+	EVP_PKEY *res = NULL;
+	unsigned char* keyToken = NULL;
+	unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
+	long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+	long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+	long returnCode;
+	long reasonCode;
+	long exitDataLength = 0;
+	long ruleArrayLength = 0;
+	unsigned char exitData[8];
+	unsigned char ruleArray[8];
+	unsigned char keyLabel[64];
+	long keyLabelLength = strlen(key_id);
+	unsigned char modulus[256];
+	long modulusFieldLength = sizeof(modulus);
+	long modulusLength = 0;
+	unsigned char exponent[256];
+	long exponentLength = sizeof(exponent);
+
+	if (keyLabelLength > sizeof(keyLabel))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+		CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return NULL;
+		}
+
+	memset(keyLabel,' ', sizeof(keyLabel));
+	memcpy(keyLabel, key_id, keyLabelLength);
+
+	keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+	if (!keyToken)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+				ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, keyLabel,
+		&keyTokenLength, keyToken+sizeof(long));
+
+	if (returnCode)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+		}
+
+	publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+		keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
+
+	if (returnCode)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+		}
+
+	if (!getModulusAndExponent(pubKeyToken, &exponentLength,
+			exponent, &modulusLength, &modulusFieldLength,
+			modulus))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+		}
+
+	(*(long*)keyToken) = keyTokenLength;
+	rtmp = RSA_new_method(e);
+	RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+
+	rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+	rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+	rtmp->flags |= RSA_FLAG_EXT_PKEY;
+
+	res = EVP_PKEY_new();
+	EVP_PKEY_assign_RSA(res, rtmp);
+
+	return res;
+err:
+	if (keyToken)
+		OPENSSL_free(keyToken);
+	if (res)
+		EVP_PKEY_free(res);
+	if (rtmp)
+		RSA_free(rtmp);
+	return NULL;
+	}
+
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
+			UI_METHOD *ui_method, void *callback_data)
+	{
+	RSA *rtmp = NULL;
+	EVP_PKEY *res = NULL;
+	unsigned char* keyToken = NULL;
+	long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+	long returnCode;
+	long reasonCode;
+	long exitDataLength = 0;
+	long ruleArrayLength = 0;
+	unsigned char exitData[8];
+	unsigned char ruleArray[8];
+	unsigned char keyLabel[64];
+	long keyLabelLength = strlen(key_id);
+	unsigned char modulus[512];
+	long modulusFieldLength = sizeof(modulus);
+	long modulusLength = 0;
+	unsigned char exponent[512];
+	long exponentLength = sizeof(exponent);
+
+	if (keyLabelLength > sizeof(keyLabel))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return NULL;
+		}
+
+	memset(keyLabel,' ', sizeof(keyLabel));
+	memcpy(keyLabel, key_id, keyLabelLength);
+
+	keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+	if (!keyToken)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,
+				ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
+		&ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
+		keyToken+sizeof(long));
+
+	if (returnCode)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+				ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
+			exponent, &modulusLength, &modulusFieldLength, modulus))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
+		goto err;
+		}
+
+	(*(long*)keyToken) = keyTokenLength;
+	rtmp = RSA_new_method(e);
+	RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+	rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+	rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+	rtmp->flags |= RSA_FLAG_EXT_PKEY;
+	res = EVP_PKEY_new();
+	EVP_PKEY_assign_RSA(res, rtmp);
+
+	return res;
+err:
+	if (keyToken)
+		OPENSSL_free(keyToken);
+	if (res)
+		EVP_PKEY_free(res);
+	if (rtmp)
+		RSA_free(rtmp);
+	return NULL;
+	}
+
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+			unsigned char *to, RSA *rsa,int padding)
+	{
+	long returnCode;
+	long reasonCode;
+	long lflen = flen;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.2";
+	long dataStructureLength = 0;
+	unsigned char dataStructure[8];
+	long outputLength = RSA_size(rsa);
+	long keyTokenLength;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+		&ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+		&dataStructureLength, dataStructure, &keyTokenLength,
+		keyToken, &outputLength, to);
+
+	if (returnCode || reasonCode)
+		return -(returnCode << 16 | reasonCode);
+	return outputLength;
+	}
+
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+			unsigned char *to, RSA *rsa,int padding)
+	{
+	long returnCode;
+	long reasonCode;
+	long lflen = flen;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.2";
+	long dataStructureLength = 0;
+	unsigned char dataStructure[8];
+	long outputLength = RSA_size(rsa);
+	long keyTokenLength;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+		&ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+		&dataStructureLength, dataStructure, &keyTokenLength,
+		keyToken, &outputLength, to);
+
+	return (returnCode | reasonCode) ? 0 : 1;
+	}
+
+#define SSL_SIG_LEN 36
+
+static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+	{
+	long returnCode;
+	long reasonCode;
+	long lsiglen = siglen;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.1";
+	long keyTokenLength;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+	long length = SSL_SIG_LEN;
+	long keyLength ;
+	unsigned char *hashBuffer = NULL;
+	X509_SIG sig;
+	ASN1_TYPE parameter;
+	X509_ALGOR algorithm;
+	ASN1_OCTET_STRING digest;
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	if (type == NID_md5 || type == NID_sha1)
+		{
+		sig.algor = &algorithm;
+		algorithm.algorithm = OBJ_nid2obj(type);
+
+		if (!algorithm.algorithm)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+				CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+			}
+
+		if (!algorithm.algorithm->length)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+				CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+			return 0;
+			}
+
+		parameter.type = V_ASN1_NULL;
+		parameter.value.ptr = NULL;
+		algorithm.parameter = &parameter;
+
+		sig.digest = &digest;
+		sig.digest->data = (unsigned char*)m;
+		sig.digest->length = m_len;
+
+		length = i2d_X509_SIG(&sig, NULL);
+		}
+
+	keyLength = RSA_size(rsa);
+
+	if (length - RSA_PKCS1_PADDING > keyLength)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return 0;
+		}
+
+	switch (type)
+		{
+		case NID_md5_sha1 :
+			if (m_len != SSL_SIG_LEN)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+				CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+				return 0;
+				}
+
+			hashBuffer = (unsigned char *)m;
+			length = m_len;
+			break;
+		case NID_md5 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		case NID_sha1 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		default:
+			return 0;
+		}
+
+	digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+		keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+
+	if (type == NID_sha1 || type == NID_md5)
+		{
+		OPENSSL_cleanse(hashBuffer, keyLength+1);
+		OPENSSL_free(hashBuffer);
+		}
+
+	return ((returnCode || reasonCode) ? 0 : 1);
+	}
+
+#define SSL_SIG_LEN 36
+
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+	{
+	long returnCode;
+	long reasonCode;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.1";
+	long outputLength=256;
+	long outputBitLength;
+	long keyTokenLength;
+	unsigned char *hashBuffer = NULL;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+	long length = SSL_SIG_LEN;
+	long keyLength ;
+	X509_SIG sig;
+	ASN1_TYPE parameter;
+	X509_ALGOR algorithm;
+	ASN1_OCTET_STRING digest;
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	if (type == NID_md5 || type == NID_sha1)
+		{
+		sig.algor = &algorithm;
+		algorithm.algorithm = OBJ_nid2obj(type);
+
+		if (!algorithm.algorithm)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+				CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+			}
+
+		if (!algorithm.algorithm->length)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+				CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+			return 0;
+			}
+
+		parameter.type = V_ASN1_NULL;
+		parameter.value.ptr = NULL;
+		algorithm.parameter = &parameter;
+
+		sig.digest = &digest;
+		sig.digest->data = (unsigned char*)m;
+		sig.digest->length = m_len;
+
+		length = i2d_X509_SIG(&sig, NULL);
+		}
+
+	keyLength = RSA_size(rsa);
+
+	if (length - RSA_PKCS1_PADDING > keyLength)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return 0;
+		}
+
+	switch (type)
+		{
+		case NID_md5_sha1 :
+			if (m_len != SSL_SIG_LEN)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+				CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+				return 0;
+				}
+			hashBuffer = (unsigned char*)m;
+			length = m_len;
+			break;
+		case NID_md5 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		case NID_sha1 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		default:
+			return 0;
+		}
+
+	digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+		keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
+		sigret);
+
+	if (type == NID_sha1 || type == NID_md5)
+		{
+		OPENSSL_cleanse(hashBuffer, keyLength+1);
+		OPENSSL_free(hashBuffer);
+		}
+
+	*siglen = outputLength;
+
+	return ((returnCode || reasonCode) ? 0 : 1);
+	}
+
+static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
+		unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
+		unsigned char *modulus)
+	{
+	unsigned long len;
+
+	if (*token++ != (char)0x1E) /* internal PKA token? */
+		return 0;
+
+	if (*token++) /* token version must be zero */
+		return 0;
+
+	len = *token++;
+	len = len << 8;
+	len |= (unsigned char)*token++;
+
+	token += 4; /* skip reserved bytes */
+
+	if (*token++ == (char)0x04)
+		{
+		if (*token++) /* token version must be zero */
+			return 0;
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		token+=2; /* skip reserved section */
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		*exponentLength = len;
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		*modulusLength = len;
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		*modulusFieldLength = len;
+
+		memcpy(exponent, token, *exponentLength);
+		token+= *exponentLength;
+
+		memcpy(modulus, token, *modulusFieldLength);
+		return 1;
+		}
+	return 0;
+	}
+
+#endif /* OPENSSL_NO_RSA */
+
+static int cca_random_status(void)
+	{
+	return 1;
+	}
+
+static int cca_get_random_bytes(unsigned char* buf, int num)
+	{
+	long ret_code;
+	long reason_code;
+	long exit_data_length;
+	unsigned char exit_data[4];
+	unsigned char form[] = "RANDOM  ";
+	unsigned char rand_buf[8];
+
+	while(num >= sizeof(rand_buf))
+		{
+		randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
+			exit_data, form, rand_buf);
+		if (ret_code)
+			return 0;
+		num -= sizeof(rand_buf);
+		memcpy(buf, rand_buf, sizeof(rand_buf));
+		buf += sizeof(rand_buf);
+		}
+
+	if (num)
+		{
+		randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
+			form, rand_buf);
+		if (ret_code)
+			return 0;
+		memcpy(buf, rand_buf, num);
+		}
+
+	return 1;
+	}
+
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
+		long argl, void *argp)
+	{
+	if (item)
+		OPENSSL_free(item);
+	}
+
+/* Goo to handle building as a dynamic engine */
+#ifdef ENGINE_DYNAMIC_SUPPORT 
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_4758_cca_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_4758_CCA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_4758_cca_err.c b/crypto/openssl/crypto/engine/hw_4758_cca_err.c
new file mode 100644
index 0000000..7ea5c63
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_4758_cca_err.c
@@ -0,0 +1,149 @@
+/* hw_4758_cca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_4758_cca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CCA4758_str_functs[]=
+	{
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0),	"IBM_4758_CCA_CTRL"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0),	"IBM_4758_CCA_FINISH"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0),	"IBM_4758_CCA_INIT"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0),	"IBM_4758_CCA_LOAD_PRIVKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0),	"IBM_4758_CCA_LOAD_PUBKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0),	"IBM_4758_CCA_SIGN"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0),	"IBM_4758_CCA_VERIFY"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CCA4758_str_reasons[]=
+	{
+{CCA4758_R_ALREADY_LOADED                ,"already loaded"},
+{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD       ,"asn1 oid unknown for md"},
+{CCA4758_R_COMMAND_NOT_IMPLEMENTED       ,"command not implemented"},
+{CCA4758_R_DSO_FAILURE                   ,"dso failure"},
+{CCA4758_R_FAILED_LOADING_PRIVATE_KEY    ,"failed loading private key"},
+{CCA4758_R_FAILED_LOADING_PUBLIC_KEY     ,"failed loading public key"},
+{CCA4758_R_NOT_LOADED                    ,"not loaded"},
+{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL   ,"size too large or too small"},
+{CCA4758_R_UNIT_FAILURE                  ,"unit failure"},
+{CCA4758_R_UNKNOWN_ALGORITHM_TYPE        ,"unknown algorithm type"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef CCA4758_LIB_NAME
+static ERR_STRING_DATA CCA4758_lib_name[]=
+        {
+{0	,CCA4758_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int CCA4758_lib_error_code=0;
+static int CCA4758_error_init=1;
+
+static void ERR_load_CCA4758_strings(void)
+	{
+	if (CCA4758_lib_error_code == 0)
+		CCA4758_lib_error_code=ERR_get_next_error_library();
+
+	if (CCA4758_error_init)
+		{
+		CCA4758_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+		ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+		CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
+		ERR_load_strings(0,CCA4758_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_CCA4758_strings(void)
+	{
+	if (CCA4758_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+		ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+		ERR_unload_strings(0,CCA4758_lib_name);
+#endif
+		CCA4758_error_init=1;
+		}
+	}
+
+static void ERR_CCA4758_error(int function, int reason, char *file, int line)
+	{
+	if (CCA4758_lib_error_code == 0)
+		CCA4758_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_4758_cca_err.h b/crypto/openssl/crypto/engine/hw_4758_cca_err.h
new file mode 100644
index 0000000..2fc563a
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_4758_cca_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CCA4758_ERR_H
+#define HEADER_CCA4758_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CCA4758_strings(void);
+static void ERR_unload_CCA4758_strings(void);
+static void ERR_CCA4758_error(int function, int reason, char *file, int line);
+#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CCA4758 functions. */
+
+/* Function codes. */
+#define CCA4758_F_IBM_4758_CCA_CTRL			 100
+#define CCA4758_F_IBM_4758_CCA_FINISH			 101
+#define CCA4758_F_IBM_4758_CCA_INIT			 102
+#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY		 103
+#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY		 104
+#define CCA4758_F_IBM_4758_CCA_SIGN			 105
+#define CCA4758_F_IBM_4758_CCA_VERIFY			 106
+
+/* Reason codes. */
+#define CCA4758_R_ALREADY_LOADED			 100
+#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD		 101
+#define CCA4758_R_COMMAND_NOT_IMPLEMENTED		 102
+#define CCA4758_R_DSO_FAILURE				 103
+#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY		 104
+#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY		 105
+#define CCA4758_R_NOT_LOADED				 106
+#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107
+#define CCA4758_R_UNIT_FAILURE				 108
+#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE		 109
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_aep.c b/crypto/openssl/crypto/engine/hw_aep.c
new file mode 100644
index 0000000..8b8380a
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_aep.c
@@ -0,0 +1,1119 @@
+/* crypto/engine/hw_aep.c */
+/*
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+#include <sys/types.h>
+#include <unistd.h>
+#else
+#include <process.h>
+typedef int pid_t;
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/buffer.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_AEP
+#ifdef FLAT_INC
+#include "aep.h"
+#else
+#include "vendor_defns/aep.h"
+#endif
+
+#define AEP_LIB_NAME "aep engine"
+#define FAIL_TO_SW 0x10101010
+
+#include "hw_aep_err.c"
+
+static int aep_init(ENGINE *e);
+static int aep_finish(ENGINE *e);
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int aep_destroy(ENGINE *e);
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
+
+/* BIGNUM stuff */
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx);
+
+static AEP_RV aep_mod_exp_crt(BIGNUM *r,const  BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
+	const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+	BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+	BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+	BN_MONT_CTX *m_ctx);
+#endif
+
+/* DH stuff */
+/* This function is aliased to mod_exp (with the DH and mont dropped). */
+#ifndef OPENSSL_NO_DH
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* rand stuff   */
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int num);
+static int aep_rand_status(void);
+#endif
+
+/* Bignum conversion stuff */
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum);
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum);
+
+/* The definitions for control commands specific to this engine */
+#define AEP_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN aep_cmd_defns[] =
+	{
+	{ AEP_CMD_SO_PATH,
+	  "SO_PATH",
+	  "Specifies the path to the 'aep' shared library",
+	  ENGINE_CMD_FLAG_STRING
+	},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD aep_rsa =
+	{
+	"Aep RSA method",
+	NULL,                /*rsa_pub_encrypt*/
+	NULL,                /*rsa_pub_decrypt*/
+	NULL,                /*rsa_priv_encrypt*/
+	NULL,                /*rsa_priv_encrypt*/
+	aep_rsa_mod_exp,     /*rsa_mod_exp*/
+	aep_mod_exp_mont,    /*bn_mod_exp*/
+	NULL,                /*init*/
+	NULL,                /*finish*/
+	0,                   /*flags*/
+	NULL,                /*app_data*/
+	NULL,                /*rsa_sign*/
+	NULL                 /*rsa_verify*/
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD aep_dsa =
+	{
+	"Aep DSA method",
+	NULL,                /* dsa_do_sign */
+	NULL,                /* dsa_sign_setup */
+	NULL,                /* dsa_do_verify */
+	aep_dsa_mod_exp,     /* dsa_mod_exp */
+	aep_mod_exp_dsa,     /* bn_mod_exp */
+	NULL,                /* init */
+	NULL,                /* finish */
+	0,                   /* flags */
+	NULL                 /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD aep_dh =
+	{
+	"Aep DH method",
+	NULL,
+	NULL,
+	aep_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+#ifdef AEPRAND
+/* our internal RAND_method that we provide pointers to  */
+static RAND_METHOD aep_random =
+	{
+	/*"AEP RAND method", */
+	NULL,
+	aep_rand,
+	NULL,
+	NULL,
+	aep_rand,
+	aep_rand_status,
+	};
+#endif
+
+/*Define an array of structures to hold connections*/
+static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
+
+/*Used to determine if this is a new process*/
+static pid_t    recorded_pid = 0;
+
+#ifdef AEPRAND
+static AEP_U8   rand_block[RAND_BLK_SIZE];
+static AEP_U32  rand_block_bytes = 0;
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_aep_id = "aep";
+static const char *engine_aep_name = "Aep hardware engine support";
+
+static int max_key_len = 2176;
+
+
+/* This internal function is used by ENGINE_aep() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_aep(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD  *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD  *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD	  *meth3;
+#endif
+
+	if(!ENGINE_set_id(e, engine_aep_id) ||
+		!ENGINE_set_name(e, engine_aep_name) ||
+#ifndef OPENSSL_NO_RSA
+		!ENGINE_set_RSA(e, &aep_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+		!ENGINE_set_DSA(e, &aep_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+		!ENGINE_set_DH(e, &aep_dh) ||
+#endif
+#ifdef AEPRAND
+		!ENGINE_set_RAND(e, &aep_random) ||
+#endif
+		!ENGINE_set_init_function(e, aep_init) ||
+		!ENGINE_set_destroy_function(e, aep_destroy) ||
+		!ENGINE_set_finish_function(e, aep_finish) ||
+		!ENGINE_set_ctrl_function(e, aep_ctrl) ||
+		!ENGINE_set_cmd_defns(e, aep_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the aep-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */
+	meth1 = RSA_PKCS1_SSLeay();
+	aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2 = DSA_OpenSSL();
+	aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
+	aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+	aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;
+
+	aep_dsa = *DSA_get_default_method(); 
+	aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
+	aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	aep_dh.generate_key = meth3->generate_key;
+	aep_dh.compute_key  = meth3->compute_key;
+	aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
+#endif
+
+	/* Ensure the aep error handling is set up */
+	ERR_load_AEPHK_strings();
+
+	return 1;
+}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_aep_id) != 0))
+		return 0;
+	if(!bind_aep(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_aep(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_aep(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_aep(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_aep();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Aep library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *aep_dso = NULL;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+*/
+static const char *AEP_LIBNAME = NULL;
+static const char *get_AEP_LIBNAME(void)
+	{
+	if(AEP_LIBNAME)
+		return AEP_LIBNAME;
+	return "aep";
+	}
+static void free_AEP_LIBNAME(void)
+	{
+	if(AEP_LIBNAME)
+		OPENSSL_free((void*)AEP_LIBNAME);
+	AEP_LIBNAME = NULL;
+	}
+static long set_AEP_LIBNAME(const char *name)
+	{
+	free_AEP_LIBNAME();
+	return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
+	}
+
+static const char *AEP_F1    = "AEP_ModExp";
+static const char *AEP_F2    = "AEP_ModExpCrt";
+#ifdef AEPRAND
+static const char *AEP_F3    = "AEP_GenRandom";
+#endif
+static const char *AEP_F4    = "AEP_Finalize";
+static const char *AEP_F5    = "AEP_Initialize";
+static const char *AEP_F6    = "AEP_OpenConnection";
+static const char *AEP_F7    = "AEP_SetBNCallBacks";
+static const char *AEP_F8    = "AEP_CloseConnection";
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static t_AEP_OpenConnection    *p_AEP_OpenConnection  = NULL;
+static t_AEP_CloseConnection   *p_AEP_CloseConnection = NULL;
+static t_AEP_ModExp            *p_AEP_ModExp          = NULL;
+static t_AEP_ModExpCrt         *p_AEP_ModExpCrt       = NULL;
+#ifdef AEPRAND
+static t_AEP_GenRandom         *p_AEP_GenRandom       = NULL;
+#endif
+static t_AEP_Initialize        *p_AEP_Initialize      = NULL;
+static t_AEP_Finalize          *p_AEP_Finalize        = NULL;
+static t_AEP_SetBNCallBacks    *p_AEP_SetBNCallBacks  = NULL;
+
+/* (de)initialisation functions. */
+static int aep_init(ENGINE *e)
+	{
+	t_AEP_ModExp          *p1;
+	t_AEP_ModExpCrt       *p2;
+#ifdef AEPRAND
+	t_AEP_GenRandom       *p3;
+#endif
+	t_AEP_Finalize        *p4;
+	t_AEP_Initialize      *p5;
+	t_AEP_OpenConnection  *p6;
+	t_AEP_SetBNCallBacks  *p7;
+	t_AEP_CloseConnection *p8;
+
+	int to_return = 0;
+ 
+	if(aep_dso != NULL)
+		{
+		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libaep.so. */
+
+	aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
+  
+	if(aep_dso == NULL)
+		{
+		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	if(	!(p1 = (t_AEP_ModExp *)     DSO_bind_func( aep_dso,AEP_F1))  ||
+		!(p2 = (t_AEP_ModExpCrt*)   DSO_bind_func( aep_dso,AEP_F2))  ||
+#ifdef AEPRAND
+		!(p3 = (t_AEP_GenRandom*)   DSO_bind_func( aep_dso,AEP_F3))  ||
+#endif
+		!(p4 = (t_AEP_Finalize*)    DSO_bind_func( aep_dso,AEP_F4))  ||
+		!(p5 = (t_AEP_Initialize*)  DSO_bind_func( aep_dso,AEP_F5))  ||
+		!(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6))  ||
+		!(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7))  ||
+		!(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
+		{
+		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	/* Copy the pointers */
+  
+	p_AEP_ModExp           = p1;
+	p_AEP_ModExpCrt        = p2;
+#ifdef AEPRAND
+	p_AEP_GenRandom        = p3;
+#endif
+	p_AEP_Finalize         = p4;
+	p_AEP_Initialize       = p5;
+	p_AEP_OpenConnection   = p6;
+	p_AEP_SetBNCallBacks   = p7;
+	p_AEP_CloseConnection  = p8;
+ 
+	to_return = 1;
+ 
+	return to_return;
+
+ err: 
+
+	if(aep_dso)
+		DSO_free(aep_dso);
+		
+	p_AEP_OpenConnection    = NULL;
+	p_AEP_ModExp            = NULL;
+	p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+	p_AEP_GenRandom         = NULL;
+#endif
+	p_AEP_Initialize        = NULL;
+	p_AEP_Finalize          = NULL;
+	p_AEP_SetBNCallBacks    = NULL;
+	p_AEP_CloseConnection   = NULL;
+
+	return to_return;
+	}
+
+/* Destructor (complements the "ENGINE_aep()" constructor) */
+static int aep_destroy(ENGINE *e)
+	{
+	free_AEP_LIBNAME();
+	ERR_unload_AEPHK_strings();
+	return 1;
+	}
+
+static int aep_finish(ENGINE *e)
+	{
+	int to_return = 0, in_use;
+	AEP_RV rv;
+
+	if(aep_dso == NULL)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	rv = aep_close_all_connections(0, &in_use);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
+		goto err;
+		}
+	if (in_use)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
+		goto err;
+		}
+
+	rv = p_AEP_Finalize();
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
+		goto err;
+		}
+
+	if(!DSO_free(aep_dso))
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
+		goto err;
+		}
+
+	aep_dso = NULL;
+	p_AEP_CloseConnection   = NULL;
+	p_AEP_OpenConnection    = NULL;
+	p_AEP_ModExp            = NULL;
+	p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+	p_AEP_GenRandom         = NULL;
+#endif
+	p_AEP_Initialize        = NULL;
+	p_AEP_Finalize          = NULL;
+	p_AEP_SetBNCallBacks    = NULL;
+
+	to_return = 1;
+ err:
+	return to_return;
+	}
+
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((aep_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case AEP_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			AEPHKerr(AEPHK_F_AEP_CTRL,
+				ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			AEPHKerr(AEPHK_F_AEP_CTRL,
+				AEPHK_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_AEP_LIBNAME((const char*)p);
+	default:
+		break;
+		}
+	AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx)
+	{
+	int to_return = 0;
+	int 	r_len = 0;
+	AEP_CONNECTION_HNDL hConnection;
+	AEP_RV rv;
+	
+	r_len = BN_num_bits(m);
+
+	/* Perform in software if modulus is too large for hardware. */
+
+	if (r_len > max_key_len){
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return BN_mod_exp(r, a, p, m, ctx);
+	} 
+
+	/*Grab a connection from the pool*/
+	rv = aep_get_connection(&hConnection);
+	if (rv != AEP_R_OK)
+		{     
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
+		return BN_mod_exp(r, a, p, m, ctx);
+		}
+
+	/*To the card with the mod exp*/
+	rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
+
+	if (rv !=  AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
+		rv = aep_close_connection(hConnection);
+		return BN_mod_exp(r, a, p, m, ctx);
+		}
+
+	/*Return the connection to the pool*/
+	rv = aep_return_connection(hConnection);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+		goto err;
+		}
+
+	to_return = 1;
+ err:
+	return to_return;
+	}
+	
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *q, const BIGNUM *dmp1,
+	const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
+	{
+	AEP_RV rv = AEP_R_OK;
+	AEP_CONNECTION_HNDL hConnection;
+
+	/*Grab a connection from the pool*/
+	rv = aep_get_connection(&hConnection);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
+		return FAIL_TO_SW;
+		}
+
+	/*To the card with the mod exp*/
+	rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
+		(void*)iqmp,(void*)r,NULL);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
+		rv = aep_close_connection(hConnection);
+		return FAIL_TO_SW;
+		}
+
+	/*Return the connection to the pool*/
+	rv = aep_return_connection(hConnection);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+		goto err;
+		}
+ 
+ err:
+	return rv;
+	}
+	
+
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf,int len )
+	{
+	AEP_RV rv = AEP_R_OK;
+	AEP_CONNECTION_HNDL hConnection;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+	/*Can the request be serviced with what's already in the buffer?*/
+	if (len <= rand_block_bytes)
+		{
+		memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+		rand_block_bytes -= len;
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+		}
+	else
+		/*If not the get another block of random bytes*/
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+		rv = aep_get_connection(&hConnection);
+		if (rv !=  AEP_R_OK)
+			{ 
+			AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);             
+			goto err_nounlock;
+			}
+
+		if (len > RAND_BLK_SIZE)
+			{
+			rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+			if (rv !=  AEP_R_OK)
+				{  
+				AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+				goto err_nounlock;
+				}
+			}
+		else
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+			rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
+			if (rv !=  AEP_R_OK)
+				{       
+				AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+	      
+				goto err;
+				}
+
+			rand_block_bytes = RAND_BLK_SIZE;
+
+			memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+			rand_block_bytes -= len;
+
+			CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+			}
+
+		rv = aep_return_connection(hConnection);
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+	  
+			goto err_nounlock;
+			}
+		}
+  
+	return 1;
+ err:
+	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ err_nounlock:
+	return 0;
+	}
+	
+static int aep_rand_status(void)
+{
+	return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx = NULL;
+	int to_return = 0;
+	AEP_RV rv = AEP_R_OK;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		goto err;
+
+	if (!aep_dso)
+		{
+		AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	/*See if we have all the necessary bits for a crt*/
+	if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
+		{
+		rv =  aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
+
+		if (rv == FAIL_TO_SW){
+			const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+			to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+			goto err;
+		}
+		else if (rv != AEP_R_OK)
+			goto err;
+		}
+	else
+		{
+		if (!rsa->d || !rsa->n)
+			{
+			AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
+			goto err;
+			}
+ 
+		rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
+		if  (rv != AEP_R_OK)
+			goto err;
+	
+		}
+
+	to_return = 1;
+
+ err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+	BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+	BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+	BN_init(&t);
+
+	/* let rr = a1 ^ p1 mod m */
+	if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+ end: 
+	BN_free(&t);
+	return to_return;
+	}
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+	BN_MONT_CTX *m_ctx)
+	{  
+	return aep_mod_exp(r, a, p, m, ctx); 
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return aep_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+	BN_MONT_CTX *m_ctx)
+	{
+	return aep_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
+	{
+	int count;
+	AEP_RV rv = AEP_R_OK;
+
+	/*Get the current process id*/
+	pid_t curr_pid;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+	curr_pid = getpid();
+
+	/*Check if this is the first time this is being called from the current
+	  process*/
+	if (recorded_pid != curr_pid)
+		{
+		/*Remember our pid so we can check if we're in a new process*/
+		recorded_pid = curr_pid;
+
+		/*Call Finalize to make sure we have not inherited some data
+		  from a parent process*/
+		p_AEP_Finalize();
+     
+		/*Initialise the AEP API*/
+		rv = p_AEP_Initialize(NULL);
+
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
+			recorded_pid = 0;
+			goto end;
+			}
+
+		/*Set the AEP big num call back functions*/
+		rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
+			&ConvertAEPBigNum);
+
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
+			recorded_pid = 0;
+			goto end;
+			}
+
+#ifdef AEPRAND
+		/*Reset the rand byte count*/
+		rand_block_bytes = 0;
+#endif
+
+		/*Init the structures*/
+		for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+			{
+			aep_app_conn_table[count].conn_state = NotConnected;
+			aep_app_conn_table[count].conn_hndl  = 0;
+			}
+
+		/*Open a connection*/
+		rv = p_AEP_OpenConnection(phConnection);
+
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+			recorded_pid = 0;
+			goto end;
+			}
+
+		aep_app_conn_table[0].conn_state = InUse;
+		aep_app_conn_table[0].conn_hndl = *phConnection;
+		goto end;
+		}
+	/*Check the existing connections to see if we can find a free one*/
+	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_state == Connected)
+			{
+			aep_app_conn_table[count].conn_state = InUse;
+			*phConnection = aep_app_conn_table[count].conn_hndl;
+			goto end;
+			}
+		}
+	/*If no connections available, we're going to have to try
+	  to open a new one*/
+	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_state == NotConnected)
+			{
+			/*Open a connection*/
+			rv = p_AEP_OpenConnection(phConnection);
+
+			if (rv != AEP_R_OK)
+				{	      
+				AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+				goto end;
+				}
+
+			aep_app_conn_table[count].conn_state = InUse;
+			aep_app_conn_table[count].conn_hndl = *phConnection;
+			goto end;
+			}
+		}
+	rv = AEP_R_GENERAL_ERROR;
+ end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return rv;
+	}
+
+
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
+	{
+	int count;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+	/*Find the connection item that matches this connection handle*/
+	for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_hndl == hConnection)
+			{
+			aep_app_conn_table[count].conn_state = Connected;
+			break;
+			}
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+
+	return AEP_R_OK;
+	}
+
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
+	{
+	int count;
+	AEP_RV rv = AEP_R_OK;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+	/*Find the connection item that matches this connection handle*/
+	for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_hndl == hConnection)
+			{
+			rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+			if (rv != AEP_R_OK)
+				goto end;
+			aep_app_conn_table[count].conn_state = NotConnected;
+			aep_app_conn_table[count].conn_hndl  = 0;
+			break;
+			}
+		}
+
+ end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return rv;
+	}
+
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
+	{
+	int count;
+	AEP_RV rv = AEP_R_OK;
+
+	*in_use = 0;
+	if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		switch (aep_app_conn_table[count].conn_state)
+			{
+		case Connected:
+			rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+			if (rv != AEP_R_OK)
+				goto end;
+			aep_app_conn_table[count].conn_state = NotConnected;
+			aep_app_conn_table[count].conn_hndl  = 0;
+			break;
+		case InUse:
+			(*in_use)++;
+			break;
+		case NotConnected:
+			break;
+			}
+		}
+ end:
+	if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return rv;
+	}
+
+/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
+  Note only 32bit Openssl build support*/
+
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
+	{
+	BIGNUM* bn;
+
+	/*Cast the ArbBigNum pointer to our BIGNUM struct*/
+	bn = (BIGNUM*) ArbBigNum;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+	*BigNumSize = bn->top << 3;
+#else
+	/*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
+	  words) multiplies by 4*/
+	*BigNumSize = bn->top << 2;
+#endif
+
+	return AEP_R_OK;
+	}
+
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum)
+	{
+	BIGNUM* bn;
+
+#ifndef SIXTY_FOUR_BIT_LONG
+	unsigned char* buf;
+	int i;
+#endif
+
+	/*Cast the ArbBigNum pointer to our BIGNUM struct*/
+	bn = (BIGNUM*) ArbBigNum;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+  	memcpy(AEP_BigNum, bn->d, BigNumSize);
+#else
+	/*Must copy data into a (monotone) least significant byte first format
+	  performing endian conversion if necessary*/
+	for(i=0;i<bn->top;i++)
+		{
+		buf = (unsigned char*)&bn->d[i];
+
+		*((AEP_U32*)AEP_BigNum) = (AEP_U32)
+			((unsigned) buf[1] << 8 | buf[0]) |
+			((unsigned) buf[3] << 8 | buf[2])  << 16;
+
+		AEP_BigNum += 4;
+		}
+#endif
+
+	return AEP_R_OK;
+	}
+
+/*Turn an AEP Big Num back to a user big num*/
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum)
+	{
+	BIGNUM* bn;
+#ifndef SIXTY_FOUR_BIT_LONG
+	int i;
+#endif
+
+	bn = (BIGNUM*)ArbBigNum;
+
+	/*Expand the result bn so that it can hold our big num.
+	  Size is in bits*/
+	bn_expand(bn, (int)(BigNumSize << 3));
+
+#ifdef SIXTY_FOUR_BIT_LONG
+	bn->top = BigNumSize >> 3;
+	
+	if((BigNumSize & 7) != 0)
+		bn->top++;
+
+	memset(bn->d, 0, bn->top << 3);	
+
+	memcpy(bn->d, AEP_BigNum, BigNumSize);
+#else
+	bn->top = BigNumSize >> 2;
+ 
+	for(i=0;i<bn->top;i++)
+		{
+		bn->d[i] = (AEP_U32)
+			((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+			((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
+		AEP_BigNum += 4;
+		}
+#endif
+
+	return AEP_R_OK;
+}	
+	
+#endif /* !OPENSSL_NO_HW_AEP */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_aep_err.c b/crypto/openssl/crypto/engine/hw_aep_err.c
new file mode 100644
index 0000000..092f532
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_aep_err.c
@@ -0,0 +1,157 @@
+/* hw_aep_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_aep_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA AEPHK_str_functs[]=
+	{
+{ERR_PACK(0,AEPHK_F_AEP_CTRL,0),	"AEP_CTRL"},
+{ERR_PACK(0,AEPHK_F_AEP_FINISH,0),	"AEP_FINISH"},
+{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0),	"AEP_GET_CONNECTION"},
+{ERR_PACK(0,AEPHK_F_AEP_INIT,0),	"AEP_INIT"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0),	"AEP_MOD_EXP"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0),	"AEP_MOD_EXP_CRT"},
+{ERR_PACK(0,AEPHK_F_AEP_RAND,0),	"AEP_RAND"},
+{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0),	"AEP_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA AEPHK_str_reasons[]=
+	{
+{AEPHK_R_ALREADY_LOADED                  ,"already loaded"},
+{AEPHK_R_CLOSE_HANDLES_FAILED            ,"close handles failed"},
+{AEPHK_R_CONNECTIONS_IN_USE              ,"connections in use"},
+{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{AEPHK_R_FINALIZE_FAILED                 ,"finalize failed"},
+{AEPHK_R_GET_HANDLE_FAILED               ,"get handle failed"},
+{AEPHK_R_GET_RANDOM_FAILED               ,"get random failed"},
+{AEPHK_R_INIT_FAILURE                    ,"init failure"},
+{AEPHK_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{AEPHK_R_MOD_EXP_CRT_FAILED              ,"mod exp crt failed"},
+{AEPHK_R_MOD_EXP_FAILED                  ,"mod exp failed"},
+{AEPHK_R_NOT_LOADED                      ,"not loaded"},
+{AEPHK_R_OK                              ,"ok"},
+{AEPHK_R_RETURN_CONNECTION_FAILED        ,"return connection failed"},
+{AEPHK_R_SETBNCALLBACK_FAILURE           ,"setbncallback failure"},
+{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{AEPHK_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef AEPHK_LIB_NAME
+static ERR_STRING_DATA AEPHK_lib_name[]=
+        {
+{0	,AEPHK_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int AEPHK_lib_error_code=0;
+static int AEPHK_error_init=1;
+
+static void ERR_load_AEPHK_strings(void)
+	{
+	if (AEPHK_lib_error_code == 0)
+		AEPHK_lib_error_code=ERR_get_next_error_library();
+
+	if (AEPHK_error_init)
+		{
+		AEPHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+		ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+		AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
+		ERR_load_strings(0,AEPHK_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_AEPHK_strings(void)
+	{
+	if (AEPHK_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+		ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+		ERR_unload_strings(0,AEPHK_lib_name);
+#endif
+		AEPHK_error_init=1;
+		}
+	}
+
+static void ERR_AEPHK_error(int function, int reason, char *file, int line)
+	{
+	if (AEPHK_lib_error_code == 0)
+		AEPHK_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_aep_err.h b/crypto/openssl/crypto/engine/hw_aep_err.h
new file mode 100644
index 0000000..8fe4cf9
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_aep_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_AEPHK_ERR_H
+#define HEADER_AEPHK_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_AEPHK_strings(void);
+static void ERR_unload_AEPHK_strings(void);
+static void ERR_AEPHK_error(int function, int reason, char *file, int line);
+#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the AEPHK functions. */
+
+/* Function codes. */
+#define AEPHK_F_AEP_CTRL				 100
+#define AEPHK_F_AEP_FINISH				 101
+#define AEPHK_F_AEP_GET_CONNECTION			 102
+#define AEPHK_F_AEP_INIT				 103
+#define AEPHK_F_AEP_MOD_EXP				 104
+#define AEPHK_F_AEP_MOD_EXP_CRT				 105
+#define AEPHK_F_AEP_RAND				 106
+#define AEPHK_F_AEP_RSA_MOD_EXP				 107
+
+/* Reason codes. */
+#define AEPHK_R_ALREADY_LOADED				 100
+#define AEPHK_R_CLOSE_HANDLES_FAILED			 101
+#define AEPHK_R_CONNECTIONS_IN_USE			 102
+#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define AEPHK_R_FINALIZE_FAILED				 104
+#define AEPHK_R_GET_HANDLE_FAILED			 105
+#define AEPHK_R_GET_RANDOM_FAILED			 106
+#define AEPHK_R_INIT_FAILURE				 107
+#define AEPHK_R_MISSING_KEY_COMPONENTS			 108
+#define AEPHK_R_MOD_EXP_CRT_FAILED			 109
+#define AEPHK_R_MOD_EXP_FAILED				 110
+#define AEPHK_R_NOT_LOADED				 111
+#define AEPHK_R_OK					 112
+#define AEPHK_R_RETURN_CONNECTION_FAILED		 113
+#define AEPHK_R_SETBNCALLBACK_FAILURE			 114
+#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 116
+#define AEPHK_R_UNIT_FAILURE				 115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_atalla.c b/crypto/openssl/crypto/engine/hw_atalla.c
new file mode 100644
index 0000000..e9eff9f
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_atalla.c
@@ -0,0 +1,594 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_ATALLA
+
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+
+#define ATALLA_LIB_NAME "atalla engine"
+#include "hw_atalla_err.c"
+
+static int atalla_destroy(ENGINE *e);
+static int atalla_init(ENGINE *e);
+static int atalla_finish(ENGINE *e);
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* The definitions for control commands specific to this engine */
+#define ATALLA_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
+	{ATALLA_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'atasi' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+	{
+	"Atalla RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	atalla_rsa_mod_exp,
+	atalla_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+	{
+	"Atalla DSA method",
+	NULL, /* dsa_do_sign */
+	NULL, /* dsa_sign_setup */
+	NULL, /* dsa_do_verify */
+	atalla_dsa_mod_exp, /* dsa_mod_exp */
+	atalla_mod_exp_dsa, /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+	{
+	"Atalla DH method",
+	NULL,
+	NULL,
+	atalla_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_atalla_id = "atalla";
+static const char *engine_atalla_name = "Atalla hardware engine support";
+
+/* This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth3;
+#endif
+	if(!ENGINE_set_id(e, engine_atalla_id) ||
+			!ENGINE_set_name(e, engine_atalla_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &atalla_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &atalla_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &atalla_dh) ||
+#endif
+			!ENGINE_set_destroy_function(e, atalla_destroy) ||
+			!ENGINE_set_init_function(e, atalla_init) ||
+			!ENGINE_set_finish_function(e, atalla_finish) ||
+			!ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+			!ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the atalla-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2 = DSA_OpenSSL();
+	atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+	atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+	atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	atalla_dh.generate_key = meth3->generate_key;
+	atalla_dh.compute_key = meth3->compute_key;
+#endif
+
+	/* Ensure the atalla error handling is set up */
+	ERR_load_ATALLA_strings();
+	return 1;
+	}
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_atalla(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_atalla(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_atalla();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
+ * "atasi.so" rather than something more consistent like "libatasi.so". At the
+ * time of writing, I'm not sure what the file name on win32 is but clearly
+ * native name translation is not possible (eg libatasi.so on *nix, and
+ * atasi.dll on win32). For the purposes of testing, I have created a symbollic
+ * link called "libatasi.so" so that we can use native name-translation - a
+ * better solution will be needed. */
+static const char *ATALLA_LIBNAME = NULL;
+static const char *get_ATALLA_LIBNAME(void)
+	{
+		if(ATALLA_LIBNAME)
+			return ATALLA_LIBNAME;
+		return "atasi";
+	}
+static void free_ATALLA_LIBNAME(void)
+	{
+		if(ATALLA_LIBNAME)
+			OPENSSL_free((void*)ATALLA_LIBNAME);
+		ATALLA_LIBNAME = NULL;
+	}
+static long set_ATALLA_LIBNAME(const char *name)
+	{
+	free_ATALLA_LIBNAME();
+	return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+
+/* Destructor (complements the "ENGINE_atalla()" constructor) */
+static int atalla_destroy(ENGINE *e)
+	{
+	free_ATALLA_LIBNAME();
+	/* Unload the atalla error strings so any error state including our
+	 * functs or reasons won't lead to a segfault (they simply get displayed
+	 * without corresponding string data because none will be found). */
+	ERR_unload_ATALLA_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int atalla_init(ENGINE *e)
+	{
+	tfnASI_GetHardwareConfig *p1;
+	tfnASI_RSAPrivateKeyOpFn *p2;
+	tfnASI_GetPerformanceStatistics *p3;
+	/* Not sure of the origin of this magic value, but Ben's code had it
+	 * and it seemed to have been working for a few people. :-) */
+	unsigned int config_buf[1024];
+
+	if(atalla_dso != NULL)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+	 * changed unfortunately because the Atalla drivers don't have
+	 * standard library names that can be platform-translated well. */
+	/* TODO: Work out how to actually map to the names the Atalla
+	 * drivers really use - for now a symbollic link needs to be
+	 * created on the host system from libatasi.so to atasi.so on
+	 * unix variants. */
+	atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
+	if(atalla_dso == NULL)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+				atalla_dso, ATALLA_F1)) ||
+			!(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+				atalla_dso, ATALLA_F2)) ||
+			!(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+				atalla_dso, ATALLA_F3)))
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	/* Copy the pointers */
+	p_Atalla_GetHardwareConfig = p1;
+	p_Atalla_RSAPrivateKeyOpFn = p2;
+	p_Atalla_GetPerformanceStatistics = p3;
+	/* Perform a basic test to see if there's actually any unit
+	 * running. */
+	if(p1(0L, config_buf) != 0)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
+		goto err;
+		}
+	/* Everything's fine. */
+	return 1;
+err:
+	if(atalla_dso)
+		DSO_free(atalla_dso);
+	p_Atalla_GetHardwareConfig = NULL;
+	p_Atalla_RSAPrivateKeyOpFn = NULL;
+	p_Atalla_GetPerformanceStatistics = NULL;
+	return 0;
+	}
+
+static int atalla_finish(ENGINE *e)
+	{
+	free_ATALLA_LIBNAME();
+	if(atalla_dso == NULL)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(atalla_dso))
+		{
+		ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
+		return 0;
+		}
+	atalla_dso = NULL;
+	p_Atalla_GetHardwareConfig = NULL;
+	p_Atalla_RSAPrivateKeyOpFn = NULL;
+	p_Atalla_GetPerformanceStatistics = NULL;
+	return 1;
+	}
+
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((atalla_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case ATALLA_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_ATALLA_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx)
+	{
+	/* I need somewhere to store temporary serialised values for
+	 * use with the Atalla API calls. A neat cheat - I'll use
+	 * BIGNUMs from the BN_CTX but access their arrays directly as
+	 * byte arrays <grin>. This way I don't have to clean anything
+	 * up. */
+	BIGNUM *modulus;
+	BIGNUM *exponent;
+	BIGNUM *argument;
+	BIGNUM *result;
+	RSAPrivateKey keydata;
+	int to_return, numbytes;
+
+	modulus = exponent = argument = result = NULL;
+	to_return = 0; /* expect failure */
+
+	if(!atalla_dso)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	modulus = BN_CTX_get(ctx);
+	exponent = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if (!result)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+	   !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	/* Prepare the key-data */
+	memset(&keydata, 0,sizeof keydata);
+	numbytes = BN_num_bytes(m);
+	memset(exponent->d, 0, numbytes);
+	memset(modulus->d, 0, numbytes);
+	BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+	BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+	keydata.privateExponent.data = (unsigned char *)exponent->d;
+	keydata.privateExponent.len = numbytes;
+	keydata.modulus.data = (unsigned char *)modulus->d;
+	keydata.modulus.len = numbytes;
+	/* Prepare the argument */
+	memset(argument->d, 0, numbytes);
+	memset(result->d, 0, numbytes);
+	BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+	/* Perform the operation */
+	if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+			(unsigned char *)argument->d,
+			keydata.modulus.len) != 0)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
+		goto err;
+		}
+	/* Convert the response */
+	BN_bin2bn((unsigned char *)result->d, numbytes, r);
+	to_return = 1;
+err:
+	BN_CTX_end(ctx);
+	return to_return;
+	}
+
+#ifndef OPENSSL_NO_RSA
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx = NULL;
+	int to_return = 0;
+
+	if(!atalla_dso)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!rsa->d || !rsa->n)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
+		goto err;
+		}
+	to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+ 
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+	}
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return atalla_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return atalla_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return atalla_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_atalla_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_ATALLA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_atalla_err.c b/crypto/openssl/crypto/engine/hw_atalla_err.c
new file mode 100644
index 0000000..1df9c45
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_atalla_err.c
@@ -0,0 +1,145 @@
+/* hw_atalla_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_atalla_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ATALLA_str_functs[]=
+	{
+{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0),	"ATALLA_CTRL"},
+{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0),	"ATALLA_FINISH"},
+{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0),	"ATALLA_INIT"},
+{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0),	"ATALLA_MOD_EXP"},
+{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0),	"ATALLA_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ATALLA_str_reasons[]=
+	{
+{ATALLA_R_ALREADY_LOADED                 ,"already loaded"},
+{ATALLA_R_BN_CTX_FULL                    ,"bn ctx full"},
+{ATALLA_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ATALLA_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{ATALLA_R_NOT_LOADED                     ,"not loaded"},
+{ATALLA_R_REQUEST_FAILED                 ,"request failed"},
+{ATALLA_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ATALLA_LIB_NAME
+static ERR_STRING_DATA ATALLA_lib_name[]=
+        {
+{0	,ATALLA_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int ATALLA_lib_error_code=0;
+static int ATALLA_error_init=1;
+
+static void ERR_load_ATALLA_strings(void)
+	{
+	if (ATALLA_lib_error_code == 0)
+		ATALLA_lib_error_code=ERR_get_next_error_library();
+
+	if (ATALLA_error_init)
+		{
+		ATALLA_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+		ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+		ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
+		ERR_load_strings(0,ATALLA_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_ATALLA_strings(void)
+	{
+	if (ATALLA_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+		ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+		ERR_unload_strings(0,ATALLA_lib_name);
+#endif
+		ATALLA_error_init=1;
+		}
+	}
+
+static void ERR_ATALLA_error(int function, int reason, char *file, int line)
+	{
+	if (ATALLA_lib_error_code == 0)
+		ATALLA_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_atalla_err.h b/crypto/openssl/crypto/engine/hw_atalla_err.h
new file mode 100644
index 0000000..cdac052
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_atalla_err.h
@@ -0,0 +1,89 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ATALLA_ERR_H
+#define HEADER_ATALLA_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ATALLA_strings(void);
+static void ERR_unload_ATALLA_strings(void);
+static void ERR_ATALLA_error(int function, int reason, char *file, int line);
+#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ATALLA functions. */
+
+/* Function codes. */
+#define ATALLA_F_ATALLA_CTRL				 100
+#define ATALLA_F_ATALLA_FINISH				 101
+#define ATALLA_F_ATALLA_INIT				 102
+#define ATALLA_F_ATALLA_MOD_EXP				 103
+#define ATALLA_F_ATALLA_RSA_MOD_EXP			 104
+
+/* Reason codes. */
+#define ATALLA_R_ALREADY_LOADED				 100
+#define ATALLA_R_BN_CTX_FULL				 101
+#define ATALLA_R_BN_EXPAND_FAIL				 102
+#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define ATALLA_R_MISSING_KEY_COMPONENTS			 104
+#define ATALLA_R_NOT_LOADED				 105
+#define ATALLA_R_REQUEST_FAILED				 106
+#define ATALLA_R_UNIT_FAILURE				 107
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_cryptodev.c b/crypto/openssl/crypto/engine/hw_cryptodev.c
new file mode 100644
index 0000000..be7ed6b
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_cryptodev.c
@@ -0,0 +1,1130 @@
+/*
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+
+#ifndef __OpenBSD__
+
+void
+ENGINE_load_cryptodev(void)
+{
+	/* This is a NOP unless __OpenBSD__ is defined */
+	return;
+}
+
+#else /* __OpenBSD__ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#if OpenBSD < 200112
+
+void
+ENGINE_load_cryptodev(void)
+{
+	/* This is a NOP unless we have release 3.0 (released december 2001) */
+	return;
+}
+
+#else /* OpenBSD 3.0 or above */
+
+#include <crypto/cryptodev.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+
+struct dev_crypto_state {
+	struct session_op d_sess;
+	int d_fd;
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int cryptodev_max_iv(int cipher);
+static int cryptodev_key_length_valid(int cipher, int len);
+static int cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+static int get_cryptodev_digests(const int **cnids);
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+	{ 0, NULL, NULL, 0 }
+};
+
+static struct {
+	int	id;
+	int	nid;
+	int	ivmax;
+	int	keylen;
+} ciphers[] = {
+	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
+	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
+	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
+	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
+	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
+	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
+	{ 0,				NID_undef,		0,	 0, },
+};
+
+static struct {
+	int	id;
+	int	nid;
+} digests[] = {
+	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	},
+	{ CRYPTO_RIPEMD160_HMAC,	NID_ripemd160,		},
+	{ CRYPTO_MD5_KPDK,		NID_undef,		},
+	{ CRYPTO_SHA1_KPDK,		NID_undef,		},
+	{ CRYPTO_MD5,			NID_md5,		},
+	{ CRYPTO_SHA1,			NID_undef,		},
+	{ 0,				NID_undef,		},
+};
+
+/*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+	static int fd = -1;
+
+	if (fd == -1) {
+		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+			return (-1);
+		/* close on exec */
+		if (fcntl(fd, F_SETFD, 1) == -1) {
+			close(fd);
+			fd = -1;
+			return (-1);
+		}
+	}
+	return (fd);
+}
+
+static int
+get_dev_crypto(void)
+{
+	int fd, retfd;
+
+	if ((fd = open_dev_crypto()) == -1)
+		return (-1);
+	if (ioctl(fd, CRIOGET, &retfd) == -1)
+		return (-1);
+
+	/* close on exec */
+	if (fcntl(retfd, F_SETFD, 1) == -1) {
+		close(retfd);
+		return (-1);
+	}
+	return (retfd);
+}
+
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+	static int fd = -1;
+
+	if (fd == -1)
+		fd = get_dev_crypto();
+	return fd;
+}
+
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card.
+ */
+static int
+cryptodev_max_iv(int cipher)
+{
+	int i;
+
+	for (i = 0; ciphers[i].id; i++)
+		if (ciphers[i].id == cipher)
+			return (ciphers[i].ivmax);
+	return (0);
+}
+
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card. For now, fake it out - but most of these
+ * for real devices should return 1 for the supported key
+ * sizes the device can handle.
+ */
+static int
+cryptodev_key_length_valid(int cipher, int len)
+{
+	int i;
+
+	for (i = 0; ciphers[i].id; i++)
+		if (ciphers[i].id == cipher)
+			return (ciphers[i].keylen == len);
+	return (0);
+}
+
+/* convert libcrypto nids to cryptodev */
+static int
+cipher_nid_to_cryptodev(int nid)
+{
+	int i;
+
+	for (i = 0; ciphers[i].id; i++)
+		if (ciphers[i].nid == nid)
+			return (ciphers[i].id);
+	return (0);
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+	static int nids[CRYPTO_ALGORITHM_MAX];
+	struct session_op sess;
+	int fd, i, count = 0;
+
+	if ((fd = get_dev_crypto()) < 0) {
+		*nids = NULL;
+		return (0);
+	}
+	memset(&sess, 0, sizeof(sess));
+	sess.key = (caddr_t)"123456781234567812345678";
+
+	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+		if (ciphers[i].nid == NID_undef)
+			continue;
+		sess.cipher = ciphers[i].id;
+		sess.keylen = ciphers[i].keylen;
+		sess.mac = 0;
+		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+			nids[count++] = ciphers[i].nid;
+	}
+	close(fd);
+
+	if (count > 0)
+		*cnids = nids;
+	else
+		*cnids = NULL;
+	return (count);
+}
+
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+	static int nids[CRYPTO_ALGORITHM_MAX];
+	struct session_op sess;
+	int fd, i, count = 0;
+
+	if ((fd = get_dev_crypto()) < 0) {
+		*nids = NULL;
+		return (0);
+	}
+	memset(&sess, 0, sizeof(sess));
+	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+		if (digests[i].nid == NID_undef)
+			continue;
+		sess.mac = digests[i].id;
+		sess.cipher = 0;
+		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+			nids[count++] = digests[i].nid;
+	}
+	close(fd);
+
+	if (count > 0)
+		*cnids = nids;
+	else
+		*cnids = NULL;
+	return (count);
+}
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+	return (get_cryptodev_ciphers(nids));
+}
+
+static int
+cryptodev_usable_digests(const int **nids)
+{
+	/*
+	 * XXXX just disable all digests for now, because it sucks.
+	 * we need a better way to decide this - i.e. I may not
+	 * want digests on slow cards like hifn on fast machines,
+	 * but might want them on slow or loaded machines, etc.
+	 * will also want them when using crypto cards that don't
+	 * suck moose gonads - would be nice to be able to decide something
+	 * as reasonable default without having hackery that's card dependent.
+	 * of course, the default should probably be just do everything,
+	 * with perhaps a sysctl to turn algoritms off (or have them off
+	 * by default) on cards that generally suck like the hifn.
+	 */
+	*nids = NULL;
+	return (0);
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+	struct crypt_op cryp;
+	struct dev_crypto_state *state = ctx->cipher_data;
+	struct session_op *sess = &state->d_sess;
+	void *iiv;
+	unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+	if (state->d_fd < 0)
+		return (0);
+	if (!inl)
+		return (1);
+	if ((inl % ctx->cipher->block_size) != 0)
+		return (0);
+
+	memset(&cryp, 0, sizeof(cryp));
+
+	cryp.ses = sess->ses;
+	cryp.flags = 0;
+	cryp.len = inl;
+	cryp.src = (caddr_t) in;
+	cryp.dst = (caddr_t) out;
+	cryp.mac = 0;
+
+	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+	if (ctx->cipher->iv_len) {
+		cryp.iv = (caddr_t) ctx->iv;
+		if (!ctx->encrypt) {
+			iiv = (void *) in + inl - ctx->cipher->iv_len;
+			memcpy(save_iv, iiv, ctx->cipher->iv_len);
+		}
+	} else
+		cryp.iv = NULL;
+
+	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+		/* XXX need better errror handling
+		 * this can fail for a number of different reasons.
+		 */
+		return (0);
+	}
+
+	if (ctx->cipher->iv_len) {
+		if (ctx->encrypt)
+			iiv = (void *) out + inl - ctx->cipher->iv_len;
+		else
+			iiv = save_iv;
+		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+	}
+	return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+	struct dev_crypto_state *state = ctx->cipher_data;
+	struct session_op *sess = &state->d_sess;
+	int cipher;
+
+	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+		return (0);
+
+	if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+		return (0);
+
+	if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+		return (0);
+
+	memset(sess, 0, sizeof(struct session_op));
+
+	if ((state->d_fd = get_dev_crypto()) < 0)
+		return (0);
+
+	sess->key = (unsigned char *)key;
+	sess->keylen = ctx->key_len;
+	sess->cipher = cipher;
+
+	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+		close(state->d_fd);
+		state->d_fd = -1;
+		return (0);
+	}
+	return (1);
+}
+
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+	int ret = 0;
+	struct dev_crypto_state *state = ctx->cipher_data;
+	struct session_op *sess = &state->d_sess;
+
+	if (state->d_fd < 0)
+		return (0);
+
+	/* XXX if this ioctl fails, someting's wrong. the invoker
+	 * may have called us with a bogus ctx, or we could
+	 * have a device that for whatever reason just doesn't
+	 * want to play ball - it's not clear what's right
+	 * here - should this be an error? should it just
+	 * increase a counter, hmm. For right now, we return
+	 * 0 - I don't believe that to be "right". we could
+	 * call the gorpy openssl lib error handlers that
+	 * print messages to users of the library. hmm..
+	 */
+
+	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+		ret = 0;
+	} else {
+		ret = 1;
+	}
+	close(state->d_fd);
+	state->d_fd = -1;
+
+	return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+	NID_des_cbc,
+	8, 8, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+	NID_des_ede3_cbc,
+	8, 24, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+	NID_bf_cbc,
+	8, 16, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+	NID_cast5_cbc,
+	8, 16, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_aes_cbc = {
+	NID_aes_128_cbc,
+	16, 16, 16,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+	if (!cipher)
+		return (cryptodev_usable_ciphers(nids));
+
+	switch (nid) {
+	case NID_des_ede3_cbc:
+		*cipher = &cryptodev_3des_cbc;
+		break;
+	case NID_des_cbc:
+		*cipher = &cryptodev_des_cbc;
+		break;
+	case NID_bf_cbc:
+		*cipher = &cryptodev_bf_cbc;
+		break;
+	case NID_cast5_cbc:
+		*cipher = &cryptodev_cast_cbc;
+		break;
+	case NID_aes_128_cbc:
+		*cipher = &cryptodev_aes_cbc;
+		break;
+	default:
+		*cipher = NULL;
+		break;
+	}
+	return (*cipher != NULL);
+}
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+	if (!digest)
+		return (cryptodev_usable_digests(nids));
+
+	switch (nid) {
+	case NID_md5:
+		*digest = NULL; /* need to make a clean md5 critter */
+		break;
+	default:
+		*digest = NULL;
+		break;
+	}
+	return (*digest != NULL);
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+	int i, j, k;
+	ssize_t words, bytes, bits;
+	u_char *b;
+
+	crp->crp_p = NULL;
+	crp->crp_nbits = 0;
+
+	bits = BN_num_bits(a);
+	bytes = (bits + 7) / 8;
+
+	b = malloc(bytes);
+	if (b == NULL)
+		return (1);
+
+	crp->crp_p = b;
+	crp->crp_nbits = bits;
+
+	for (i = 0, j = 0; i < a->top; i++) {
+		for (k = 0; k < BN_BITS2 / 8; k++) {
+			if ((j + k) >= bytes)
+				return (0);
+			b[j + k] = a->d[i] >> (k * 8);
+		}
+		j += BN_BITS2 / 8;
+	}
+	return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+	u_int8_t *pd;
+	int i, bytes;
+
+	bytes = (crp->crp_nbits + 7) / 8;
+
+	if (bytes == 0)
+		return (-1);
+
+	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+		return (-1);
+
+	for (i = 0; i < bytes; i++)
+		pd[i] = crp->crp_p[bytes - i - 1];
+
+	BN_bin2bn(pd, bytes, a);
+	free(pd);
+
+	return (0);
+}
+
+static void
+zapparams(struct crypt_kop *kop)
+{
+	int i;
+
+	for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+		if (kop->crk_param[i].crp_p)
+			free(kop->crk_param[i].crp_p);
+		kop->crk_param[i].crp_p = NULL;
+		kop->crk_param[i].crp_nbits = 0;
+	}
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+	int fd, ret = -1;
+
+	if ((fd = get_asym_dev_crypto()) < 0)
+		return (ret);
+
+	if (r) {
+		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+		kop->crk_oparams++;
+	}
+	if (s) {
+		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+		kop->crk_oparams++;
+	}
+
+	if (ioctl(fd, CIOCKEY, kop) == 0) {
+		if (r)
+			crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+		if (s)
+			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+		ret = 0;
+	}
+
+	return (ret);
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+	struct crypt_kop kop;
+	int ret = 1;
+
+	/* Currently, we know we can do mod exp iff we can do any
+	 * asymmetric operations at all.
+	 */
+	if (cryptodev_asymfeat == 0) {
+		ret = BN_mod_exp(r, a, p, m, ctx);
+		return (ret);
+	}
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_MOD_EXP;
+
+	/* inputs: a^p % m */
+	if (bn2crparam(a, &kop.crk_param[0]))
+		goto err;
+	if (bn2crparam(p, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(m, &kop.crk_param[2]))
+		goto err;
+	kop.crk_iparams = 3;
+
+	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+	}
+err:
+	zapparams(&kop);
+	return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+	int r;
+	BN_CTX *ctx;
+
+	ctx = BN_CTX_new();
+	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+	BN_CTX_free(ctx);
+	return (r);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+	struct crypt_kop kop;
+	int ret = 1;
+
+	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+		/* XXX 0 means failure?? */
+		return (0);
+	}
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_MOD_EXP_CRT;
+	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+	if (bn2crparam(rsa->p, &kop.crk_param[0]))
+		goto err;
+	if (bn2crparam(rsa->q, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(I, &kop.crk_param[2]))
+		goto err;
+	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+		goto err;
+	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+		goto err;
+	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+		goto err;
+	kop.crk_iparams = 6;
+
+	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+		ret = (*meth->rsa_mod_exp)(r0, I, rsa);
+	}
+err:
+	zapparams(&kop);
+	return (ret);
+}
+
+static RSA_METHOD cryptodev_rsa = {
+	"cryptodev RSA method",
+	NULL,				/* rsa_pub_enc */
+	NULL,				/* rsa_pub_dec */
+	NULL,				/* rsa_priv_enc */
+	NULL,				/* rsa_priv_dec */
+	NULL,
+	NULL,
+	NULL,				/* init */
+	NULL,				/* finish */
+	0,				/* flags */
+	NULL,				/* app_data */
+	NULL,				/* rsa_sign */
+	NULL				/* rsa_verify */
+};
+
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+	BIGNUM t2;
+	int ret = 0;
+
+	BN_init(&t2);
+
+	/* v = ( g^u1 * y^u2 mod p ) mod q */
+	/* let t1 = g ^ u1 mod p */
+	ret = 0;
+
+	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+		goto err;
+
+	/* let t2 = y ^ u2 mod p */
+	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+		goto err;
+	/* let u1 = t1 * t2 mod p */
+	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+		goto err;
+
+	BN_copy(t1,u1);
+
+	ret = 1;
+err:
+	BN_free(&t2);
+	return(ret);
+}
+
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+	struct crypt_kop kop;
+	BIGNUM *r = NULL, *s = NULL;
+	DSA_SIG *dsaret = NULL;
+
+	if ((r = BN_new()) == NULL)
+		goto err;
+	if ((s = BN_new()) == NULL) {
+		BN_free(r);
+		goto err;
+	}
+
+	printf("bar\n");
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_DSA_SIGN;
+
+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+	kop.crk_param[0].crp_p = (caddr_t)dgst;
+	kop.crk_param[0].crp_nbits = dlen * 8;
+	if (bn2crparam(dsa->p, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(dsa->q, &kop.crk_param[2]))
+		goto err;
+	if (bn2crparam(dsa->g, &kop.crk_param[3]))
+		goto err;
+	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+		goto err;
+	kop.crk_iparams = 5;
+
+	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+	    BN_num_bytes(dsa->q), s) == 0) {
+		dsaret = DSA_SIG_new();
+		dsaret->r = r;
+		dsaret->s = s;
+	} else {
+		const DSA_METHOD *meth = DSA_OpenSSL();
+		BN_free(r);
+		BN_free(s);
+		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+	}
+err:
+	kop.crk_param[0].crp_p = NULL;
+	zapparams(&kop);
+	return (dsaret);
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+	struct crypt_kop kop;
+	int dsaret = 1;
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_DSA_VERIFY;
+
+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+	kop.crk_param[0].crp_p = (caddr_t)dgst;
+	kop.crk_param[0].crp_nbits = dlen * 8;
+	if (bn2crparam(dsa->p, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(dsa->q, &kop.crk_param[2]))
+		goto err;
+	if (bn2crparam(dsa->g, &kop.crk_param[3]))
+		goto err;
+	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+		goto err;
+	if (bn2crparam(sig->r, &kop.crk_param[5]))
+		goto err;
+	if (bn2crparam(sig->s, &kop.crk_param[6]))
+		goto err;
+	kop.crk_iparams = 7;
+
+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+		dsaret = kop.crk_status;
+	} else {
+		const DSA_METHOD *meth = DSA_OpenSSL();
+
+		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+	}
+err:
+	kop.crk_param[0].crp_p = NULL;
+	zapparams(&kop);
+	return (dsaret);
+}
+
+static DSA_METHOD cryptodev_dsa = {
+	"cryptodev DSA method",
+	NULL,
+	NULL,				/* dsa_sign_setup */
+	NULL,
+	NULL,				/* dsa_mod_exp */
+	NULL,
+	NULL,				/* init */
+	NULL,				/* finish */
+	0,	/* flags */
+	NULL	/* app_data */
+};
+
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+	struct crypt_kop kop;
+	int dhret = 1;
+	int fd, keylen;
+
+	if ((fd = get_asym_dev_crypto()) < 0) {
+		const DH_METHOD *meth = DH_OpenSSL();
+
+		return ((meth->compute_key)(key, pub_key, dh));
+	}
+
+	keylen = BN_num_bits(dh->p);
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+	/* inputs: dh->priv_key pub_key dh->p key */
+	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+		goto err;
+	if (bn2crparam(pub_key, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(dh->p, &kop.crk_param[2]))
+		goto err;
+	kop.crk_iparams = 3;
+
+	kop.crk_param[3].crp_p = key;
+	kop.crk_param[3].crp_nbits = keylen * 8;
+	kop.crk_oparams = 1;
+
+	if (ioctl(fd, CIOCKEY, &kop) == -1) {
+		const DH_METHOD *meth = DH_OpenSSL();
+
+		dhret = (meth->compute_key)(key, pub_key, dh);
+	}
+err:
+	kop.crk_param[3].crp_p = NULL;
+	zapparams(&kop);
+	return (dhret);
+}
+
+static DH_METHOD cryptodev_dh = {
+	"cryptodev DH method",
+	NULL,				/* cryptodev_dh_generate_key */
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	0,	/* flags */
+	NULL	/* app_data */
+};
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+	struct syslog_data sd = SYSLOG_DATA_INIT;
+
+	switch (cmd) {
+	default:
+		syslog_r(LOG_ERR, &sd,
+		    "cryptodev_ctrl: unknown command %d", cmd);
+		break;
+	}
+	return (1);
+}
+
+void
+ENGINE_load_cryptodev(void)
+{
+	ENGINE *engine = ENGINE_new();
+	int fd;
+
+	if (engine == NULL)
+		return;
+	if ((fd = get_dev_crypto()) < 0)
+		return;
+
+	/*
+	 * find out what asymmetric crypto algorithms we support
+	 */
+	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+		close(fd);
+		return;
+	}
+	close(fd);
+
+	if (!ENGINE_set_id(engine, "cryptodev") ||
+	    !ENGINE_set_name(engine, "OpenBSD cryptodev engine") ||
+	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+		ENGINE_free(engine);
+		return;
+	}
+
+	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
+			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+				cryptodev_rsa.rsa_mod_exp =
+				    cryptodev_rsa_mod_exp;
+			else
+				cryptodev_rsa.rsa_mod_exp =
+				    cryptodev_rsa_nocrt_mod_exp;
+		}
+	}
+
+	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+		const DSA_METHOD *meth = DSA_OpenSSL();
+
+		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+		if (cryptodev_asymfeat & CRF_DSA_SIGN)
+			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
+			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+		}
+		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+	}
+
+	if (ENGINE_set_DH(engine, &cryptodev_dh)){
+		const DH_METHOD *dh_meth = DH_OpenSSL();
+
+		cryptodev_dh.generate_key = dh_meth->generate_key;
+		cryptodev_dh.compute_key = dh_meth->compute_key;
+		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
+			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+				cryptodev_dh.compute_key =
+				    cryptodev_dh_compute_key;
+		}
+	}
+
+	ENGINE_add(engine);
+	ENGINE_free(engine);
+	ERR_clear_error();
+}
+
+#endif /* OpenBSD 3.0 or above */
+#endif /* __OpenBSD__ */
diff --git a/crypto/openssl/crypto/engine/hw_cswift.c b/crypto/openssl/crypto/engine/hw_cswift.c
new file mode 100644
index 0000000..f128ee5
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_cswift.c
@@ -0,0 +1,997 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+
+#define CSWIFT_LIB_NAME "cswift engine"
+#include "hw_cswift_err.c"
+
+static int cswift_destroy(ENGINE *e);
+static int cswift_init(ENGINE *e);
+static int cswift_finish(ENGINE *e);
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+		const BIGNUM *iqmp, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa);
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* RAND stuff */
+static int cswift_rand_bytes(unsigned char *buf, int num);
+static int cswift_rand_status(void);
+
+/* The definitions for control commands specific to this engine */
+#define CSWIFT_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
+	{CSWIFT_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'cswift' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+	{
+	"CryptoSwift RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	cswift_rsa_mod_exp,
+	cswift_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+	{
+	"CryptoSwift DSA method",
+	cswift_dsa_sign,
+	NULL, /* dsa_sign_setup */
+	cswift_dsa_verify,
+	NULL, /* dsa_mod_exp */
+	NULL, /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+	{
+	"CryptoSwift DH method",
+	NULL,
+	NULL,
+	cswift_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+static RAND_METHOD cswift_random =
+    {
+    /* "CryptoSwift RAND method", */
+    NULL,
+    cswift_rand_bytes,
+    NULL,
+    NULL,
+    cswift_rand_bytes,
+    cswift_rand_status,
+    };
+
+
+/* Constants used when creating the ENGINE */
+static const char *engine_cswift_id = "cswift";
+static const char *engine_cswift_name = "CryptoSwift hardware engine support";
+
+/* This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth2;
+#endif
+	if(!ENGINE_set_id(e, engine_cswift_id) ||
+			!ENGINE_set_name(e, engine_cswift_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &cswift_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &cswift_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &cswift_dh) ||
+#endif
+			!ENGINE_set_RAND(e, &cswift_random) ||
+			!ENGINE_set_destroy_function(e, cswift_destroy) ||
+			!ENGINE_set_init_function(e, cswift_init) ||
+			!ENGINE_set_finish_function(e, cswift_finish) ||
+			!ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+			!ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the cswift-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth2 = DH_OpenSSL();
+	cswift_dh.generate_key = meth2->generate_key;
+	cswift_dh.compute_key = meth2->compute_key;
+#endif
+
+	/* Ensure the cswift error handling is set up */
+	ERR_load_CSWIFT_strings();
+	return 1;
+	}
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_cswift(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_cswift(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_cswift();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = NULL;
+static const char *get_CSWIFT_LIBNAME(void)
+	{
+	if(CSWIFT_LIBNAME)
+		return CSWIFT_LIBNAME;
+	return "swift";
+	}
+static void free_CSWIFT_LIBNAME(void)
+	{
+	if(CSWIFT_LIBNAME)
+		OPENSSL_free((void*)CSWIFT_LIBNAME);
+	CSWIFT_LIBNAME = NULL;
+	}
+static long set_CSWIFT_LIBNAME(const char *name)
+	{
+	free_CSWIFT_LIBNAME();
+	return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+	{
+        SW_STATUS status;
+ 
+        status = p_CSwift_AcquireAccContext(hac);
+        if(status != SW_OK)
+                return 0;
+        return 1;
+	}
+ 
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+	{
+        p_CSwift_ReleaseAccContext(hac);
+	}
+
+/* Destructor (complements the "ENGINE_cswift()" constructor) */
+static int cswift_destroy(ENGINE *e)
+	{
+	free_CSWIFT_LIBNAME();
+	ERR_unload_CSWIFT_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int cswift_init(ENGINE *e)
+	{
+        SW_CONTEXT_HANDLE hac;
+        t_swAcquireAccContext *p1;
+        t_swAttachKeyParam *p2;
+        t_swSimpleRequest *p3;
+        t_swReleaseAccContext *p4;
+
+	if(cswift_dso != NULL)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libswift.so/swift.dll/whatever. */
+	cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
+	if(cswift_dso == NULL)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+		goto err;
+		}
+	if(!(p1 = (t_swAcquireAccContext *)
+				DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+			!(p2 = (t_swAttachKeyParam *)
+				DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+			!(p3 = (t_swSimpleRequest *)
+				DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+			!(p4 = (t_swReleaseAccContext *)
+				DSO_bind_func(cswift_dso, CSWIFT_F4)))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+		goto err;
+		}
+	/* Copy the pointers */
+	p_CSwift_AcquireAccContext = p1;
+	p_CSwift_AttachKeyParam = p2;
+	p_CSwift_SimpleRequest = p3;
+	p_CSwift_ReleaseAccContext = p4;
+	/* Try and get a context - if not, we may have a DSO but no
+	 * accelerator! */
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	release_context(hac);
+	/* Everything's fine. */
+	return 1;
+err:
+	if(cswift_dso)
+		DSO_free(cswift_dso);
+	p_CSwift_AcquireAccContext = NULL;
+	p_CSwift_AttachKeyParam = NULL;
+	p_CSwift_SimpleRequest = NULL;
+	p_CSwift_ReleaseAccContext = NULL;
+	return 0;
+	}
+
+static int cswift_finish(ENGINE *e)
+	{
+	free_CSWIFT_LIBNAME();
+	if(cswift_dso == NULL)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(cswift_dso))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
+		return 0;
+		}
+	cswift_dso = NULL;
+	p_CSwift_AcquireAccContext = NULL;
+	p_CSwift_AttachKeyParam = NULL;
+	p_CSwift_SimpleRequest = NULL;
+	p_CSwift_ReleaseAccContext = NULL;
+	return 1;
+	}
+
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((cswift_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case CSWIFT_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_CSWIFT_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx)
+	{
+	/* I need somewhere to store temporary serialised values for
+	 * use with the CryptoSwift API calls. A neat cheat - I'll use
+	 * BIGNUMs from the BN_CTX but access their arrays directly as
+	 * byte arrays <grin>. This way I don't have to clean anything
+	 * up. */
+	BIGNUM *modulus;
+	BIGNUM *exponent;
+	BIGNUM *argument;
+	BIGNUM *result;
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg, res;
+	SW_PARAM sw_param;
+	SW_CONTEXT_HANDLE hac;
+	int to_return, acquired;
+ 
+	modulus = exponent = argument = result = NULL;
+	to_return = 0; /* expect failure */
+	acquired = 0;
+ 
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	modulus = BN_CTX_get(ctx);
+	exponent = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if(!result)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+		!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_EXP;
+	sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+		(unsigned char *)modulus->d);
+	sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+	sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+		(unsigned char *)exponent->d);
+	sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+	arg.value = (unsigned char *)argument->d;
+	res.nbytes = BN_num_bytes(m);
+	memset(result->d, 0, res.nbytes);
+	res.value = (unsigned char *)result->d;
+	/* Perform the operation */
+	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+		&res, 1)) != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+	to_return = 1;
+err:
+	if(acquired)
+		release_context(hac);
+	BN_CTX_end(ctx);
+	return to_return;
+	}
+
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *q, const BIGNUM *dmp1,
+			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+	{
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg, res;
+	SW_PARAM sw_param;
+	SW_CONTEXT_HANDLE hac;
+	BIGNUM *rsa_p = NULL;
+	BIGNUM *rsa_q = NULL;
+	BIGNUM *rsa_dmp1 = NULL;
+	BIGNUM *rsa_dmq1 = NULL;
+	BIGNUM *rsa_iqmp = NULL;
+	BIGNUM *argument = NULL;
+	BIGNUM *result = NULL;
+	int to_return = 0; /* expect failure */
+	int acquired = 0;
+ 
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	rsa_p = BN_CTX_get(ctx);
+	rsa_q = BN_CTX_get(ctx);
+	rsa_dmp1 = BN_CTX_get(ctx);
+	rsa_dmq1 = BN_CTX_get(ctx);
+	rsa_iqmp = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if(!result)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+			!bn_wexpand(rsa_dmp1, dmp1->top) ||
+			!bn_wexpand(rsa_dmq1, dmq1->top) ||
+			!bn_wexpand(rsa_iqmp, iqmp->top) ||
+			!bn_wexpand(argument, a->top) ||
+			!bn_wexpand(result, p->top + q->top))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_CRT;
+	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+		(unsigned char *)rsa_dmp1->d);
+	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+		(unsigned char *)rsa_dmq1->d);
+	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+		(unsigned char *)rsa_iqmp->d);
+	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+	arg.value = (unsigned char *)argument->d;
+	res.nbytes = 2 * BN_num_bytes(p);
+	memset(result->d, 0, res.nbytes);
+	res.value = (unsigned char *)result->d;
+	/* Perform the operation */
+	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+		&res, 1)) != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+	to_return = 1;
+err:
+	if(acquired)
+		release_context(hac);
+	BN_CTX_end(ctx);
+	return to_return;
+	}
+ 
+#ifndef OPENSSL_NO_RSA
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx;
+	int to_return = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
+		goto err;
+		}
+	to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+		rsa->dmq1, rsa->iqmp, ctx);
+err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return cswift_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+	SW_CONTEXT_HANDLE hac;
+	SW_PARAM sw_param;
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg, res;
+	unsigned char *ptr;
+	BN_CTX *ctx;
+	BIGNUM *dsa_p = NULL;
+	BIGNUM *dsa_q = NULL;
+	BIGNUM *dsa_g = NULL;
+	BIGNUM *dsa_key = NULL;
+	BIGNUM *result = NULL;
+	DSA_SIG *to_return = NULL;
+	int acquired = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	dsa_p = BN_CTX_get(ctx);
+	dsa_q = BN_CTX_get(ctx);
+	dsa_g = BN_CTX_get(ctx);
+	dsa_key = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if(!result)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(dsa_p, dsa->p->top) ||
+			!bn_wexpand(dsa_q, dsa->q->top) ||
+			!bn_wexpand(dsa_g, dsa->g->top) ||
+			!bn_wexpand(dsa_key, dsa->priv_key->top) ||
+			!bn_wexpand(result, dsa->p->top))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_DSA;
+	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+				(unsigned char *)dsa_p->d);
+	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+				(unsigned char *)dsa_q->d);
+	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+				(unsigned char *)dsa_g->d);
+	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+				(unsigned char *)dsa_key->d);
+	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg.nbytes = dlen;
+	arg.value = (unsigned char *)dgst;
+	res.nbytes = BN_num_bytes(dsa->p);
+	memset(result->d, 0, res.nbytes);
+	res.value = (unsigned char *)result->d;
+	/* Perform the operation */
+	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+		&res, 1);
+	if(sw_status != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	ptr = (unsigned char *)result->d;
+	if((to_return = DSA_SIG_new()) == NULL)
+		goto err;
+	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+	to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+err:
+	if(acquired)
+		release_context(hac);
+	if(ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+	return to_return;
+	}
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa)
+	{
+	SW_CONTEXT_HANDLE hac;
+	SW_PARAM sw_param;
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg[2], res;
+	unsigned long sig_result;
+	BN_CTX *ctx;
+	BIGNUM *dsa_p = NULL;
+	BIGNUM *dsa_q = NULL;
+	BIGNUM *dsa_g = NULL;
+	BIGNUM *dsa_key = NULL;
+	BIGNUM *argument = NULL;
+	int to_return = -1;
+	int acquired = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	dsa_p = BN_CTX_get(ctx);
+	dsa_q = BN_CTX_get(ctx);
+	dsa_g = BN_CTX_get(ctx);
+	dsa_key = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	if(!argument)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(dsa_p, dsa->p->top) ||
+			!bn_wexpand(dsa_q, dsa->q->top) ||
+			!bn_wexpand(dsa_g, dsa->g->top) ||
+			!bn_wexpand(dsa_key, dsa->pub_key->top) ||
+			!bn_wexpand(argument, 40))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_DSA;
+	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+				(unsigned char *)dsa_p->d);
+	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+				(unsigned char *)dsa_q->d);
+	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+				(unsigned char *)dsa_g->d);
+	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+				(unsigned char *)dsa_key->d);
+	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg[0].nbytes = dgst_len;
+	arg[0].value = (unsigned char *)dgst;
+	arg[1].nbytes = 40;
+	arg[1].value = (unsigned char *)argument->d;
+	memset(arg[1].value, 0, 40);
+	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+	res.nbytes = 4; /* unsigned long */
+	res.value = (unsigned char *)(&sig_result);
+	/* Perform the operation */
+	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+		&res, 1);
+	if(sw_status != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	to_return = ((sig_result == 0) ? 0 : 1);
+
+err:
+	if(acquired)
+		release_context(hac);
+	if(ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+	return to_return;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return cswift_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* Random bytes are good */
+static int cswift_rand_bytes(unsigned char *buf, int num)
+{
+	SW_CONTEXT_HANDLE hac;
+	SW_STATUS swrc;
+	SW_LARGENUMBER largenum;
+	size_t nbytes = 0;
+	int acquired = 0;
+	int to_return = 0; /* assume failure */
+
+	if (!get_context(&hac))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
+		goto err;
+	}
+	acquired = 1;
+
+	while (nbytes < (size_t)num)
+	{
+		/* tell CryptoSwift how many bytes we want and where we want it.
+		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+		 *       - CryptoSwift can only do multiple of 32-bits. */
+		largenum.value = (SW_BYTE *) buf + nbytes;
+		if (4096 > num - nbytes)
+			largenum.nbytes = num - nbytes;
+		else
+			largenum.nbytes = 4096;
+
+		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+		if (swrc != SW_OK)
+		{
+			char tmpbuf[20];
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+			sprintf(tmpbuf, "%ld", swrc);
+			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+			goto err;
+		}
+
+		nbytes += largenum.nbytes;
+	}
+	to_return = 1;  /* success */
+
+err:
+	if (acquired)
+		release_context(hac);
+	return to_return;
+}
+
+static int cswift_rand_status(void)
+{
+	return 1;
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_cswift_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_CSWIFT */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_cswift_err.c b/crypto/openssl/crypto/engine/hw_cswift_err.c
new file mode 100644
index 0000000..684f53b
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_cswift_err.c
@@ -0,0 +1,149 @@
+/* hw_cswift_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_cswift_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CSWIFT_str_functs[]=
+	{
+{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0),	"CSWIFT_CTRL"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0),	"CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0),	"CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0),	"CSWIFT_FINISH"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0),	"CSWIFT_INIT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0),	"CSWIFT_MOD_EXP"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0),	"CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0),	"CSWIFT_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CSWIFT_str_reasons[]=
+	{
+{CSWIFT_R_ALREADY_LOADED                 ,"already loaded"},
+{CSWIFT_R_BAD_KEY_SIZE                   ,"bad key size"},
+{CSWIFT_R_BN_CTX_FULL                    ,"bn ctx full"},
+{CSWIFT_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{CSWIFT_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{CSWIFT_R_NOT_LOADED                     ,"not loaded"},
+{CSWIFT_R_REQUEST_FAILED                 ,"request failed"},
+{CSWIFT_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+static ERR_STRING_DATA CSWIFT_lib_name[]=
+        {
+{0	,CSWIFT_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int CSWIFT_lib_error_code=0;
+static int CSWIFT_error_init=1;
+
+static void ERR_load_CSWIFT_strings(void)
+	{
+	if (CSWIFT_lib_error_code == 0)
+		CSWIFT_lib_error_code=ERR_get_next_error_library();
+
+	if (CSWIFT_error_init)
+		{
+		CSWIFT_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+		ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+		CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
+		ERR_load_strings(0,CSWIFT_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_CSWIFT_strings(void)
+	{
+	if (CSWIFT_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+		ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+		ERR_unload_strings(0,CSWIFT_lib_name);
+#endif
+		CSWIFT_error_init=1;
+		}
+	}
+
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
+	{
+	if (CSWIFT_lib_error_code == 0)
+		CSWIFT_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_cswift_err.h b/crypto/openssl/crypto/engine/hw_cswift_err.h
new file mode 100644
index 0000000..7120c32
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_cswift_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CSWIFT_ERR_H
+#define HEADER_CSWIFT_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CSWIFT_strings(void);
+static void ERR_unload_CSWIFT_strings(void);
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
+#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CSWIFT functions. */
+
+/* Function codes. */
+#define CSWIFT_F_CSWIFT_CTRL				 100
+#define CSWIFT_F_CSWIFT_DSA_SIGN			 101
+#define CSWIFT_F_CSWIFT_DSA_VERIFY			 102
+#define CSWIFT_F_CSWIFT_FINISH				 103
+#define CSWIFT_F_CSWIFT_INIT				 104
+#define CSWIFT_F_CSWIFT_MOD_EXP				 105
+#define CSWIFT_F_CSWIFT_MOD_EXP_CRT			 106
+#define CSWIFT_F_CSWIFT_RSA_MOD_EXP			 107
+
+/* Reason codes. */
+#define CSWIFT_R_ALREADY_LOADED				 100
+#define CSWIFT_R_BAD_KEY_SIZE				 101
+#define CSWIFT_R_BN_CTX_FULL				 102
+#define CSWIFT_R_BN_EXPAND_FAIL				 103
+#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED		 104
+#define CSWIFT_R_MISSING_KEY_COMPONENTS			 105
+#define CSWIFT_R_NOT_LOADED				 106
+#define CSWIFT_R_REQUEST_FAILED				 107
+#define CSWIFT_R_UNIT_FAILURE				 108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_ncipher.c b/crypto/openssl/crypto/engine/hw_ncipher.c
new file mode 100644
index 0000000..0d1c6b8
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_ncipher.c
@@ -0,0 +1,1388 @@
+/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NCIPHER
+
+/* Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#ifdef FLAT_INC
+#include "hwcryptohook.h"
+#else
+#include "vendor_defns/hwcryptohook.h"
+#endif
+
+#define HWCRHK_LIB_NAME "hwcrhk engine"
+#include "hw_ncipher_err.c"
+
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+
+/* Functions to handle mutexes if have dynamic locks */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+#if 1 /* This is a HACK which will disappear in 0.9.8 */
+/* Functions to handle mutexes if only have static locks */
+static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
+                                    HWCryptoHook_CallerContext *c);
+static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m);
+static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m);
+static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m);
+#endif
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+	const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int ind,long argl, void *argp);
+
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+	const char *wrong_info,
+	HWCryptoHook_PassphraseContext *ppctx,
+	HWCryptoHook_CallerContext *cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+	int *len_io, char *buf,
+	HWCryptoHook_PassphraseContext *ppctx,
+	HWCryptoHook_CallerContext *cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* The definitions for control commands specific to this engine */
+#define HWCRHK_CMD_SO_PATH		ENGINE_CMD_BASE
+#define HWCRHK_CMD_FORK_CHECK		(ENGINE_CMD_BASE + 1)
+#define HWCRHK_CMD_THREAD_LOCKING	(ENGINE_CMD_BASE + 2)
+#define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
+#define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+	{HWCRHK_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'hwcrhk' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{HWCRHK_CMD_FORK_CHECK,
+		"FORK_CHECK",
+		"Turns fork() checking on or off (boolean)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{HWCRHK_CMD_THREAD_LOCKING,
+		"THREAD_LOCKING",
+		"Turns thread-safe locking on or off (boolean)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{HWCRHK_CMD_SET_USER_INTERFACE,
+		"SET_USER_INTERFACE",
+		"Set the global user interface (internal)",
+		ENGINE_CMD_FLAG_INTERNAL},
+	{HWCRHK_CMD_SET_CALLBACK_DATA,
+		"SET_CALLBACK_DATA",
+		"Set the global user interface extra data (internal)",
+		ENGINE_CMD_FLAG_INTERNAL},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa =
+	{
+	"nCipher RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	hwcrhk_rsa_mod_exp,
+	hwcrhk_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh =
+	{
+	"nCipher DH method",
+	NULL,
+	NULL,
+	hwcrhk_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+static RAND_METHOD hwcrhk_rand =
+	{
+	/* "nCipher RAND method", */
+	NULL,
+	hwcrhk_rand_bytes,
+	NULL,
+	NULL,
+	hwcrhk_rand_bytes,
+	hwcrhk_rand_status,
+	};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "nCipher hardware engine support";
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+   into HWCryptoHook_Mutex */
+struct HWCryptoHook_MutexValue
+	{
+	int lockid;
+	};
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_PassphraseContextValue
+   into HWCryptoHook_PassphraseContext */
+struct HWCryptoHook_PassphraseContextValue
+	{
+        UI_METHOD *ui_method;
+	void *callback_data;
+	};
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_CallerContextValue
+   into HWCryptoHook_CallerContext */
+struct HWCryptoHook_CallerContextValue
+	{
+	pem_password_cb *password_callback; /* Deprecated!  Only present for
+                                               backward compatibility! */
+        UI_METHOD *ui_method;
+	void *callback_data;
+	};
+
+/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+   BIGNUM's, so lets define a couple of conversion macros */
+#define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+
+/* One might wonder why these are needed, since one can pass down at least
+   a UI_METHOD and a pointer to callback data to the key-loading functions.
+   The thing is that the ModExp and RSAImmed functions can load keys as well,
+   if the data they get is in a special, nCipher-defined format (hint: if you
+   look at the private exponent of the RSA data as a string, you'll see this
+   string: "nCipher KM tool key id", followed by some bytes, followed a key
+   identity string, followed by more bytes.  This happens when you use "embed"
+   keys instead of "hwcrhk" keys).  Unfortunately, those functions do not take
+   any passphrase or caller context, and our functions can't really take any
+   callback data either.  Still, the "insert_card" and "get_passphrase"
+   callbacks may be called down the line, and will need to know what user
+   interface callbacks to call, and having callback data from the application
+   may be a nice thing as well, so we need to keep track of that globally. */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+	HWCryptoHook_InitFlags_SimpleForkCheck,	/* Flags */
+	&logstream,		/* logstream */
+	sizeof(BN_ULONG),	/* limbsize */
+	0,			/* mslimb first: false for BNs */
+	-1,			/* msbyte first: use native */
+	0,			/* Max mutexes, 0 = no small limit */
+	0,			/* Max simultaneous, 0 = default */
+
+	/* The next few are mutex stuff: we write wrapper functions
+	   around the OS mutex functions.  We initialise them to 0
+	   here, and change that to actual function pointers in hwcrhk_init()
+	   if dynamic locks are supported (that is, if the application
+	   programmer has made sure of setting up callbacks bafore starting
+	   this engine) *and* if disable_mutex_callbacks hasn't been set by
+	   a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
+	sizeof(HWCryptoHook_Mutex),
+	0,
+	0,
+	0,
+	0,
+
+	/* The next few are condvar stuff: we write wrapper functions
+	   round the OS functions.  Currently not implemented and not
+	   and absolute necessity even in threaded programs, therefore
+	   0'ed.  Will hopefully be implemented some day, since it
+	   enhances the efficiency of HWCryptoHook.  */
+	0, /* sizeof(HWCryptoHook_CondVar), */
+	0, /* hwcrhk_cv_init, */
+	0, /* hwcrhk_cv_wait, */
+	0, /* hwcrhk_cv_signal, */
+	0, /* hwcrhk_cv_broadcast, */
+	0, /* hwcrhk_cv_destroy, */
+
+	hwcrhk_get_pass,	/* pass phrase */
+	hwcrhk_insert_card,	/* insert a card */
+	hwcrhk_log_message	/* Log message */
+};
+
+
+/* Now, to our own code */
+
+/* This internal function is used by ENGINE_ncipher() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth2;
+#endif
+	if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
+			!ENGINE_set_name(e, engine_hwcrhk_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &hwcrhk_dh) ||
+#endif
+			!ENGINE_set_RAND(e, &hwcrhk_rand) ||
+			!ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+			!ENGINE_set_init_function(e, hwcrhk_init) ||
+			!ENGINE_set_finish_function(e, hwcrhk_finish) ||
+			!ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+			!ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+			!ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+			!ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the cswift-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth2 = DH_OpenSSL();
+	hwcrhk_dh.generate_key = meth2->generate_key;
+	hwcrhk_dh.compute_key = meth2->compute_key;
+#endif
+
+	/* Ensure the hwcrhk error handling is set up */
+	ERR_load_HWCRHK_strings();
+	return 1;
+	}
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_ncipher(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_chil(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_ncipher();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the HWCryptoHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+#ifndef OPENSSL_NO_RSA
+static int hndidx_rsa = -1;    /* Index for KM handle.  Not really used yet. */
+#endif
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+	{
+	if(HWCRHK_LIBNAME)
+		OPENSSL_free((void*)HWCRHK_LIBNAME);
+	HWCRHK_LIBNAME = NULL;
+	}
+static const char *get_HWCRHK_LIBNAME(void)
+	{
+	if(HWCRHK_LIBNAME)
+		return HWCRHK_LIBNAME;
+	return "nfhwcrhk";
+	}
+static long set_HWCRHK_LIBNAME(const char *name)
+	{
+	free_HWCRHK_LIBNAME();
+	return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/* HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle *hac,
+        HWCryptoHook_CallerContext *cac)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
+		cac);
+	if (!*hac)
+                return 0;
+        return 1;
+	}
+ 
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+	{
+	p_hwcrhk_Finish(hac);
+	}
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+	{
+	free_HWCRHK_LIBNAME();
+	ERR_unload_HWCRHK_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+	{
+	HWCryptoHook_Init_t *p1;
+	HWCryptoHook_Finish_t *p2;
+	HWCryptoHook_ModExp_t *p3;
+#ifndef OPENSSL_NO_RSA
+	HWCryptoHook_RSA_t *p4;
+	HWCryptoHook_RSALoadKey_t *p5;
+	HWCryptoHook_RSAGetPublicKey_t *p6;
+	HWCryptoHook_RSAUnloadKey_t *p7;
+#endif
+	HWCryptoHook_RandomBytes_t *p8;
+	HWCryptoHook_ModExpCRT_t *p9;
+
+	if(hwcrhk_dso != NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+	hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+	if(hwcrhk_dso == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+		goto err;
+		}
+	if(!(p1 = (HWCryptoHook_Init_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+		!(p2 = (HWCryptoHook_Finish_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+		!(p3 = (HWCryptoHook_ModExp_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+#ifndef OPENSSL_NO_RSA
+		!(p4 = (HWCryptoHook_RSA_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+		!(p5 = (HWCryptoHook_RSALoadKey_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+		!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+		!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+#endif
+		!(p8 = (HWCryptoHook_RandomBytes_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+		!(p9 = (HWCryptoHook_ModExpCRT_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+		goto err;
+		}
+	/* Copy the pointers */
+	p_hwcrhk_Init = p1;
+	p_hwcrhk_Finish = p2;
+	p_hwcrhk_ModExp = p3;
+#ifndef OPENSSL_NO_RSA
+	p_hwcrhk_RSA = p4;
+	p_hwcrhk_RSALoadKey = p5;
+	p_hwcrhk_RSAGetPublicKey = p6;
+	p_hwcrhk_RSAUnloadKey = p7;
+#endif
+	p_hwcrhk_RandomBytes = p8;
+	p_hwcrhk_ModExpCRT = p9;
+
+	/* Check if the application decided to support dynamic locks,
+	   and if it does, use them. */
+	if (disable_mutex_callbacks == 0)
+		{
+		if (CRYPTO_get_dynlock_create_callback() != NULL &&
+			CRYPTO_get_dynlock_lock_callback() != NULL &&
+			CRYPTO_get_dynlock_destroy_callback() != NULL)
+			{
+			hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+			hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+			hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+			hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+			}
+		else if (CRYPTO_get_locking_callback() != NULL)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING);
+			ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
+#if 1 /* This is a HACK which will disappear in 0.9.8 */
+			hwcrhk_globals.maxmutexes    = 1; /* Only have one lock */
+			hwcrhk_globals.mutex_init    = hwcrhk_static_mutex_init;
+			hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock;
+			hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock;
+			hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy;
+#else
+			goto err;
+#endif
+			}
+		}
+
+	/* Try and get a context - if not, we may have a DSO but no
+	 * accelerator! */
+	if(!get_context(&hwcrhk_context, &password_context))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
+		goto err;
+		}
+	/* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+	if (hndidx_rsa == -1)
+		hndidx_rsa = RSA_get_ex_new_index(0,
+			"nFast HWCryptoHook RSA key handle",
+			NULL, NULL, hwcrhk_ex_free);
+#endif
+	return 1;
+err:
+	if(hwcrhk_dso)
+		DSO_free(hwcrhk_dso);
+	hwcrhk_dso = NULL;
+	p_hwcrhk_Init = NULL;
+	p_hwcrhk_Finish = NULL;
+	p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+	p_hwcrhk_RSA = NULL;
+	p_hwcrhk_RSALoadKey = NULL;
+	p_hwcrhk_RSAGetPublicKey = NULL;
+	p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+	p_hwcrhk_ModExpCRT = NULL;
+	p_hwcrhk_RandomBytes = NULL;
+	return 0;
+	}
+
+static int hwcrhk_finish(ENGINE *e)
+	{
+	int to_return = 1;
+	free_HWCRHK_LIBNAME();
+	if(hwcrhk_dso == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
+		to_return = 0;
+		goto err;
+		}
+	release_context(hwcrhk_context);
+	if(!DSO_free(hwcrhk_dso))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
+		to_return = 0;
+		goto err;
+		}
+ err:
+	if (logstream)
+		BIO_free(logstream);
+	hwcrhk_dso = NULL;
+	p_hwcrhk_Init = NULL;
+	p_hwcrhk_Finish = NULL;
+	p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+	p_hwcrhk_RSA = NULL;
+	p_hwcrhk_RSALoadKey = NULL;
+	p_hwcrhk_RSAGetPublicKey = NULL;
+	p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+	p_hwcrhk_ModExpCRT = NULL;
+	p_hwcrhk_RandomBytes = NULL;
+	return to_return;
+	}
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int to_return = 1;
+
+	switch(cmd)
+		{
+	case HWCRHK_CMD_SO_PATH:
+		if(hwcrhk_dso)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
+			return 0;
+			}
+		if(p == NULL)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		return set_HWCRHK_LIBNAME((const char *)p);
+	case ENGINE_CTRL_SET_LOGSTREAM:
+		{
+		BIO *bio = (BIO *)p;
+
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		if (logstream)
+			{
+			BIO_free(logstream);
+			logstream = NULL;
+			}
+		if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+			logstream = bio;
+		else
+			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
+		}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		password_context.password_callback = (pem_password_cb *)f;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case ENGINE_CTRL_SET_USER_INTERFACE:
+	case HWCRHK_CMD_SET_USER_INTERFACE:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		password_context.ui_method = (UI_METHOD *)p;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case ENGINE_CTRL_SET_CALLBACK_DATA:
+	case HWCRHK_CMD_SET_CALLBACK_DATA:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		password_context.callback_data = p;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	/* this enables or disables the "SimpleForkCheck" flag used in the
+	 * initialisation structure. */
+	case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+	case HWCRHK_CMD_FORK_CHECK:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		if(i)
+			hwcrhk_globals.flags |=
+				HWCryptoHook_InitFlags_SimpleForkCheck;
+		else
+			hwcrhk_globals.flags &=
+				~HWCryptoHook_InitFlags_SimpleForkCheck;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	/* This will prevent the initialisation function from "installing"
+	 * the mutex-handling callbacks, even if they are available from
+	 * within the library (or were provided to the library from the
+	 * calling application). This is to remove any baggage for
+	 * applications not using multithreading. */
+	case ENGINE_CTRL_CHIL_NO_LOCKING:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		disable_mutex_callbacks = 1;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case HWCRHK_CMD_THREAD_LOCKING:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+
+	/* The command isn't understood by this engine */
+	default:
+		HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+			HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+		to_return = 0;
+		break;
+		}
+
+	return to_return;
+	}
+
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+#ifndef OPENSSL_NO_RSA
+	RSA *rtmp = NULL;
+#endif
+	EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+	HWCryptoHook_MPI e, n;
+	HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+#endif
+	HWCryptoHook_PassphraseContext ppctx;
+
+#if !defined(OPENSSL_NO_RSA)
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+#endif
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+#ifndef OPENSSL_NO_RSA
+	hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+	if (!hptr)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+        ppctx.ui_method = ui_method;
+	ppctx.callback_data = callback_data;
+	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
+		&rmsg, &ppctx))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			HWCRHK_R_CHIL_ERROR);
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+	if (!*hptr)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			HWCRHK_R_NO_KEY);
+		goto err;
+		}
+#endif
+#ifndef OPENSSL_NO_RSA
+	rtmp = RSA_new_method(eng);
+	RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+	rtmp->e = BN_new();
+	rtmp->n = BN_new();
+	rtmp->flags |= RSA_FLAG_EXT_PKEY;
+	MPI2BN(rtmp->e, e);
+	MPI2BN(rtmp->n, n);
+	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+		!= HWCRYPTOHOOK_ERROR_MPISIZE)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+
+	bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
+	bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
+	MPI2BN(rtmp->e, e);
+	MPI2BN(rtmp->n, n);
+
+	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+			HWCRHK_R_CHIL_ERROR);
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+	rtmp->e->top = e.size / sizeof(BN_ULONG);
+	bn_fix_top(rtmp->e);
+	rtmp->n->top = n.size / sizeof(BN_ULONG);
+	bn_fix_top(rtmp->n);
+
+	res = EVP_PKEY_new();
+	EVP_PKEY_assign_RSA(res, rtmp);
+#endif
+
+        if (!res)
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+	return res;
+ err:
+	if (res)
+		EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+	if (rtmp)
+		RSA_free(rtmp);
+#endif
+	return NULL;
+	}
+
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	EVP_PKEY *res = NULL;
+
+#ifndef OPENSSL_NO_RSA
+        res = hwcrhk_load_privkey(eng, key_id,
+                ui_method, callback_data);
+#endif
+
+	if (res)
+		switch(res->type)
+			{
+#ifndef OPENSSL_NO_RSA
+		case EVP_PKEY_RSA:
+			{
+			RSA *rsa = NULL;
+
+			CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+			rsa = res->pkey.rsa;
+			res->pkey.rsa = RSA_new();
+			res->pkey.rsa->n = rsa->n;
+			res->pkey.rsa->e = rsa->e;
+			rsa->n = NULL;
+			rsa->e = NULL;
+			CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+			RSA_free(rsa);
+			}
+			break;
+#endif
+		default:
+			HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+				HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+			goto err;
+			}
+
+	return res;
+ err:
+	if (res)
+		EVP_PKEY_free(res);
+	return NULL;
+	}
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+	/* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
+	   we use them directly, plus a little macro magic.  We only
+	   thing we need to make sure of is that enough space is allocated. */
+	HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+	int to_return, ret;
+ 
+	to_return = 0; /* expect failure */
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+	/* Prepare the params */
+	bn_expand2(r, m->top);	/* Check for error !! */
+	BN2MPI(m_a, a);
+	BN2MPI(m_p, p);
+	BN2MPI(m_n, m);
+	MPI2BN(r, m_r);
+
+	/* Perform the operation */
+	ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+	/* Convert the response */
+	r->top = m_r.size / sizeof(BN_ULONG);
+	bn_fix_top(r);
+
+	if (ret < 0)
+		{
+		/* FIXME: When this error is returned, HWCryptoHook is
+		   telling us that falling back to software computation
+		   might be a good thing. */
+		if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
+			}
+		else
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
+			}
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+
+	to_return = 1;
+err:
+	return to_return;
+	}
+
+#ifndef OPENSSL_NO_RSA 
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+	HWCryptoHook_RSAKeyHandle *hptr;
+	int to_return = 0, ret;
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+
+	/* This provides support for nForce keys.  Since that's opaque data
+	   all we do is provide a handle to the proper key and let HWCryptoHook
+	   take care of the rest. */
+	if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+		!= NULL)
+		{
+		HWCryptoHook_MPI m_a, m_r;
+
+		if(!rsa->n)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+				HWCRHK_R_MISSING_KEY_COMPONENTS);
+			goto err;
+			}
+
+		/* Prepare the params */
+		bn_expand2(r, rsa->n->top); /* Check for error !! */
+		BN2MPI(m_a, I);
+		MPI2BN(r, m_r);
+
+		/* Perform the operation */
+		ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+		/* Convert the response */
+		r->top = m_r.size / sizeof(BN_ULONG);
+		bn_fix_top(r);
+
+		if (ret < 0)
+			{
+			/* FIXME: When this error is returned, HWCryptoHook is
+			   telling us that falling back to software computation
+			   might be a good thing. */
+			if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FALLBACK);
+				}
+			else
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FAILED);
+				}
+			ERR_add_error_data(1,rmsg.buf);
+			goto err;
+			}
+		}
+	else
+		{
+		HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+		if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+				HWCRHK_R_MISSING_KEY_COMPONENTS);
+			goto err;
+			}
+
+		/* Prepare the params */
+		bn_expand2(r, rsa->n->top); /* Check for error !! */
+		BN2MPI(m_a, I);
+		BN2MPI(m_p, rsa->p);
+		BN2MPI(m_q, rsa->q);
+		BN2MPI(m_dmp1, rsa->dmp1);
+		BN2MPI(m_dmq1, rsa->dmq1);
+		BN2MPI(m_iqmp, rsa->iqmp);
+		MPI2BN(r, m_r);
+
+		/* Perform the operation */
+		ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+			m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+		/* Convert the response */
+		r->top = m_r.size / sizeof(BN_ULONG);
+		bn_fix_top(r);
+
+		if (ret < 0)
+			{
+			/* FIXME: When this error is returned, HWCryptoHook is
+			   telling us that falling back to software computation
+			   might be a good thing. */
+			if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FALLBACK);
+				}
+			else
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FAILED);
+				}
+			ERR_add_error_data(1,rmsg.buf);
+			goto err;
+			}
+		}
+	/* If we're here, we must be here with some semblance of success :-) */
+	to_return = 1;
+err:
+	return to_return;
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return hwcrhk_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return hwcrhk_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+	int to_return = 0; /* assume failure */
+	int ret;
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+
+	ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+	if (ret < 0)
+		{
+		/* FIXME: When this error is returned, HWCryptoHook is
+		   telling us that falling back to software computation
+		   might be a good thing. */
+		if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+				HWCRHK_R_REQUEST_FALLBACK);
+			}
+		else
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+				HWCRHK_R_REQUEST_FAILED);
+			}
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+	to_return = 1;
+ err:
+	return to_return;
+	}
+
+static int hwcrhk_rand_status(void)
+	{
+	return 1;
+	}
+
+/* This cleans up an RSA KM key, called when ex_data is freed */
+
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int ind,long argl, void *argp)
+{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+#ifndef OPENSSL_NO_RSA
+	HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+	int ret;
+#endif
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+#ifndef OPENSSL_NO_RSA
+	hptr = (HWCryptoHook_RSAKeyHandle *) item;
+	if(hptr)
+                {
+                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+                }
+#endif
+}
+
+/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
+	HWCryptoHook_CallerContext *cactx)
+	{
+	mt->lockid = CRYPTO_get_new_dynlockid();
+	if (mt->lockid == 0)
+		return 1; /* failure */
+	return 0; /* success */
+	}
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
+	{
+	CRYPTO_w_lock(mt->lockid);
+	return 0;
+	}
+
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+	{
+	CRYPTO_w_unlock(mt->lockid);
+	}
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
+	{
+	CRYPTO_destroy_dynlockid(mt->lockid);
+	}
+
+/* Mutex upcalls to use if the application does not support dynamic locks */
+
+static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
+	HWCryptoHook_CallerContext *c)
+	{
+	return 0;
+	}
+static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK);
+	return 0;
+	}
+static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m)
+	{
+	CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK);
+	}
+static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m)
+	{
+	}
+
+static int hwcrhk_get_pass(const char *prompt_info,
+	int *len_io, char *buf,
+	HWCryptoHook_PassphraseContext *ppctx,
+	HWCryptoHook_CallerContext *cactx)
+	{
+	pem_password_cb *callback = NULL;
+	void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+		if (cactx->password_callback)
+			callback = cactx->password_callback;
+		if (cactx->callback_data)
+			callback_data = cactx->callback_data;
+                }
+	if (ppctx)
+		{
+                if (ppctx->ui_method)
+                        {
+                        ui_method = ppctx->ui_method;
+                        callback = NULL;
+                        }
+		if (ppctx->callback_data)
+			callback_data = ppctx->callback_data;
+		}
+	if (callback == NULL && ui_method == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
+		return -1;
+		}
+
+        if (ui_method)
+                {
+                UI *ui = UI_new_method(ui_method);
+                if (ui)
+                        {
+                        int ok;
+                        char *prompt = UI_construct_prompt(ui,
+                                "pass phrase", prompt_info);
+
+                        ok = UI_add_input_string(ui,prompt,
+                                UI_INPUT_FLAG_DEFAULT_PWD,
+				buf,0,(*len_io) - 1);
+                        UI_add_user_data(ui, callback_data);
+			UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+			if (ok >= 0)
+				do
+					{
+					ok=UI_process(ui);
+					}
+				while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+                        if (ok >= 0)
+                                *len_io = strlen(buf);
+
+                        UI_free(ui);
+                        OPENSSL_free(prompt);
+                        }
+                }
+        else
+                {
+                *len_io = callback(buf, *len_io, 0, callback_data);
+                }
+	if(!*len_io)
+		return -1;
+	return 0;
+	}
+
+static int hwcrhk_insert_card(const char *prompt_info,
+		      const char *wrong_info,
+		      HWCryptoHook_PassphraseContext *ppctx,
+		      HWCryptoHook_CallerContext *cactx)
+        {
+        int ok = -1;
+        UI *ui;
+	void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+		if (cactx->callback_data)
+			callback_data = cactx->callback_data;
+                }
+	if (ppctx)
+		{
+                if (ppctx->ui_method)
+                        ui_method = ppctx->ui_method;
+		if (ppctx->callback_data)
+			callback_data = ppctx->callback_data;
+		}
+	if (ui_method == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
+			HWCRHK_R_NO_CALLBACK);
+		return -1;
+		}
+
+	ui = UI_new_method(ui_method);
+
+	if (ui)
+		{
+		char answer;
+		char buf[BUFSIZ];
+
+		if (wrong_info)
+			BIO_snprintf(buf, sizeof(buf)-1,
+				"Current card: \"%s\"\n", wrong_info);
+		ok = UI_dup_info_string(ui, buf);
+		if (ok >= 0 && prompt_info)
+			{
+			BIO_snprintf(buf, sizeof(buf)-1,
+				"Insert card \"%s\"", prompt_info);
+			ok = UI_dup_input_boolean(ui, buf,
+				"\n then hit <enter> or C<enter> to cancel\n",
+				"\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
+			}
+		UI_add_user_data(ui, callback_data);
+
+		if (ok >= 0)
+			ok = UI_process(ui);
+		UI_free(ui);
+
+		if (ok == -2 || (ok >= 0 && answer == 'C'))
+			ok = 1;
+		else if (ok < 0)
+			ok = -1;
+		else
+			ok = 0;
+		}
+	return ok;
+	}
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+	{
+	BIO *lstream = NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+	if (logstr)
+		lstream=*(BIO **)logstr;
+	if (lstream)
+		{
+		BIO_printf(lstream, "%s\n", message);
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+	}
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */	   
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_hwcrhk_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_NCIPHER */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_ncipher_err.c b/crypto/openssl/crypto/engine/hw_ncipher_err.c
new file mode 100644
index 0000000..5bc9458
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_ncipher_err.c
@@ -0,0 +1,157 @@
+/* hw_ncipher_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ncipher_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA HWCRHK_str_functs[]=
+	{
+{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0),	"HWCRHK_CTRL"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0),	"HWCRHK_FINISH"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0),	"HWCRHK_GET_PASS"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0),	"HWCRHK_INIT"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0),	"HWCRHK_INSERT_CARD"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0),	"HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0),	"HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0),	"HWCRHK_MOD_EXP"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0),	"HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0),	"HWCRHK_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA HWCRHK_str_reasons[]=
+	{
+{HWCRHK_R_ALREADY_LOADED                 ,"already loaded"},
+{HWCRHK_R_BIO_WAS_FREED                  ,"bio was freed"},
+{HWCRHK_R_CHIL_ERROR                     ,"chil error"},
+{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{HWCRHK_R_DSO_FAILURE                    ,"dso failure"},
+{HWCRHK_R_DYNAMIC_LOCKING_MISSING        ,"dynamic locking missing"},
+{HWCRHK_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{HWCRHK_R_NOT_INITIALISED                ,"not initialised"},
+{HWCRHK_R_NOT_LOADED                     ,"not loaded"},
+{HWCRHK_R_NO_CALLBACK                    ,"no callback"},
+{HWCRHK_R_NO_KEY                         ,"no key"},
+{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
+{HWCRHK_R_REQUEST_FAILED                 ,"request failed"},
+{HWCRHK_R_REQUEST_FALLBACK               ,"request fallback"},
+{HWCRHK_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+static ERR_STRING_DATA HWCRHK_lib_name[]=
+        {
+{0	,HWCRHK_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int HWCRHK_lib_error_code=0;
+static int HWCRHK_error_init=1;
+
+static void ERR_load_HWCRHK_strings(void)
+	{
+	if (HWCRHK_lib_error_code == 0)
+		HWCRHK_lib_error_code=ERR_get_next_error_library();
+
+	if (HWCRHK_error_init)
+		{
+		HWCRHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+		ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+		HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
+		ERR_load_strings(0,HWCRHK_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_HWCRHK_strings(void)
+	{
+	if (HWCRHK_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+		ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+		ERR_unload_strings(0,HWCRHK_lib_name);
+#endif
+		HWCRHK_error_init=1;
+		}
+	}
+
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
+	{
+	if (HWCRHK_lib_error_code == 0)
+		HWCRHK_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_ncipher_err.h b/crypto/openssl/crypto/engine/hw_ncipher_err.h
new file mode 100644
index 0000000..d232d02
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_ncipher_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_HWCRHK_ERR_H
+#define HEADER_HWCRHK_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_HWCRHK_strings(void);
+static void ERR_unload_HWCRHK_strings(void);
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the HWCRHK functions. */
+
+/* Function codes. */
+#define HWCRHK_F_HWCRHK_CTRL				 100
+#define HWCRHK_F_HWCRHK_FINISH				 101
+#define HWCRHK_F_HWCRHK_GET_PASS			 102
+#define HWCRHK_F_HWCRHK_INIT				 103
+#define HWCRHK_F_HWCRHK_INSERT_CARD			 104
+#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY			 105
+#define HWCRHK_F_HWCRHK_LOAD_PUBKEY			 106
+#define HWCRHK_F_HWCRHK_MOD_EXP				 107
+#define HWCRHK_F_HWCRHK_RAND_BYTES			 108
+#define HWCRHK_F_HWCRHK_RSA_MOD_EXP			 109
+
+/* Reason codes. */
+#define HWCRHK_R_ALREADY_LOADED				 100
+#define HWCRHK_R_BIO_WAS_FREED				 101
+#define HWCRHK_R_CHIL_ERROR				 102
+#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define HWCRHK_R_DSO_FAILURE				 104
+#define HWCRHK_R_DYNAMIC_LOCKING_MISSING		 114
+#define HWCRHK_R_MISSING_KEY_COMPONENTS			 105
+#define HWCRHK_R_NOT_INITIALISED			 106
+#define HWCRHK_R_NOT_LOADED				 107
+#define HWCRHK_R_NO_CALLBACK				 108
+#define HWCRHK_R_NO_KEY					 109
+#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED	 110
+#define HWCRHK_R_REQUEST_FAILED				 111
+#define HWCRHK_R_REQUEST_FALLBACK			 112
+#define HWCRHK_R_UNIT_FAILURE				 113
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_nuron.c b/crypto/openssl/crypto/engine/hw_nuron.c
new file mode 100644
index 0000000..fb9188b
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_nuron.c
@@ -0,0 +1,418 @@
+/* crypto/engine/hw_nuron.c */
+/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+ * Thorpe's Atalla implementation.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NURON
+
+#define NURON_LIB_NAME "nuron engine"
+#include "hw_nuron_err.c"
+
+static const char *NURON_LIBNAME = NULL;
+static const char *get_NURON_LIBNAME(void)
+	{
+	if(NURON_LIBNAME)
+		return NURON_LIBNAME;
+	return "nuronssl";
+	}
+static void free_NURON_LIBNAME(void)
+	{
+	if(NURON_LIBNAME)
+		OPENSSL_free((void*)NURON_LIBNAME);
+	NURON_LIBNAME = NULL;
+	}
+static long set_NURON_LIBNAME(const char *name)
+	{
+	free_NURON_LIBNAME();
+	return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *NURON_F1 = "nuron_mod_exp";
+
+/* The definitions for control commands specific to this engine */
+#define NURON_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
+	{NURON_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'nuronssl' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
+static tfnModExp *pfnModExp = NULL;
+
+static DSO *pvDSOHandle = NULL;
+
+static int nuron_destroy(ENGINE *e)
+	{
+	free_NURON_LIBNAME();
+	ERR_unload_NURON_strings();
+	return 1;
+	}
+
+static int nuron_init(ENGINE *e)
+	{
+	if(pvDSOHandle != NULL)
+		{
+		NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
+		return 0;
+		}
+
+	pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
+		DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+	if(!pvDSOHandle)
+		{
+		NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
+		return 0;
+		}
+
+	pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
+	if(!pfnModExp)
+		{
+		NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
+		return 0;
+		}
+
+	return 1;
+	}
+
+static int nuron_finish(ENGINE *e)
+	{
+	free_NURON_LIBNAME();
+	if(pvDSOHandle == NULL)
+		{
+		NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(pvDSOHandle))
+		{
+		NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
+		return 0;
+		}
+	pvDSOHandle=NULL;
+	pfnModExp=NULL;
+	return 1;
+	}
+
+static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case NURON_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_NURON_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+}
+
+static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
+			 const BIGNUM *m,BN_CTX *ctx)
+	{
+	if(!pvDSOHandle)
+		{
+		NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
+		return 0;
+		}
+	return pfnModExp(r,a,p,m);
+	}
+
+#ifndef OPENSSL_NO_RSA
+static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+			     BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+			     BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+ 
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!nuron_mod_exp(rr,a1,p1,m,ctx))
+		goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!nuron_mod_exp(&t,a2,p2,m,ctx))
+		goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx))
+		goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+	}
+
+
+static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+			     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+			     BN_MONT_CTX *m_ctx)
+	{
+	return nuron_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return nuron_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return nuron_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD nuron_rsa =
+	{
+	"Nuron RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	nuron_rsa_mod_exp,
+	nuron_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD nuron_dsa =
+	{
+	"Nuron DSA method",
+	NULL, /* dsa_do_sign */
+	NULL, /* dsa_sign_setup */
+	NULL, /* dsa_do_verify */
+	nuron_dsa_mod_exp, /* dsa_mod_exp */
+	nuron_mod_exp_dsa, /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+static DH_METHOD nuron_dh =
+	{
+	"Nuron DH method",
+	NULL,
+	NULL,
+	nuron_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_nuron_id = "nuron";
+static const char *engine_nuron_name = "Nuron hardware engine support";
+
+/* This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth3;
+#endif
+	if(!ENGINE_set_id(e, engine_nuron_id) ||
+			!ENGINE_set_name(e, engine_nuron_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &nuron_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &nuron_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &nuron_dh) ||
+#endif
+			!ENGINE_set_destroy_function(e, nuron_destroy) ||
+			!ENGINE_set_init_function(e, nuron_init) ||
+			!ENGINE_set_finish_function(e, nuron_finish) ||
+			!ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+			!ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the nuron-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1=RSA_PKCS1_SSLeay();
+	nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
+	nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
+	nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
+	nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2=DSA_OpenSSL();
+	nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
+	nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
+	nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3=DH_OpenSSL();
+	nuron_dh.generate_key=meth3->generate_key;
+	nuron_dh.compute_key=meth3->compute_key;
+#endif
+
+	/* Ensure the nuron error handling is set up */
+	ERR_load_NURON_strings();
+	return 1;
+	}
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_nuron(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_nuron(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_nuron();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */	   
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_nuron_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_NURON */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_nuron_err.c b/crypto/openssl/crypto/engine/hw_nuron_err.c
new file mode 100644
index 0000000..df9d7bd
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_nuron_err.c
@@ -0,0 +1,142 @@
+/* hw_nuron_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_nuron_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA NURON_str_functs[]=
+	{
+{ERR_PACK(0,NURON_F_NURON_CTRL,0),	"NURON_CTRL"},
+{ERR_PACK(0,NURON_F_NURON_FINISH,0),	"NURON_FINISH"},
+{ERR_PACK(0,NURON_F_NURON_INIT,0),	"NURON_INIT"},
+{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0),	"NURON_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA NURON_str_reasons[]=
+	{
+{NURON_R_ALREADY_LOADED                  ,"already loaded"},
+{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{NURON_R_DSO_FAILURE                     ,"dso failure"},
+{NURON_R_DSO_FUNCTION_NOT_FOUND          ,"dso function not found"},
+{NURON_R_DSO_NOT_FOUND                   ,"dso not found"},
+{NURON_R_NOT_LOADED                      ,"not loaded"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef NURON_LIB_NAME
+static ERR_STRING_DATA NURON_lib_name[]=
+        {
+{0	,NURON_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int NURON_lib_error_code=0;
+static int NURON_error_init=1;
+
+static void ERR_load_NURON_strings(void)
+	{
+	if (NURON_lib_error_code == 0)
+		NURON_lib_error_code=ERR_get_next_error_library();
+
+	if (NURON_error_init)
+		{
+		NURON_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
+		ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+		NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
+		ERR_load_strings(0,NURON_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_NURON_strings(void)
+	{
+	if (NURON_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
+		ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+		ERR_unload_strings(0,NURON_lib_name);
+#endif
+		NURON_error_init=1;
+		}
+	}
+
+static void ERR_NURON_error(int function, int reason, char *file, int line)
+	{
+	if (NURON_lib_error_code == 0)
+		NURON_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_nuron_err.h b/crypto/openssl/crypto/engine/hw_nuron_err.h
new file mode 100644
index 0000000..a56bfdf
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_nuron_err.h
@@ -0,0 +1,86 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_NURON_ERR_H
+#define HEADER_NURON_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_NURON_strings(void);
+static void ERR_unload_NURON_strings(void);
+static void ERR_NURON_error(int function, int reason, char *file, int line);
+#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the NURON functions. */
+
+/* Function codes. */
+#define NURON_F_NURON_CTRL				 100
+#define NURON_F_NURON_FINISH				 101
+#define NURON_F_NURON_INIT				 102
+#define NURON_F_NURON_MOD_EXP				 103
+
+/* Reason codes. */
+#define NURON_R_ALREADY_LOADED				 100
+#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED		 101
+#define NURON_R_DSO_FAILURE				 102
+#define NURON_R_DSO_FUNCTION_NOT_FOUND			 103
+#define NURON_R_DSO_NOT_FOUND				 104
+#define NURON_R_NOT_LOADED				 105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_sureware.c b/crypto/openssl/crypto/engine/hw_sureware.c
new file mode 100644
index 0000000..fca467e
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
+/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+* 
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+*    notice, this list of conditions and the following disclaimer. 
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+*    notice, this list of conditions and the following disclaimer in
+*    the documentation and/or other materials provided with the
+*    distribution.
+*
+* 3. All advertising materials mentioning features or use of this
+*    software must display the following acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+*
+* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+*    endorse or promote products derived from this software without
+*    prior written permission. For written permission, please contact
+*    licensing@OpenSSL.org.
+*
+* 5. Products derived from this software may not be called "OpenSSL"
+*    nor may "OpenSSL" appear in their names without prior written
+*    permission of the OpenSSL Project.
+*
+* 6. Redistributions of any form whatsoever must retain the following
+*    acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+* All right Reserved.
+*																								*	
+*		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*
+*		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					* 
+*		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*
+*		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*
+*		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*
+*		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*
+*		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*
+*		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*
+*		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*
+*		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*
+*		SUCH DAMAGE.																			*
+====================================================================*/
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include "eng_int.h"
+#include "engine.h"
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_SUREWARE
+
+#ifdef FLAT_INC
+#include "sureware.h"
+#else
+#include "vendor_defns/sureware.h"
+#endif
+
+#define SUREWARE_LIB_NAME "sureware engine"
+#include "hw_sureware_err.c"
+
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int surewarehk_destroy(ENGINE *e);
+static int surewarehk_init(ENGINE *e);
+static int surewarehk_finish(ENGINE *e);
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+			RSA *rsa,int padding);
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+			    RSA *rsa,int padding);
+
+/* RAND stuff */
+static int surewarehk_rand_bytes(unsigned char *buf, int num);
+static void surewarehk_rand_seed(const void *buf, int num);
+static void surewarehk_rand_add(const void *buf, int num, double entropy);
+
+/* KM stuff */
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp);
+#if 0
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp);
+#endif
+
+#ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+	return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD surewarehk_rsa =
+	{
+	"SureWare RSA method",
+	NULL, /* pub_enc*/
+	NULL, /* pub_dec*/
+	surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
+	surewarehk_rsa_priv_dec, /* priv_dec*/
+	NULL, /*mod_exp*/
+	surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
+	NULL, /* init*/
+	NULL, /* finish*/
+	0,	/* RSA flag*/
+	NULL, 
+	NULL, /* OpenSSL sign*/
+	NULL  /* OpenSSL verify*/
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+	return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+static DH_METHOD surewarehk_dh =
+	{
+	"SureWare DH method",
+	NULL,/*gen_key*/
+	NULL,/*agree,*/
+	surewarehk_modexp_dh, /*dh mod exp*/
+	NULL, /* init*/
+	NULL, /* finish*/
+	0,    /* flags*/
+	NULL 
+	};
+#endif
+
+static RAND_METHOD surewarehk_rand =
+	{
+	/* "SureWare RAND method", */
+	surewarehk_rand_seed,
+	surewarehk_rand_bytes,
+	NULL,/*cleanup*/
+	surewarehk_rand_add,
+	surewarehk_rand_bytes,
+	NULL,/*rand_status*/
+	};
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+	BIGNUM t;
+	int to_return = 0;
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+}
+
+static DSA_METHOD surewarehk_dsa =
+	{
+	 "SureWare DSA method", 
+	surewarehk_dsa_do_sign,
+	NULL,/*sign setup*/
+	NULL,/*verify,*/
+	surewarehk_dsa_mod_exp,/*mod exp*/
+	NULL,/*bn mod exp*/
+	NULL, /*init*/
+	NULL,/*finish*/
+	0,
+	NULL,
+	};
+#endif
+
+static const char *engine_sureware_id = "sureware";
+static const char *engine_sureware_name = "SureWare hardware engine support";
+
+/* Now, to our own code */
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+static int bind_sureware(ENGINE *e)
+{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth3;
+#endif
+
+	if(!ENGINE_set_id(e, engine_sureware_id) ||
+	   !ENGINE_set_name(e, engine_sureware_name) ||
+#ifndef OPENSSL_NO_RSA
+	   !ENGINE_set_RSA(e, &surewarehk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+	   !ENGINE_set_DSA(e, &surewarehk_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+	   !ENGINE_set_DH(e, &surewarehk_dh) ||
+#endif
+	   !ENGINE_set_RAND(e, &surewarehk_rand) ||
+	   !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
+	   !ENGINE_set_init_function(e, surewarehk_init) ||
+	   !ENGINE_set_finish_function(e, surewarehk_finish) ||
+	   !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
+	   !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
+	   !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
+	  return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the cswift-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	if (meth1)
+	{
+		surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+		surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2 = DSA_OpenSSL();
+	if (meth2)
+	{
+		surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	if (meth3)
+	{
+		surewarehk_dh.generate_key = meth3->generate_key;
+		surewarehk_dh.compute_key = meth3->compute_key;
+	}
+#endif
+
+	/* Ensure the sureware error handling is set up */
+	ERR_load_SUREWARE_strings();
+	return 1;
+}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_sureware_id) != 0))
+		return 0;
+	if(!bind_sureware(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_sureware(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_sureware(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_sureware(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_sureware();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the SureWareHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *surewarehk_dso = NULL;
+#ifndef OPENSSL_NO_RSA
+static int rsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
+#endif
+#ifndef OPENSSL_NO_DSA
+static int dsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
+#endif
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static SureWareHook_Init_t *p_surewarehk_Init = NULL;
+static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
+static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
+static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
+static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
+static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
+static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
+static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
+static SureWareHook_Free_t *p_surewarehk_Free=NULL;
+static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
+static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
+static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
+static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
+
+/* Used in the DSO operations. */
+static const char *surewarehk_LIBNAME = "SureWareHook";
+static const char *n_surewarehk_Init = "SureWareHook_Init";
+static const char *n_surewarehk_Finish = "SureWareHook_Finish";
+static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
+static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
+static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
+static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
+static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
+static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
+static const char *n_surewarehk_Free="SureWareHook_Free";
+static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
+static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
+static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
+static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
+static BIO *logstream = NULL;
+
+/* SureWareHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. 
+*/
+static int threadsafe=1;
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+	int to_return = 1;
+
+	switch(cmd)
+	{
+		case ENGINE_CTRL_SET_LOGSTREAM:
+		{
+			BIO *bio = (BIO *)p;
+			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+			if (logstream)
+			{
+				BIO_free(logstream);
+				logstream = NULL;
+			}
+			if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+				logstream = bio;
+			else
+				SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
+		}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	/* This will prevent the initialisation function from "installing"
+	 * the mutex-handling callbacks, even if they are available from
+	 * within the library (or were provided to the library from the
+	 * calling application). This is to remove any baggage for
+	 * applications not using multithreading. */
+	case ENGINE_CTRL_CHIL_NO_LOCKING:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		threadsafe = 0;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+
+	/* The command isn't understood by this engine */
+	default:
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+			ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+		to_return = 0;
+		break;
+		}
+
+	return to_return;
+}
+
+/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
+static int surewarehk_destroy(ENGINE *e)
+{
+	ERR_unload_SUREWARE_strings();
+	return 1;
+}
+
+/* (de)initialisation functions. */
+static int surewarehk_init(ENGINE *e)
+{
+	char msg[64]="ENGINE_init";
+	SureWareHook_Init_t *p1=NULL;
+	SureWareHook_Finish_t *p2=NULL;
+	SureWareHook_Rand_Bytes_t *p3=NULL;
+	SureWareHook_Rand_Seed_t *p4=NULL;
+	SureWareHook_Load_Privkey_t *p5=NULL;
+	SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
+	SureWareHook_Free_t *p7=NULL;
+	SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
+	SureWareHook_Rsa_Sign_t *p9=NULL;
+	SureWareHook_Dsa_Sign_t *p12=NULL;
+	SureWareHook_Info_Pubkey_t *p13=NULL;
+	SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
+	SureWareHook_Mod_Exp_t *p15=NULL;
+
+	if(surewarehk_dso != NULL)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
+		goto err;
+	}
+	/* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
+	surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
+	if(surewarehk_dso == NULL)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+		goto err;
+	}
+	if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
+	   !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
+	   !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
+	   !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
+	   !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
+	   !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
+	   !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
+	   !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
+	   !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
+	   !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
+	   !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
+	   !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
+	   !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+		goto err;
+	}
+	/* Copy the pointers */
+	p_surewarehk_Init = p1;
+	p_surewarehk_Finish = p2;
+	p_surewarehk_Rand_Bytes = p3;
+	p_surewarehk_Rand_Seed = p4;
+	p_surewarehk_Load_Privkey = p5;
+	p_surewarehk_Load_Rsa_Pubkey = p6;
+	p_surewarehk_Free = p7;
+	p_surewarehk_Rsa_Priv_Dec = p8;
+	p_surewarehk_Rsa_Sign = p9;
+	p_surewarehk_Dsa_Sign = p12;
+	p_surewarehk_Info_Pubkey = p13;
+	p_surewarehk_Load_Dsa_Pubkey = p14;
+	p_surewarehk_Mod_Exp = p15;
+	/* Contact the hardware and initialises it. */
+	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+		goto err;
+	}
+	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+		goto err;
+	}
+	/* try to load the default private key, if failed does not return a failure but
+           wait for an explicit ENGINE_load_privakey */
+	surewarehk_load_privkey(e,NULL,NULL,NULL);
+
+	/* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+	if (rsaHndidx == -1)
+		rsaHndidx = RSA_get_ex_new_index(0,
+						"SureWareHook RSA key handle",
+						NULL, NULL, surewarehk_ex_free);
+#endif
+#ifndef OPENSSL_NO_DSA
+	if (dsaHndidx == -1)
+		dsaHndidx = DSA_get_ex_new_index(0,
+						"SureWareHook DSA key handle",
+						NULL, NULL, surewarehk_ex_free);
+#endif
+
+	return 1;
+err:
+	if(surewarehk_dso)
+		DSO_free(surewarehk_dso);
+	surewarehk_dso = NULL;
+	p_surewarehk_Init = NULL;
+	p_surewarehk_Finish = NULL;
+	p_surewarehk_Rand_Bytes = NULL;
+	p_surewarehk_Rand_Seed = NULL;
+	p_surewarehk_Load_Privkey = NULL;
+	p_surewarehk_Load_Rsa_Pubkey = NULL;
+	p_surewarehk_Free = NULL;
+	p_surewarehk_Rsa_Priv_Dec = NULL;
+	p_surewarehk_Rsa_Sign = NULL;
+	p_surewarehk_Dsa_Sign = NULL;
+	p_surewarehk_Info_Pubkey = NULL;
+	p_surewarehk_Load_Dsa_Pubkey = NULL;
+	p_surewarehk_Mod_Exp = NULL;
+	return 0;
+}
+
+static int surewarehk_finish(ENGINE *e)
+{
+	int to_return = 1;
+	if(surewarehk_dso == NULL)
+		{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
+		to_return = 0;
+		goto err;
+		}
+	p_surewarehk_Finish();
+	if(!DSO_free(surewarehk_dso))
+		{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
+		to_return = 0;
+		goto err;
+		}
+ err:
+	if (logstream)
+		BIO_free(logstream);
+	surewarehk_dso = NULL;
+	p_surewarehk_Init = NULL;
+	p_surewarehk_Finish = NULL;
+	p_surewarehk_Rand_Bytes = NULL;
+	p_surewarehk_Rand_Seed = NULL;
+	p_surewarehk_Load_Privkey = NULL;
+	p_surewarehk_Load_Rsa_Pubkey = NULL;
+	p_surewarehk_Free = NULL;
+	p_surewarehk_Rsa_Priv_Dec = NULL;
+	p_surewarehk_Rsa_Sign = NULL;
+	p_surewarehk_Dsa_Sign = NULL;
+	p_surewarehk_Info_Pubkey = NULL;
+	p_surewarehk_Load_Dsa_Pubkey = NULL;
+	p_surewarehk_Mod_Exp = NULL;
+	return to_return;
+}
+
+static void surewarehk_error_handling(char *const msg,int func,int ret)
+{
+	switch (ret)
+	{
+		case SUREWAREHOOK_ERROR_UNIT_FAILURE:
+			ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
+			break;
+		case SUREWAREHOOK_ERROR_FALLBACK:
+			ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
+			break;
+		case SUREWAREHOOK_ERROR_DATA_SIZE:
+			ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+			break;
+		case SUREWAREHOOK_ERROR_INVALID_PAD:
+			ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
+			break;
+		default:
+			ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
+			break;
+		case 1:/*nothing*/
+			msg[0]='\0';
+	}
+	if (*msg)
+	{
+		ERR_add_error_data(1,msg);
+		if (logstream)
+		{
+			CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+			BIO_write(logstream, msg, strlen(msg));
+			CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+		}
+	}
+}
+
+static int surewarehk_rand_bytes(unsigned char *buf, int num)
+{
+	int ret=0;
+	char msg[64]="ENGINE_rand_bytes";
+	if(!p_surewarehk_Rand_Bytes)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		ret = p_surewarehk_Rand_Bytes(msg,buf, num);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
+	}
+	return ret==1 ? 1 : 0;
+}
+
+static void surewarehk_rand_seed(const void *buf, int num)
+{
+	int ret=0;
+	char msg[64]="ENGINE_rand_seed";
+	if(!p_surewarehk_Rand_Seed)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		ret = p_surewarehk_Rand_Seed(msg,buf, num);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
+	}
+}
+
+static void surewarehk_rand_add(const void *buf, int num, double entropy)
+{
+	surewarehk_rand_seed(buf,num);
+}
+
+static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
+{
+	EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+	RSA *rsatmp = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	DSA *dsatmp=NULL;
+#endif
+	char msg[64]="sureware_load_public";
+	int ret=0;
+	if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+		goto err;
+	}
+	switch (keytype)
+	{
+#ifndef OPENSSL_NO_RSA
+	case 1: /*RSA*/
+		/* set private external reference */
+		rsatmp = RSA_new_method(e);
+		RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
+		rsatmp->flags |= RSA_FLAG_EXT_PKEY;
+
+		/* set public big nums*/
+		rsatmp->e = BN_new();
+		rsatmp->n = BN_new();
+		bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
+		bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
+		if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+			!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
+			goto err;
+		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
+						 (unsigned long *)rsatmp->n->d,
+						 (unsigned long *)rsatmp->e->d);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+			goto err;
+		}
+		/* normalise pub e and pub n */
+		rsatmp->e->top=el/sizeof(BN_ULONG);
+		bn_fix_top(rsatmp->e);
+		rsatmp->n->top=el/sizeof(BN_ULONG);
+		bn_fix_top(rsatmp->n);
+		/* create an EVP object: engine + rsa key */
+		res = EVP_PKEY_new();
+		EVP_PKEY_assign_RSA(res, rsatmp);
+		break;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	case 2:/*DSA*/
+		/* set private/public external reference */
+		dsatmp = DSA_new_method(e);
+		DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
+		/*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
+
+		/* set public key*/
+		dsatmp->pub_key = BN_new();
+		dsatmp->p = BN_new();
+		dsatmp->q = BN_new();
+		dsatmp->g = BN_new();
+		bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
+		bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
+		bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
+		bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
+		if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+			!dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
+			!dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
+			!dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
+			goto err;
+
+		ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
+						 (unsigned long *)dsatmp->pub_key->d, 
+						 (unsigned long *)dsatmp->p->d,
+						 (unsigned long *)dsatmp->q->d,
+						 (unsigned long *)dsatmp->g->d);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+			goto err;
+		}
+		/* set parameters */
+		/* normalise pubkey and parameters in case of */
+		dsatmp->pub_key->top=el/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->pub_key);
+		dsatmp->p->top=el/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->p);
+		dsatmp->q->top=20/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->q);
+		dsatmp->g->top=el/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->g);
+
+		/* create an EVP object: engine + rsa key */
+		res = EVP_PKEY_new();
+		EVP_PKEY_assign_DSA(res, dsatmp);
+		break;
+#endif
+
+	default:
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+	}
+	return res;
+ err:
+	if (res)
+		EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+	if (rsatmp)
+		RSA_free(rsatmp);
+#endif
+#ifndef OPENSSL_NO_DSA
+	if (dsatmp)
+		DSA_free(dsatmp);
+#endif
+	return NULL;
+}
+
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+					 UI_METHOD *ui_method, void *callback_data)
+{
+	EVP_PKEY *res = NULL;
+	int ret=0;
+	unsigned long el=0;
+	char *hptr=NULL;
+	char keytype=0;
+	char msg[64]="ENGINE_load_privkey";
+
+	if(!p_surewarehk_Load_Privkey)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+			ERR_add_error_data(1,msg);		
+		}
+		else
+			res=sureware_load_public(e,key_id,hptr,el,keytype);
+	}
+	return res;
+}
+
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+					 UI_METHOD *ui_method, void *callback_data)
+{
+	EVP_PKEY *res = NULL;
+	int ret=0;
+	unsigned long el=0;
+	char *hptr=NULL;
+	char keytype=0;
+	char msg[64]="ENGINE_load_pubkey";
+
+	if(!p_surewarehk_Info_Pubkey)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		/* call once to identify if DSA or RSA */
+		ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+			ERR_add_error_data(1,msg);
+		}
+		else
+			res=sureware_load_public(e,key_id,hptr,el,keytype);
+	}
+	return res;
+}
+
+/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
+, called when ex_data is freed */
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp)
+{
+	if(!p_surewarehk_Free)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+		p_surewarehk_Free((char *)item,0);
+}
+
+#if 0
+/* This cleans up an DH KM key (destroys the key into hardware), 
+called when ex_data is freed */
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp)
+{
+	if(!p_surewarehk_Free)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+		p_surewarehk_Free((char *)item,1);
+}
+#endif
+
+/*
+* return number of decrypted bytes
+*/
+#ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+			RSA *rsa,int padding)
+{
+	int ret=0,tlen;
+	char *buf=NULL,*hptr=NULL;
+	char msg[64]="ENGINE_rsa_priv_dec";
+	if (!p_surewarehk_Rsa_Priv_Dec)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
+	}
+	/* extract ref to private key */
+	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+		goto err;
+	}
+	/* analyse what padding we can do into the hardware */
+	if (padding==RSA_PKCS1_PADDING)
+	{
+		/* do it one shot */
+		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+		if (ret!=1)
+			goto err;
+		ret=tlen;
+	}
+	else /* do with no padding into hardware */
+	{
+		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+		if (ret!=1)
+			goto err;
+		/* intermediate buffer for padding */
+		if ((buf=OPENSSL_malloc(tlen)) == NULL)
+		{
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		memcpy(buf,to,tlen);/* transfert to into buf */
+		switch (padding) /* check padding in software */
+		{
+#ifndef OPENSSL_NO_SHA
+		case RSA_PKCS1_OAEP_PADDING:
+			ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
+			break;
+#endif
+ 		case RSA_SSLV23_PADDING:
+			ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
+			break;
+		case RSA_NO_PADDING:
+			ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
+			break;
+		default:
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
+			goto err;
+		}
+		if (ret < 0)
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
+	}
+err:
+	if (buf)
+	{
+		OPENSSL_cleanse(buf,tlen);
+		OPENSSL_free(buf);
+	}
+	return ret;
+}
+
+/*
+* Does what OpenSSL rsa_priv_enc does.
+*/
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+			    RSA *rsa,int padding)
+{
+	int ret=0,tlen;
+	char *hptr=NULL;
+	char msg[64]="ENGINE_rsa_sign";
+	if (!p_surewarehk_Rsa_Sign)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
+	}
+	/* extract ref to private key */
+	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+	}
+	else
+	{
+		switch (padding)
+		{
+		case RSA_PKCS1_PADDING: /* do it in one shot */
+			ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+			surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
+			break;
+		case RSA_NO_PADDING:
+		default:
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
+		}
+	}
+	return ret==1 ? tlen : ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* DSA sign and verify */
+static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
+{
+	int ret=0;
+	char *hptr=NULL;
+	DSA_SIG *psign=NULL;
+	char msg[64]="ENGINE_dsa_do_sign";
+	if (!p_surewarehk_Dsa_Sign)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
+	}
+	/* extract ref to private key */
+	else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
+	}
+	else
+	{
+		if((psign = DSA_SIG_new()) == NULL)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		psign->r=BN_new();
+		psign->s=BN_new();
+		bn_expand2(psign->r, 20/sizeof(BN_ULONG));
+		bn_expand2(psign->s, 20/sizeof(BN_ULONG));
+		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
+			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
+			goto err;
+		ret=p_surewarehk_Dsa_Sign(msg,flen,from,
+					  (unsigned long *)psign->r->d,
+					  (unsigned long *)psign->s->d,
+					  hptr);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
+	}
+	psign->r->top=20/sizeof(BN_ULONG);
+	bn_fix_top(psign->r);
+	psign->s->top=20/sizeof(BN_ULONG);
+	bn_fix_top(psign->s);
+
+err:	
+	if (psign)
+	{
+		DSA_SIG_free(psign);
+		psign=NULL;
+	}
+	return psign;
+}
+#endif
+
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			     const BIGNUM *m, BN_CTX *ctx)
+{
+	int ret=0;
+	char msg[64]="ENGINE_modexp";
+	if (!p_surewarehk_Mod_Exp)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		bn_expand2(r,m->top);
+		if (r && r->dmax==m->top)
+		{
+			/* do it*/
+			ret=p_surewarehk_Mod_Exp(msg,
+						 m->top*sizeof(BN_ULONG),
+						 (unsigned long *)m->d,
+						 p->top*sizeof(BN_ULONG),
+						 (unsigned long *)p->d,
+						 a->top*sizeof(BN_ULONG),
+						 (unsigned long *)a->d,
+						 (unsigned long *)r->d);
+			surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
+			if (ret==1)
+			{
+				/* normalise result */
+				r->top=m->top;
+				bn_fix_top(r);
+			}
+		}
+	}
+	return ret;
+}
+#endif /* !OPENSSL_NO_HW_SureWare */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_sureware_err.c b/crypto/openssl/crypto/engine/hw_sureware_err.c
new file mode 100644
index 0000000..69955da
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_sureware_err.c
@@ -0,0 +1,150 @@
+/* hw_sureware_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_sureware_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA SUREWARE_str_functs[]=
+	{
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0),	"SUREWAREHK_CTRL"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0),	"SUREWAREHK_DSA_DO_SIGN"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0),	"SUREWAREHK_EX_FREE"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0),	"SUREWAREHK_FINISH"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0),	"SUREWAREHK_INIT"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0),	"SUREWAREHK_LOAD_PRIVATE_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0),	"SUREWAREHK_LOAD_PUBLIC_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0),	"SUREWAREHK_MOD_EXP"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0),	"SUREWAREHK_RAND_BYTES"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0),	"SUREWAREHK_RAND_SEED"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0),	"SUREWAREHK_RSA_PRIV_DEC"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0),	"SUREWAREHK_RSA_PRIV_ENC"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA SUREWARE_str_reasons[]=
+	{
+{SUREWARE_R_BIO_WAS_FREED                ,"bio was freed"},
+{SUREWARE_R_MISSING_KEY_COMPONENTS       ,"missing key components"},
+{SUREWARE_R_REQUEST_FAILED               ,"request failed"},
+{SUREWARE_R_REQUEST_FALLBACK             ,"request fallback"},
+{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL  ,"size too large or too small"},
+{SUREWARE_R_UNIT_FAILURE                 ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+static ERR_STRING_DATA SUREWARE_lib_name[]=
+        {
+{0	,SUREWARE_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int SUREWARE_lib_error_code=0;
+static int SUREWARE_error_init=1;
+
+static void ERR_load_SUREWARE_strings(void)
+	{
+	if (SUREWARE_lib_error_code == 0)
+		SUREWARE_lib_error_code=ERR_get_next_error_library();
+
+	if (SUREWARE_error_init)
+		{
+		SUREWARE_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+		ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+		SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
+		ERR_load_strings(0,SUREWARE_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_SUREWARE_strings(void)
+	{
+	if (SUREWARE_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+		ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+		ERR_unload_strings(0,SUREWARE_lib_name);
+#endif
+		SUREWARE_error_init=1;
+		}
+	}
+
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
+	{
+	if (SUREWARE_lib_error_code == 0)
+		SUREWARE_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_sureware_err.h b/crypto/openssl/crypto/engine/hw_sureware_err.h
new file mode 100644
index 0000000..bc52af5
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_sureware_err.h
@@ -0,0 +1,94 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SUREWARE_ERR_H
+#define HEADER_SUREWARE_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_SUREWARE_strings(void);
+static void ERR_unload_SUREWARE_strings(void);
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
+#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the SUREWARE functions. */
+
+/* Function codes. */
+#define SUREWARE_F_SUREWAREHK_CTRL			 100
+#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN		 101
+#define SUREWARE_F_SUREWAREHK_EX_FREE			 102
+#define SUREWARE_F_SUREWAREHK_FINISH			 103
+#define SUREWARE_F_SUREWAREHK_INIT			 104
+#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY		 105
+#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY		 106
+#define SUREWARE_F_SUREWAREHK_MOD_EXP			 107
+#define SUREWARE_F_SUREWAREHK_RAND_BYTES		 108
+#define SUREWARE_F_SUREWAREHK_RAND_SEED			 109
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC		 110
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC		 111
+
+/* Reason codes. */
+#define SUREWARE_R_BIO_WAS_FREED			 100
+#define SUREWARE_R_MISSING_KEY_COMPONENTS		 105
+#define SUREWARE_R_REQUEST_FAILED			 101
+#define SUREWARE_R_REQUEST_FALLBACK			 102
+#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 103
+#define SUREWARE_R_UNIT_FAILURE				 104
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/hw_ubsec.c b/crypto/openssl/crypto/engine/hw_ubsec.c
new file mode 100644
index 0000000..6286dd8
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_ubsec.c
@@ -0,0 +1,1061 @@
+/* crypto/engine/hw_ubsec.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ *
+ * Cloned shamelessly by Joe Tardo. 
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_UBSEC
+
+#ifdef FLAT_INC
+#include "hw_ubsec.h"
+#else
+#include "vendor_defns/hw_ubsec.h"
+#endif
+
+#define UBSEC_LIB_NAME "ubsec engine"
+#include "hw_ubsec_err.c"
+
+#define FAIL_TO_SOFTWARE -15
+
+static int ubsec_destroy(ENGINE *e);
+static int ubsec_init(ENGINE *e);
+static int ubsec_finish(ENGINE *e);
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *q, const BIGNUM *dp,
+			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+#endif
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+static int ubsec_dh_generate_key(DH *dh);
+#endif
+
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num);
+static int ubsec_rand_status(void);
+#endif
+
+#define UBSEC_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
+	{UBSEC_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'ubsec' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD ubsec_rsa =
+	{
+	"UBSEC RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	ubsec_rsa_mod_exp,
+	ubsec_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD ubsec_dsa =
+	{
+	"UBSEC DSA method",
+	ubsec_dsa_do_sign, /* dsa_do_sign */
+	NULL, /* dsa_sign_setup */
+	ubsec_dsa_verify, /* dsa_do_verify */
+	NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
+	NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD ubsec_dh =
+	{
+	"UBSEC DH method",
+	ubsec_dh_generate_key,
+	ubsec_dh_compute_key,
+	ubsec_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_ubsec_id = "ubsec";
+static const char *engine_ubsec_name = "UBSEC hardware engine support";
+
+/* This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+	const DH_METHOD *meth3;
+#endif /* HAVE_UBSEC_DH */
+#endif
+	if(!ENGINE_set_id(e, engine_ubsec_id) ||
+			!ENGINE_set_name(e, engine_ubsec_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &ubsec_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &ubsec_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &ubsec_dh) ||
+#endif
+			!ENGINE_set_destroy_function(e, ubsec_destroy) ||
+			!ENGINE_set_init_function(e, ubsec_init) ||
+			!ENGINE_set_finish_function(e, ubsec_finish) ||
+			!ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+			!ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the Broadcom-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	ubsec_dh.generate_key = meth3->generate_key;
+	ubsec_dh.compute_key = meth3->compute_key;
+#endif /* HAVE_UBSEC_DH */
+#endif
+
+	/* Ensure the ubsec error handling is set up */
+	ERR_load_UBSEC_strings();
+	return 1;
+	}
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_ubsec(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_ubsec(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_ubsec();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the UBSEC library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+
+static DSO *ubsec_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+
+static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
+static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
+static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
+static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+static t_UBSEC_diffie_hellman_generate_ioctl 
+	*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
+static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
+static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
+static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
+static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
+
+static int max_key_len = 1024;  /* ??? */
+
+/* 
+ * These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+ */
+
+static const char *UBSEC_LIBNAME = NULL;
+static const char *get_UBSEC_LIBNAME(void)
+	{
+	if(UBSEC_LIBNAME)
+		return UBSEC_LIBNAME;
+	return "ubsec";
+	}
+static void free_UBSEC_LIBNAME(void)
+	{
+	if(UBSEC_LIBNAME)
+		OPENSSL_free((void*)UBSEC_LIBNAME);
+	UBSEC_LIBNAME = NULL;
+	}
+static long set_UBSEC_LIBNAME(const char *name)
+	{
+	free_UBSEC_LIBNAME();
+	return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
+static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
+static const char *UBSEC_F3 = "ubsec_open";
+static const char *UBSEC_F4 = "ubsec_close";
+#ifndef OPENSSL_NO_DH
+static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
+static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
+static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static const char *UBSEC_F9 = "dsa_sign_ioctl";
+static const char *UBSEC_F10 = "dsa_verify_ioctl";
+#endif
+static const char *UBSEC_F11 = "math_accelerate_ioctl";
+static const char *UBSEC_F12 = "rng_ioctl";
+static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
+
+/* Destructor (complements the "ENGINE_ubsec()" constructor) */
+static int ubsec_destroy(ENGINE *e)
+	{
+	free_UBSEC_LIBNAME();
+	ERR_unload_UBSEC_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int ubsec_init(ENGINE *e)
+	{
+	t_UBSEC_ubsec_bytes_to_bits *p1;
+	t_UBSEC_ubsec_bits_to_bytes *p2;
+	t_UBSEC_ubsec_open *p3;
+	t_UBSEC_ubsec_close *p4;
+#ifndef OPENSSL_NO_DH
+	t_UBSEC_diffie_hellman_generate_ioctl *p5;
+	t_UBSEC_diffie_hellman_agree_ioctl *p6;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+	t_UBSEC_rsa_mod_exp_ioctl *p7;
+	t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+	t_UBSEC_dsa_sign_ioctl *p9;
+	t_UBSEC_dsa_verify_ioctl *p10;
+#endif
+	t_UBSEC_math_accelerate_ioctl *p11;
+	t_UBSEC_rng_ioctl *p12;
+        t_UBSEC_max_key_len_ioctl *p13;
+	int fd = 0;
+
+	if(ubsec_dso != NULL)
+		{
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* 
+	 * Attempt to load libubsec.so/ubsec.dll/whatever. 
+	 */
+	ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
+	if(ubsec_dso == NULL)
+		{
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+		goto err;
+		}
+
+	if (
+	!(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
+	!(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
+	!(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
+	!(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
+#ifndef OPENSSL_NO_DH
+	!(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) 
+				DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
+	!(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) 
+				DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+	!(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
+	!(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+	!(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
+	!(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
+#endif
+	!(p11 = (t_UBSEC_math_accelerate_ioctl *) 
+				DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
+	!(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
+        !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
+		{
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+		goto err;
+		}
+
+	/* Copy the pointers */
+	p_UBSEC_ubsec_bytes_to_bits = p1;
+	p_UBSEC_ubsec_bits_to_bytes = p2;
+	p_UBSEC_ubsec_open = p3;
+	p_UBSEC_ubsec_close = p4;
+#ifndef OPENSSL_NO_DH
+	p_UBSEC_diffie_hellman_generate_ioctl = p5;
+	p_UBSEC_diffie_hellman_agree_ioctl = p6;
+#endif
+#ifndef OPENSSL_NO_RSA
+	p_UBSEC_rsa_mod_exp_ioctl = p7;
+	p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+#endif
+#ifndef OPENSSL_NO_DSA
+	p_UBSEC_dsa_sign_ioctl = p9;
+	p_UBSEC_dsa_verify_ioctl = p10;
+#endif
+	p_UBSEC_math_accelerate_ioctl = p11;
+	p_UBSEC_rng_ioctl = p12;
+        p_UBSEC_max_key_len_ioctl = p13;
+
+	/* Perform an open to see if there's actually any unit running. */
+	if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
+	{
+	   p_UBSEC_ubsec_close(fd);
+	   return 1;
+	}
+	else
+	{
+	  UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+	}
+
+err:
+	if(ubsec_dso)
+		DSO_free(ubsec_dso);
+	p_UBSEC_ubsec_bytes_to_bits = NULL;
+	p_UBSEC_ubsec_bits_to_bytes = NULL;
+	p_UBSEC_ubsec_open = NULL;
+	p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+	p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+	p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+	p_UBSEC_rsa_mod_exp_ioctl = NULL;
+	p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	p_UBSEC_dsa_sign_ioctl = NULL;
+	p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+	p_UBSEC_math_accelerate_ioctl = NULL;
+	p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+
+	return 0;
+	}
+
+static int ubsec_finish(ENGINE *e)
+	{
+	free_UBSEC_LIBNAME();
+	if(ubsec_dso == NULL)
+		{
+		UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(ubsec_dso))
+		{
+		UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
+		return 0;
+		}
+	ubsec_dso = NULL;
+	p_UBSEC_ubsec_bytes_to_bits = NULL;
+	p_UBSEC_ubsec_bits_to_bytes = NULL;
+	p_UBSEC_ubsec_open = NULL;
+	p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+	p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+	p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+	p_UBSEC_rsa_mod_exp_ioctl = NULL;
+	p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	p_UBSEC_dsa_sign_ioctl = NULL;
+	p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+	p_UBSEC_math_accelerate_ioctl = NULL;
+	p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+	return 1;
+	}
+
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((ubsec_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case UBSEC_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_UBSEC_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx)
+	{
+	int 	y_len = 0;
+	int 	fd;
+
+	if(ubsec_dso == NULL)
+	{
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
+		return 0;
+	}
+
+	/* Check if hardware can't handle this argument. */
+	y_len = BN_num_bits(m);
+	if (y_len > max_key_len) {
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return BN_mod_exp(r, a, p, m, ctx);
+	} 
+
+	if(!bn_wexpand(r, m->top))
+	{
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
+		return 0;
+	}
+	memset(r->d, 0, BN_num_bytes(m));
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                return BN_mod_exp(r, a, p, m, ctx);
+	}
+
+	if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
+		(unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
+		BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
+	{
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                return BN_mod_exp(r, a, p, m, ctx);
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
+	return 1;
+	}
+
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx;
+	int to_return = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+
+	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+		{
+		UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
+		goto err;
+		}
+
+	to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+		    rsa->dmq1, rsa->iqmp, ctx);
+	if (to_return == FAIL_TO_SOFTWARE)
+	{
+	  /*
+	   * Do in software as hardware failed.
+	   */
+	   const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+	   to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+	}
+err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+	}
+#endif
+
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *q, const BIGNUM *dp,
+			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
+	{
+	int	y_len,
+		m_len,
+		fd;
+
+	m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
+	y_len = BN_num_bits(p) + BN_num_bits(q);
+
+	/* Check if hardware can't handle this argument. */
+	if (y_len > max_key_len) {
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return FAIL_TO_SOFTWARE;
+	} 
+
+	if (!bn_wexpand(r, p->top + q->top + 1)) {
+		UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+		return 0;
+	}
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+		return FAIL_TO_SOFTWARE;
+	}
+
+	if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
+		(unsigned char *)a->d, BN_num_bits(a), 
+		(unsigned char *)qinv->d, BN_num_bits(qinv),
+		(unsigned char *)dp->d, BN_num_bits(dp),
+		(unsigned char *)p->d, BN_num_bits(p),
+		(unsigned char *)dq->d, BN_num_bits(dq),
+		(unsigned char *)q->d, BN_num_bits(q),
+		(unsigned char *)r->d,  &y_len) != 0) {
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+		return FAIL_TO_SOFTWARE;
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
+	return 1;
+}
+
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+ 
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+	}
+
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return ubsec_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+#endif
+
+/*
+ * This function is aliased to mod_exp (with the mont stuff dropped).
+ */
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+	int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+ 	/* Do in software if the key is too large for the hardware. */
+	if (BN_num_bits(m) > max_key_len)
+                {
+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+		ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
+                }
+        else
+#endif
+                {
+		ret = ubsec_mod_exp(r, a, p, m, ctx);
+                }
+	
+	return ret;
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return ubsec_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+	DSA_SIG *to_return = NULL;
+	int s_len = 160, r_len = 160, d_len, fd;
+	BIGNUM m, *r=NULL, *s=NULL;
+
+	BN_init(&m);
+
+	s = BN_new();
+	r = BN_new();
+	if ((s == NULL) || (r==NULL))
+		goto err;
+
+	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
+
+        if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
+       	   (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+
+	if (BN_bin2bn(dgst,dlen,&m) == NULL) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	} 
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
+		goto err;
+	}
+
+	if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
+		(unsigned char *)dgst, d_len,
+		NULL, 0,  /* compute random value */
+		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+		(unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
+		(unsigned char *)r->d, &r_len,
+		(unsigned char *)s->d, &s_len ) != 0) {
+                const DSA_METHOD *meth;
+
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+
+		goto err;
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	r->top = (160+BN_BITS2-1)/BN_BITS2;
+	s->top = (160+BN_BITS2-1)/BN_BITS2;
+
+	to_return = DSA_SIG_new();
+	if(to_return == NULL) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+
+	to_return->r = r;
+	to_return->s = s;
+
+err:
+	if (!to_return) {
+		if (r) BN_free(r);
+		if (s) BN_free(s);
+	}                                 
+	BN_clear_free(&m);
+	return to_return;
+}
+
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+	{
+	int v_len, d_len;
+	int to_return = 0;
+	int fd;
+	BIGNUM v;
+
+	BN_init(&v);
+
+	if(!bn_wexpand(&v, dsa->p->top)) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+
+	v_len = BN_num_bits(dsa->p);
+
+	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+		goto err;
+	}
+
+	if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
+		(unsigned char *)dgst, d_len,
+		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+		(unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
+		(unsigned char *)sig->r->d, BN_num_bits(sig->r),
+		(unsigned char *)sig->s->d, BN_num_bits(sig->s),
+		(unsigned char *)v.d, &v_len) != 0) {
+                const DSA_METHOD *meth;
+		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+
+		goto err;
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	to_return = 1;
+err:
+	BN_clear_free(&v);
+	return to_return;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DH
+static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
+        {
+        int      ret      = -1,
+                 k_len,
+                 fd;
+
+        k_len = BN_num_bits(dh->p);
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+                goto err;
+                }
+
+        if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
+                                               (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
+                                               (unsigned char *)pub_key->d, BN_num_bits(pub_key),
+                                               (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                               key, &k_len) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
+err:
+        return ret;
+        }
+
+static int ubsec_dh_generate_key (DH *dh)
+        {
+        int      ret               = 0,
+                 random_bits       = 0,
+                 pub_key_len       = 0,
+                 priv_key_len      = 0,
+                 fd;
+        BIGNUM   *pub_key          = NULL;
+        BIGNUM   *priv_key         = NULL;
+
+        /* 
+         *  How many bits should Random x be? dh_key.c
+         *  sets the range from 0 to num_bits(modulus) ???
+         */
+
+        if (dh->priv_key == NULL)
+                {
+                priv_key = BN_new();
+                if (priv_key == NULL) goto err;
+                priv_key_len = BN_num_bits(dh->p);
+                bn_wexpand(priv_key, dh->p->top);
+                do
+                        if (!BN_rand_range(priv_key, dh->p)) goto err;
+                while (BN_is_zero(priv_key));
+                random_bits = BN_num_bits(priv_key);
+                }
+        else
+                {
+                priv_key = dh->priv_key;
+                }
+
+        if (dh->pub_key == NULL)
+                {
+                pub_key = BN_new();
+                pub_key_len = BN_num_bits(dh->p);
+                bn_wexpand(pub_key, dh->p->top);
+                if(pub_key == NULL) goto err;
+                }
+        else
+                {
+                pub_key = dh->pub_key;
+                }
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+                goto err;
+                }
+
+        if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
+                                                  (unsigned char *)priv_key->d, &priv_key_len,
+                                                  (unsigned char *)pub_key->d,  &pub_key_len,
+                                                  (unsigned char *)dh->g->d, BN_num_bits(dh->g),
+                                                  (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                                  0, 0, random_bits) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        dh->pub_key = pub_key;
+        dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
+        dh->priv_key = priv_key;
+        dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
+
+        ret = 1;
+err:
+        return ret;
+        }
+#endif
+
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char * buf,
+                            int num)
+        {
+        int      ret      = 0,
+                 fd;
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const RAND_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+                goto err;
+                }
+
+        num *= 8; /* bytes to bits */
+
+        if (p_UBSEC_rng_ioctl(fd,
+                              UBSEC_RNG_DIRECT,
+                              buf,
+                              &num) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const RAND_METHOD *meth;
+
+                ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        ret = 1;
+err:
+        return(ret);
+        }
+
+
+static int ubsec_rand_status(void)
+	{
+	return 0;
+	}
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_ubsec_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_UBSEC */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/crypto/engine/hw_ubsec_err.c b/crypto/openssl/crypto/engine/hw_ubsec_err.c
new file mode 100644
index 0000000..d707331
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_ubsec_err.c
@@ -0,0 +1,151 @@
+/* hw_ubsec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ubsec_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UBSEC_str_functs[]=
+	{
+{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0),	"UBSEC_CTRL"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0),	"UBSEC_DH_COMPUTE_KEY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0),	"UBSEC_DSA_SIGN"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0),	"UBSEC_DSA_VERIFY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0),	"UBSEC_FINISH"},
+{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0),	"UBSEC_INIT"},
+{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0),	"UBSEC_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0),	"UBSEC_RNG_BYTES"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0),	"UBSEC_RSA_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0),	"UBSEC_RSA_MOD_EXP_CRT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA UBSEC_str_reasons[]=
+	{
+{UBSEC_R_ALREADY_LOADED                  ,"already loaded"},
+{UBSEC_R_BN_EXPAND_FAIL                  ,"bn expand fail"},
+{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{UBSEC_R_DSO_FAILURE                     ,"dso failure"},
+{UBSEC_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{UBSEC_R_NOT_LOADED                      ,"not loaded"},
+{UBSEC_R_REQUEST_FAILED                  ,"request failed"},
+{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{UBSEC_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef UBSEC_LIB_NAME
+static ERR_STRING_DATA UBSEC_lib_name[]=
+        {
+{0	,UBSEC_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int UBSEC_lib_error_code=0;
+static int UBSEC_error_init=1;
+
+static void ERR_load_UBSEC_strings(void)
+	{
+	if (UBSEC_lib_error_code == 0)
+		UBSEC_lib_error_code=ERR_get_next_error_library();
+
+	if (UBSEC_error_init)
+		{
+		UBSEC_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+		ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+		UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
+		ERR_load_strings(0,UBSEC_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_UBSEC_strings(void)
+	{
+	if (UBSEC_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+		ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+		ERR_unload_strings(0,UBSEC_lib_name);
+#endif
+		UBSEC_error_init=1;
+		}
+	}
+
+static void ERR_UBSEC_error(int function, int reason, char *file, int line)
+	{
+	if (UBSEC_lib_error_code == 0)
+		UBSEC_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/crypto/engine/hw_ubsec_err.h b/crypto/openssl/crypto/engine/hw_ubsec_err.h
new file mode 100644
index 0000000..023d3be
--- /dev/null
+++ b/crypto/openssl/crypto/engine/hw_ubsec_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UBSEC_ERR_H
+#define HEADER_UBSEC_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_UBSEC_strings(void);
+static void ERR_unload_UBSEC_strings(void);
+static void ERR_UBSEC_error(int function, int reason, char *file, int line);
+#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the UBSEC functions. */
+
+/* Function codes. */
+#define UBSEC_F_UBSEC_CTRL				 100
+#define UBSEC_F_UBSEC_DH_COMPUTE_KEY			 101
+#define UBSEC_F_UBSEC_DSA_SIGN				 102
+#define UBSEC_F_UBSEC_DSA_VERIFY			 103
+#define UBSEC_F_UBSEC_FINISH				 104
+#define UBSEC_F_UBSEC_INIT				 105
+#define UBSEC_F_UBSEC_MOD_EXP				 106
+#define UBSEC_F_UBSEC_RNG_BYTES				 107
+#define UBSEC_F_UBSEC_RSA_MOD_EXP			 108
+#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT			 109
+
+/* Reason codes. */
+#define UBSEC_R_ALREADY_LOADED				 100
+#define UBSEC_R_BN_EXPAND_FAIL				 101
+#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED		 102
+#define UBSEC_R_DSO_FAILURE				 103
+#define UBSEC_R_MISSING_KEY_COMPONENTS			 104
+#define UBSEC_R_NOT_LOADED				 105
+#define UBSEC_R_REQUEST_FAILED				 106
+#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107
+#define UBSEC_R_UNIT_FAILURE				 108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/engine/tb_cipher.c b/crypto/openssl/crypto/engine/tb_cipher.c
new file mode 100644
index 0000000..50b3cec
--- /dev/null
+++ b/crypto/openssl/crypto/engine/tb_cipher.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
+ * is used by EVP to hook in cipher code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_CIPHER_DEBUG */
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+	{
+	engine_table_unregister(&cipher_table, e);
+	}
+
+static void engine_unregister_all_ciphers(void)
+	{
+	engine_table_cleanup(&cipher_table);
+	}
+
+int ENGINE_register_ciphers(ENGINE *e)
+	{
+	if(e->ciphers)
+		{
+		const int *nids;
+		int num_nids = e->ciphers(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&cipher_table,
+					engine_unregister_all_ciphers, e, nids,
+					num_nids, 0);
+		}
+	return 1;
+	}
+
+void ENGINE_register_all_ciphers()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_ciphers(e);
+	}
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+	{
+	if(e->ciphers)
+		{
+		const int *nids;
+		int num_nids = e->ciphers(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&cipher_table,
+					engine_unregister_all_ciphers, e, nids,
+					num_nids, 1);
+		}
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+	{
+	return engine_table_select(&cipher_table, nid);
+	}
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+	{
+	const EVP_CIPHER *ret;
+	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+	if(!fn || !fn(e, &ret, NULL, nid))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
+				ENGINE_R_UNIMPLEMENTED_CIPHER);
+		return NULL;
+		}
+	return ret;
+	}
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+	{
+	return e->ciphers;
+	}
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+	{
+	e->ciphers = f;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/tb_dh.c b/crypto/openssl/crypto/engine/tb_dh.c
new file mode 100644
index 0000000..e290e17
--- /dev/null
+++ b/crypto/openssl/crypto/engine/tb_dh.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
+ * used by DH to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DH_DEBUG */
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+	{
+	engine_table_unregister(&dh_table, e);
+	}
+
+static void engine_unregister_all_DH(void)
+	{
+	engine_table_cleanup(&dh_table);
+	}
+
+int ENGINE_register_DH(ENGINE *e)
+	{
+	if(e->dh_meth)
+		return engine_table_register(&dh_table,
+				engine_unregister_all_DH, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_DH()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_DH(e);
+	}
+
+int ENGINE_set_default_DH(ENGINE *e)
+	{
+	if(e->dh_meth)
+		return engine_table_register(&dh_table,
+				engine_unregister_all_DH, e, &dummy_nid, 1, 1);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DH(void)
+	{
+	return engine_table_select(&dh_table, dummy_nid);
+	}
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+	{
+	return e->dh_meth;
+	}
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+	{
+	e->dh_meth = dh_meth;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/tb_digest.c b/crypto/openssl/crypto/engine/tb_digest.c
new file mode 100644
index 0000000..e82d2a1
--- /dev/null
+++ b/crypto/openssl/crypto/engine/tb_digest.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
+ * is used by EVP to hook in digest code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DIGEST_DEBUG */
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+	{
+	engine_table_unregister(&digest_table, e);
+	}
+
+static void engine_unregister_all_digests(void)
+	{
+	engine_table_cleanup(&digest_table);
+	}
+
+int ENGINE_register_digests(ENGINE *e)
+	{
+	if(e->digests)
+		{
+		const int *nids;
+		int num_nids = e->digests(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&digest_table,
+					engine_unregister_all_digests, e, nids,
+					num_nids, 0);
+		}
+	return 1;
+	}
+
+void ENGINE_register_all_digests()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_digests(e);
+	}
+
+int ENGINE_set_default_digests(ENGINE *e)
+	{
+	if(e->digests)
+		{
+		const int *nids;
+		int num_nids = e->digests(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&digest_table,
+					engine_unregister_all_digests, e, nids,
+					num_nids, 1);
+		}
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid' */
+ENGINE *ENGINE_get_digest_engine(int nid)
+	{
+	return engine_table_select(&digest_table, nid);
+	}
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+	{
+	const EVP_MD *ret;
+	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+	if(!fn || !fn(e, &ret, NULL, nid))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
+				ENGINE_R_UNIMPLEMENTED_DIGEST);
+		return NULL;
+		}
+	return ret;
+	}
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+	{
+	return e->digests;
+	}
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+	{
+	e->digests = f;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/tb_dsa.c b/crypto/openssl/crypto/engine/tb_dsa.c
new file mode 100644
index 0000000..8017059
--- /dev/null
+++ b/crypto/openssl/crypto/engine/tb_dsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
+ * used by DSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DSA_DEBUG */
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+	{
+	engine_table_unregister(&dsa_table, e);
+	}
+
+static void engine_unregister_all_DSA(void)
+	{
+	engine_table_cleanup(&dsa_table);
+	}
+
+int ENGINE_register_DSA(ENGINE *e)
+	{
+	if(e->dsa_meth)
+		return engine_table_register(&dsa_table,
+				engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_DSA()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_DSA(e);
+	}
+
+int ENGINE_set_default_DSA(ENGINE *e)
+	{
+	if(e->dsa_meth)
+		return engine_table_register(&dsa_table,
+				engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DSA(void)
+	{
+	return engine_table_select(&dsa_table, dummy_nid);
+	}
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+	{
+	return e->dsa_meth;
+	}
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+	{
+	e->dsa_meth = dsa_meth;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/tb_rand.c b/crypto/openssl/crypto/engine/tb_rand.c
new file mode 100644
index 0000000..69b6711
--- /dev/null
+++ b/crypto/openssl/crypto/engine/tb_rand.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
+ * used by RAND to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RAND_DEBUG */
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+	{
+	engine_table_unregister(&rand_table, e);
+	}
+
+static void engine_unregister_all_RAND(void)
+	{
+	engine_table_cleanup(&rand_table);
+	}
+
+int ENGINE_register_RAND(ENGINE *e)
+	{
+	if(e->rand_meth)
+		return engine_table_register(&rand_table,
+				engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_RAND()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_RAND(e);
+	}
+
+int ENGINE_set_default_RAND(ENGINE *e)
+	{
+	if(e->rand_meth)
+		return engine_table_register(&rand_table,
+				engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RAND(void)
+	{
+	return engine_table_select(&rand_table, dummy_nid);
+	}
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+	{
+	return e->rand_meth;
+	}
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+	{
+	e->rand_meth = rand_meth;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/tb_rsa.c b/crypto/openssl/crypto/engine/tb_rsa.c
new file mode 100644
index 0000000..fee4867
--- /dev/null
+++ b/crypto/openssl/crypto/engine/tb_rsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
+ * used by RSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RSA_DEBUG */
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+	{
+	engine_table_unregister(&rsa_table, e);
+	}
+
+static void engine_unregister_all_RSA(void)
+	{
+	engine_table_cleanup(&rsa_table);
+	}
+
+int ENGINE_register_RSA(ENGINE *e)
+	{
+	if(e->rsa_meth)
+		return engine_table_register(&rsa_table,
+				engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_RSA()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_RSA(e);
+	}
+
+int ENGINE_set_default_RSA(ENGINE *e)
+	{
+	if(e->rsa_meth)
+		return engine_table_register(&rsa_table,
+				engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RSA(void)
+	{
+	return engine_table_select(&rsa_table, dummy_nid);
+	}
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+	{
+	return e->rsa_meth;
+	}
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+	{
+	e->rsa_meth = rsa_meth;
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/engine/vendor_defns/aep.h b/crypto/openssl/crypto/engine/vendor_defns/aep.h
new file mode 100644
index 0000000..2b2792d
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/aep.h
@@ -0,0 +1,178 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities, and rnd number generation of the AEP card. 
+ *
+ */
+
+/*
+ *
+ * Some AEP defines
+ *
+ */
+
+/*Successful return value*/
+#define AEP_R_OK                                0x00000000
+
+/*Miscelleanous unsuccessful return value*/
+#define AEP_R_GENERAL_ERROR                     0x10000001
+
+/*Insufficient host memory*/
+#define AEP_R_HOST_MEMORY                       0x10000002
+
+#define AEP_R_FUNCTION_FAILED                   0x10000006
+
+/*Invalid arguments in function call*/
+#define AEP_R_ARGUMENTS_BAD                     0x10020000
+
+#define AEP_R_NO_TARGET_RESOURCES				0x10030000
+
+/*Error occuring on socket operation*/
+#define AEP_R_SOCKERROR							0x10000010
+
+/*Socket has been closed from the other end*/
+#define AEP_R_SOCKEOF							0x10000011
+
+/*Invalid handles*/
+#define AEP_R_CONNECTION_HANDLE_INVALID         0x100000B3
+
+#define AEP_R_TRANSACTION_HANDLE_INVALID		0x10040000
+
+/*Transaction has not yet returned from accelerator*/
+#define AEP_R_TRANSACTION_NOT_READY				0x00010000
+
+/*There is already a thread waiting on this transaction*/
+#define AEP_R_TRANSACTION_CLAIMED				0x10050000
+
+/*The transaction timed out*/
+#define AEP_R_TIMED_OUT							0x10060000
+
+#define AEP_R_FXN_NOT_IMPLEMENTED				0x10070000
+
+#define AEP_R_TARGET_ERROR						0x10080000
+
+/*Error in the AEP daemon process*/
+#define AEP_R_DAEMON_ERROR						0x10090000
+
+/*Invalid ctx id*/
+#define AEP_R_INVALID_CTX_ID					0x10009000
+
+#define AEP_R_NO_KEY_MANAGER					0x1000a000
+
+/*Error obtaining a mutex*/
+#define AEP_R_MUTEX_BAD                         0x000001A0
+
+/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
+#define AEP_R_AEPAPI_NOT_INITIALIZED			0x10000190
+
+/*AEP_Initialise has already been called*/
+#define AEP_R_AEPAPI_ALREADY_INITIALIZED		0x10000191
+
+/*Maximum number of connections to daemon reached*/
+#define AEP_R_NO_MORE_CONNECTION_HNDLS			0x10000200
+
+/*
+ *
+ * Some AEP Type definitions
+ *
+ */
+
+/* an unsigned 8-bit value */
+typedef unsigned char				AEP_U8;
+
+/* an unsigned 8-bit character */
+typedef char					AEP_CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef AEP_U8					AEP_BBOOL;
+
+/*Unsigned value, at least 16 bits long*/
+typedef unsigned short				AEP_U16;
+
+/* an unsigned value, at least 32 bits long */
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned int				AEP_U32;
+#else
+typedef unsigned long				AEP_U32;
+#endif
+
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned long				AEP_U64;
+#else
+typedef struct { unsigned long l1, l2; }	AEP_U64;
+#endif
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef AEP_U32			AEP_FLAGS;
+
+typedef AEP_U8	    	*AEP_U8_PTR;
+typedef AEP_CHAR    	*AEP_CHAR_PTR;
+typedef AEP_U32			*AEP_U32_PTR;
+typedef AEP_U64			*AEP_U64_PTR;
+typedef void        	*AEP_VOID_PTR;
+
+/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
+typedef AEP_VOID_PTR 	*AEP_VOID_PTR_PTR;
+
+/*Used to identify an AEP connection handle*/
+typedef AEP_U32					AEP_CONNECTION_HNDL;
+
+/*Pointer to an AEP connection handle*/
+typedef AEP_CONNECTION_HNDL 	*AEP_CONNECTION_HNDL_PTR;
+
+/*Used by an application (in conjunction with the apps process id) to 
+identify an individual transaction*/
+typedef AEP_U32					AEP_TRANSACTION_ID;
+
+/*Pointer to an applications transaction identifier*/
+typedef AEP_TRANSACTION_ID 		*AEP_TRANSACTION_ID_PTR;
+
+/*Return value type*/
+typedef AEP_U32					AEP_RV;
+
+#define MAX_PROCESS_CONNECTIONS 256
+
+#define RAND_BLK_SIZE 1024
+
+typedef enum{
+        NotConnected=   0,
+        Connected=              1,
+        InUse=                  2
+} AEP_CONNECTION_STATE;
+
+
+typedef struct AEP_CONNECTION_ENTRY{
+        AEP_CONNECTION_STATE    conn_state;
+        AEP_CONNECTION_HNDL     conn_hndl;
+} AEP_CONNECTION_ENTRY;
+
+
+typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
+typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
+
+typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
+			    AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+			    AEP_VOID_PTR pN,
+			    AEP_VOID_PTR pResult,
+			    AEP_TRANSACTION_ID* pidTransID);
+
+typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
+			       AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+			       AEP_VOID_PTR pQ,
+			       AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
+			       AEP_VOID_PTR pIqmp,
+			       AEP_VOID_PTR pResult,
+			       AEP_TRANSACTION_ID* pidTransID);
+
+#ifdef AEPRAND
+typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
+			       AEP_U32 Len,
+			       AEP_U32 Type,
+			       AEP_VOID_PTR pResult,
+			       AEP_TRANSACTION_ID* pidTransID);
+#endif
+
+typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
+typedef AEP_RV t_AEP_Finalize();
+typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
+				    AEP_RV (*MakeAEPBigNumFunc)(),
+				    AEP_RV (*ConverAEPBigNumFunc)());
+
diff --git a/crypto/openssl/crypto/engine/vendor_defns/atalla.h b/crypto/openssl/crypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000..149970d
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,48 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities of Atalla cards. The only cryptographic operation
+ * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
+ * defines an "RSA private key". However, it is really only performing a
+ * regular mod_exp using the supplied modulus and exponent - no CRT form is
+ * being used. Hence, it is a generic mod_exp function in disguise, and we use
+ * it as such.
+ *
+ * Thanks to the people at Atalla for letting me know these definitions are
+ * fine and that they can be reproduced here.
+ *
+ * Geoff.
+ */
+
+typedef struct ItemStr
+	{
+	unsigned char *data;
+	int len;
+	} Item;
+
+typedef struct RSAPrivateKeyStr
+	{
+	void *reserved;
+	Item version;
+	Item modulus;
+	Item publicExponent;
+	Item privateExponent;
+	Item prime[2];
+	Item exponent[2];
+	Item coefficient;
+	} RSAPrivateKey;
+
+/* Predeclare the function pointer types that we dynamically load from the DSO.
+ * These use the same names and form that Ben's original support code had (in
+ * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
+ * somewhere along the way!
+ */
+
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+					unsigned int *ret_buf);
+
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+					unsigned char *output,
+					unsigned char *input,
+					unsigned int modulus_len);
+
diff --git a/crypto/openssl/crypto/engine/vendor_defns/cswift.h b/crypto/openssl/crypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000..6007932
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,234 @@
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelertors
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+
+
+/* NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long)
+ * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
+ * agree with Rainbow's API and this will only be called into question
+ * on platforms with Rainbow support anyway! ;-) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef long              SW_STATUS;              /* status           */
+typedef unsigned char     SW_BYTE;                /* 8 bit byte       */
+typedef unsigned short    SW_U16;                 /* 16 bit number    */
+#if defined(_IRIX)
+#include <sgidefs.h>
+typedef __uint32_t        SW_U32;
+#else
+typedef unsigned long     SW_U32;                 /* 32 bit integer   */
+#endif
+ 
+#if defined(OPENSSL_SYS_WIN32)
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+  typedef longlong SW_U64
+#else /* Unix variants */
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#endif
+
+/* status codes */
+#define SW_OK                 (0L)
+#define SW_ERR_BASE           (-10000L)
+#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present   */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered  */
+                                              /*    up yet                 */
+#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command    */
+                                              /*    time out               */
+#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to        */
+                                              /*    execute the command    */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT    */
+                                              /*    handle                 */
+#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */
+                                              /*    standing at this       */
+                                              /*    context handle         */
+#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.    */
+#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10)/* No request is pending.    */
+#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11)/* Not enough memory         */
+#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12)/* Invalid algorithm type    */
+                                              /*    in SW_PARAM structure  */
+#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13)/* No key is associated with */
+                                              /*    context.               */
+                                              /*    swAttachKeyParam() is  */
+                                              /*    not called.            */
+#define SW_ERR_KEY_CMD_MISMATCH \
+                              (SW_ERR_BASE-14)/* Cannot perform requested  */
+                                              /*    SW_COMMAND_CODE since  */
+                                              /*    key attached via       */
+                                              /*    swAttachKeyParam()     */
+                                              /*    cannot be used for this*/
+                                              /*    SW_COMMAND_CODE.       */
+#define SW_ERR_NOT_IMPLEMENTED \
+                              (SW_ERR_BASE-15)/* Not implemented           */
+#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16)/* Bad command code          */
+#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17)/* too small or too large in */
+                                              /*    the "initems" or       */
+                                              /*    "outitems".            */
+#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18)/* Bad accelerator number    */
+#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19)/* At least one of the self  */
+                                              /*    test fail, look at the */
+                                              /*    selfTestBitmap in      */
+                                              /*    SW_ACCELERATOR_INFO for*/
+                                              /*    details.               */
+#define SW_ERR_MISALIGN       (SW_ERR_BASE-20)/* Certain alogrithms require*/
+                                              /*    key materials aligned  */
+                                              /*    in certain order, e.g. */
+                                              /*    128 bit for CRT        */
+#define SW_ERR_OUTPUT_NULL_PTR \
+                              (SW_ERR_BASE-21)/* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_OUTPUT_SIZE \
+                              (SW_ERR_BASE-22)/* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+                              (SW_ERR_BASE-23)/* firmware checksum mismatch*/
+                                              /*    download failed.       */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+                              (SW_ERR_BASE-24)/* unknown firmware error    */
+#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25)/* request is abort when     */
+                                              /*    it's waiting to be     */
+                                              /*    completed.             */
+#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26)/* error in writing to Non-  */
+                                              /*    volatile memory        */
+#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27)/* out of range error in     */
+                                              /*    writing to NV memory   */
+#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28)/* Random Number Generation  */
+                                              /*    failure                */
+#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math   */
+                                              /*    calculations           */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on -   */
+                                              /*    board memory           */
+#define SW_ERR_FIRMWARE_VERSION \
+                              (SW_ERR_BASE-32)/* Wrong version in firmware */
+                                              /*    update                 */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+                              (SW_ERR_BASE-44)/* All accelerators are bad  */
+
+
+  /* algorithm type */
+#define SW_ALG_CRT          1
+#define SW_ALG_EXP          2
+#define SW_ALG_DSA          3
+#define SW_ALG_NVDATA       4
+
+  /* command code */
+#define SW_CMD_MODEXP_CRT   1 /* perform Modular Exponentiation using  */
+                              /*  Chinese Remainder Theorem (CRT)      */
+#define SW_CMD_MODEXP       2 /* perform Modular Exponentiation        */
+#define SW_CMD_DSS_SIGN     3 /* perform DSS sign                      */
+#define SW_CMD_DSS_VERIFY   4 /* perform DSS verify                    */
+#define SW_CMD_RAND         5 /* perform random number generation      */
+#define SW_CMD_NVREAD       6 /* perform read to nonvolatile RAM       */
+#define SW_CMD_NVWRITE      7 /* perform write to nonvolatile RAM      */
+
+typedef SW_U32            SW_ALGTYPE;             /* alogrithm type   */
+typedef SW_U32            SW_STATE;               /* state            */
+typedef SW_U32            SW_COMMAND_CODE;        /* command code     */
+typedef SW_U32            SW_COMMAND_BITMAP[4];   /* bitmap           */
+
+typedef struct _SW_LARGENUMBER {
+    SW_U32    nbytes;       /* number of bytes in the buffer "value"  */
+    SW_BYTE*  value;        /* the large integer as a string of       */
+                            /*   bytes in network (big endian) order  */
+} SW_LARGENUMBER;               
+
+#if defined(OPENSSL_SYS_WIN32)
+    #include <windows.h>
+    typedef HANDLE          SW_OSHANDLE;          /* handle to kernel object */
+    #define SW_OS_INVALID_HANDLE  INVALID_HANDLE_VALUE
+    #define SW_CALLCONV _stdcall
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+    /* async callback mechanisms */
+    /* swiftCallbackLevel */
+    #define SW_MAC_CALLBACK_LEVEL_NO         0		
+    #define SW_MAC_CALLBACK_LEVEL_HARDWARE   1	/* from the hardware ISR */
+    #define SW_MAC_CALLBACK_LEVEL_SECONDARY  2	/* as secondary ISR */
+    typedef int             SW_MAC_CALLBACK_LEVEL;
+    typedef int             SW_OSHANDLE;
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#else /* Unix variants */
+    typedef int             SW_OSHANDLE;          /* handle to driver */
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#endif 
+
+typedef struct _SW_CRT {
+    SW_LARGENUMBER  p;      /* prime number p                         */
+    SW_LARGENUMBER  q;      /* prime number q                         */
+    SW_LARGENUMBER  dmp1;   /* exponent1                              */
+    SW_LARGENUMBER  dmq1;   /* exponent2                              */
+    SW_LARGENUMBER  iqmp;   /* CRT coefficient                        */
+} SW_CRT;
+
+typedef struct _SW_EXP {
+    SW_LARGENUMBER  modulus; /* modulus                                */
+    SW_LARGENUMBER  exponent;/* exponent                               */
+} SW_EXP;
+
+typedef struct _SW_DSA {
+    SW_LARGENUMBER  p;      /*                                        */
+    SW_LARGENUMBER  q;      /*                                        */
+    SW_LARGENUMBER  g;      /*                                        */
+    SW_LARGENUMBER  key;    /* private/public key                     */
+} SW_DSA;
+
+typedef struct _SW_NVDATA {
+    SW_U32 accnum;          /* accelerator board number               */
+    SW_U32 offset;          /* offset in byte                         */
+} SW_NVDATA;
+
+typedef struct _SW_PARAM {
+    SW_ALGTYPE    type;     /* type of the alogrithm                  */
+    union {
+        SW_CRT    crt;
+        SW_EXP    exp;
+        SW_DSA    dsa;
+        SW_NVDATA nvdata;
+    } up;
+} SW_PARAM;
+
+typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+
+/* Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries. */
+typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
+typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+                                                SW_PARAM *key_params);
+typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+                                                SW_COMMAND_CODE cmd,
+                				SW_LARGENUMBER pin[],
+                                		SW_U32 pin_count,
+                                                SW_LARGENUMBER pout[],
+                				SW_U32 pout_count);
+typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
diff --git a/crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h b/crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h
new file mode 100644
index 0000000..296636e
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h
@@ -0,0 +1,149 @@
+/**********************************************************************/
+/*                                                                    */
+/*  Prototypes of the CCA verbs used by the 4758 CCA openssl driver   */
+/*                                                                    */
+/*  Maurice Gittens <maurice@gittens.nl>                              */
+/*                                                                    */
+/**********************************************************************/
+
+#ifndef __HW_4758_CCA__
+#define __HW_4758_CCA__
+
+/*
+ *  Only WIN32 support for now
+ */
+#if defined(WIN32)
+
+  #define CCA_LIB_NAME "CSUNSAPI"
+
+  #define CSNDPKX   "CSNDPKX_32"
+  #define CSNDKRR   "CSNDKRR_32"
+  #define CSNDPKE   "CSNDPKE_32"
+  #define CSNDPKD   "CSNDPKD_32"
+  #define CSNDDSV   "CSNDDSV_32"
+  #define CSNDDSG   "CSNDDSG_32"
+  #define CSNBRNG   "CSNBRNG_32"
+
+  #define SECURITYAPI __stdcall
+#else
+    /* Fixme!!         
+      Find out the values of these constants for other platforms.
+    */
+  #define CCA_LIB_NAME "CSUNSAPI"
+
+  #define CSNDPKX   "CSNDPKX"
+  #define CSNDKRR   "CSNDKRR"
+  #define CSNDPKE   "CSNDPKE"
+  #define CSNDPKD   "CSNDPKD"
+  #define CSNDDSV   "CSNDDSV"
+  #define CSNDDSG   "CSNDDSG"
+  #define CSNBRNG   "CSNBRNG"
+
+  #define SECURITYAPI
+#endif
+
+/*
+ * security API prototypes
+ */
+
+/* PKA Key Record Read */
+typedef void (SECURITYAPI *F_KEYRECORDREAD)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              unsigned char * key_label,
+              long          * key_token_length,
+              unsigned char * key_token);
+
+/* Random Number Generate */
+typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              unsigned char * form,
+              unsigned char * random_number);
+
+/* Digital Signature Generate */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_private_key_id_length,
+              unsigned char * PKA_private_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              long          * signature_bit_length,
+              unsigned char * signature_field);
+
+/* Digital Signature Verify */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_public_key_id_length,
+              unsigned char * PKA_public_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              unsigned char * signature_field);
+
+/* PKA Public Key Extract */
+typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * source_key_identifier_length,
+              unsigned char * source_key_identifier,
+              long          * target_key_token_length,
+              unsigned char * target_key_token);
+
+/* PKA Encrypt */
+typedef void   (SECURITYAPI *F_PKAENCRYPT)
+               (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  key_value_length,
+                 unsigned char *  key_value,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_public_key_length,
+                 unsigned char *  RSA_public_key,
+                 long          *  RSA_encipher_length,
+                 unsigned char *  RSA_encipher );
+
+/* PKA Decrypt */
+typedef void    (SECURITYAPI *F_PKADECRYPT)
+                (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  enciphered_key_length,
+                 unsigned char *  enciphered_key,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_private_key_length,
+                 unsigned char *  RSA_private_key,
+                 long          *  key_value_length,
+                 unsigned char *  key_value    );
+
+
+#endif
diff --git a/crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h b/crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000..b6619d4
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
+/******************************************************************************
+ *
+ *  Copyright 2000
+ *  Broadcom Corporation
+ *  16215 Alton Parkway
+ *  PO Box 57013
+ *  Irvine CA 92619-7013
+ *
+ *****************************************************************************/
+/* 
+ * Broadcom Corporation uBSec SDK 
+ */
+/*
+ * Character device header file.
+ */
+/*
+ * Revision History:
+ *
+ * October 2000 JTT Created.
+ */
+
+#define MAX_PUBLIC_KEY_BITS (1024)
+#define MAX_PUBLIC_KEY_BYTES (1024/8)
+#define SHA_BIT_SIZE  (160)
+#define MAX_CRYPTO_KEY_LENGTH 24
+#define MAX_MAC_KEY_LENGTH 64
+#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
+#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
+
+/* Math command types. */
+#define UBSEC_MATH_MODADD 0x0001
+#define UBSEC_MATH_MODSUB 0x0002
+#define UBSEC_MATH_MODMUL 0x0004
+#define UBSEC_MATH_MODEXP 0x0008
+#define UBSEC_MATH_MODREM 0x0010
+#define UBSEC_MATH_MODINV 0x0020
+
+typedef long ubsec_MathCommand_t;
+typedef long ubsec_RNGCommand_t;
+
+typedef struct ubsec_crypto_context_s {
+	unsigned int	flags;
+	unsigned char	crypto[MAX_CRYPTO_KEY_LENGTH];
+	unsigned char 	auth[MAX_MAC_KEY_LENGTH];
+} ubsec_crypto_context_t, *ubsec_crypto_context_p;
+
+/* 
+ * Predeclare the function pointer types that we dynamically load from the DSO.
+ */
+
+typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
+
+typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
+
+typedef int t_UBSEC_ubsec_open(unsigned char *device);
+
+typedef int t_UBSEC_ubsec_close(int fd);
+
+typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
+	unsigned char *x, int *x_len, unsigned char *y, int *y_len, 
+	unsigned char *g, int g_len, unsigned char *m, int m_len,
+	unsigned char *userX, int userX_len, int random_bits);
+
+typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
+	unsigned char *x, int x_len, unsigned char *y, int y_len, 
+	unsigned char *m, int m_len, unsigned char *k, int *k_len);
+
+typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
+	unsigned char *x, int x_len, unsigned char *m, int m_len,
+	unsigned char *e, int e_len, unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
+	unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
+	unsigned char *edq, int edq_len, unsigned char *q, int q_len,
+	unsigned char *edp, int edp_len, unsigned char *p, int p_len,
+	unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_dsa_sign_ioctl (int fd,
+	int hash, unsigned char *data, int data_len, 
+	unsigned char *rndom, int random_len, 
+	unsigned char *p, int p_len, unsigned char *q, int q_len,
+	unsigned char *g, int g_len, unsigned char *key, int key_len,
+	unsigned char *r, int *r_len, unsigned char *s, int *s_len);
+
+typedef int t_UBSEC_dsa_verify_ioctl (int fd,
+	int hash, unsigned char *data, int data_len,
+	unsigned char *p, int p_len, unsigned char *q, int q_len,
+	unsigned char *g, int g_len, unsigned char *key, int key_len,
+	unsigned char *r, int r_len, unsigned char *s, int s_len,
+	unsigned char *v, int *v_len);
+
+typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
+	unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len, 
+	unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
+	unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
+	unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h b/crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000..39224bc
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
+/*
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-2000 nCipher Corporation Limited.
+ *
+ * Redistribution and use in source and binary forms, with opr without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the copyright notice,
+ *    this list of conditions, and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions, and the following
+ *    disclaimer, in the documentation and/or other materials provided
+ *    with the distribution
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence.  Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage.  In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation."  Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty.  If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in some distributions, are
+ * not covered by the licence described above.  You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ *
+ * $Id: hwcryptohook.h,v 1.3 2001/07/04 12:26:39 ben Exp $
+ */
+
+#ifndef HWCRYPTOHOOK_H
+#define HWCRYPTOHOOK_H
+
+#include <sys/types.h>
+#include <stdio.h>
+
+#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+#endif
+
+#define HWCRYPTOHOOK_ERROR_FAILED   -1
+#define HWCRYPTOHOOK_ERROR_FALLBACK -2
+#define HWCRYPTOHOOK_ERROR_MPISIZE  -3
+
+#if HWCRYPTOHOOK_DECLARE_APPTYPES
+
+/* These structs are defined by the application and opaque to the
+ * crypto plugin.  The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types.  (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+
+#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+
+/* These next two structs are opaque to the application.  The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+
+typedef struct {
+  char *buf;
+  size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/* Used for error reporting.  When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ * 
+ * size is the size of the buffer, and will not be modified.  If you
+ * pass 0 for size you must pass 0 for buf, and nothing will be
+ * recorded (just as if you passed 0 for the struct pointer).
+ * Messages written to the buffer will always be null-terminated, even
+ * when truncated to fit within size bytes.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+
+typedef struct HWCryptoHook_MPIStruct {
+  unsigned char *buf;
+  size_t size;
+} HWCryptoHook_MPI;
+/* When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available.  Afterwards it is updated to
+ * be set to the actual length (which may be more than the space available,
+ * if there was not enough room and the result was truncated).
+ * buf (the pointer) is not updated.
+ *
+ * size is in bytes and may be zero at call or return, but must be a
+ * multiple of the limb size.  Zero limbs at the MS end are not
+ * permitted.
+ */
+
+#define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
+#define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
+/* Enable requesting fallback to software in case of problems with the
+ * hardware support.  This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+
+#define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
+/* Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed.  However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish.  Instead, they should call exit (or die with a signal)
+ * without calling _Finish.  After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+
+typedef struct {
+  unsigned long flags;
+  void *logstream; /* usually a FILE*.  See below. */
+
+  size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
+  int mslimbfirst; /* 0 or 1 */
+  int msbytefirst; /* 0 or 1; -1 = native */
+
+  /* All the callback functions should return 0 on success, or a
+   * nonzero integer (whose value will be visible in the error message
+   * put in the buffer passed to the call).
+   *
+   * If a callback is not available pass a null function pointer.
+   *
+   * The callbacks may not call down again into the crypto plugin.
+   */
+  
+  /* For thread-safety.  Set everything to 0 if you promise only to be
+   * singlethreaded.  maxsimultaneous is the number of calls to
+   * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
+   * put there then say 0 and the hook library will use a default.
+   *
+   * maxmutexes is a small limit on the number of simultaneous mutexes
+   * which will be requested by the library.  If there is no small
+   * limit, set it to 0.  If the crypto plugin cannot create the
+   * advertised number of mutexes the calls to its functions may fail.
+   * If a low number of mutexes is advertised the plugin will try to
+   * do the best it can.  Making larger numbers of mutexes available
+   * may improve performance and parallelism by reducing contention
+   * over critical sections.  Unavailability of any mutexes, implying
+   * single-threaded operation, should be indicated by the setting
+   * mutex_init et al to 0.
+   */
+  int maxmutexes;
+  int maxsimultaneous;
+  size_t mutexsize;
+  int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
+  int (*mutex_acquire)(HWCryptoHook_Mutex*);
+  void (*mutex_release)(HWCryptoHook_Mutex*);
+  void (*mutex_destroy)(HWCryptoHook_Mutex*);
+
+  /* For greater efficiency, can use condition vars internally for
+   * synchronisation.  In this case maxsimultaneous is ignored, but
+   * the other mutex stuff must be available.  In singlethreaded
+   * programs, set everything to 0.
+   */
+  size_t condvarsize;
+  int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
+  int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
+  void (*condvar_signal)(HWCryptoHook_CondVar*);
+  void (*condvar_broadcast)(HWCryptoHook_CondVar*);
+  void (*condvar_destroy)(HWCryptoHook_CondVar*);
+  
+  /* The semantics of acquiring and releasing mutexes and broadcasting
+   * and waiting on condition variables are expected to be those from
+   * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
+   * fast mutexes, recursive mutexes, or nonrecursive ones.
+   * 
+   * The _release/_signal/_broadcast and _destroy functions must
+   * always succeed when given a valid argument; if they are given an
+   * invalid argument then the program (crypto plugin + application)
+   * has an internal error, and they should abort the program.
+   */
+
+  int (*getpassphrase)(const char *prompt_info,
+                       int *len_io, char *buf,
+                       HWCryptoHook_PassphraseContext *ppctx,
+                       HWCryptoHook_CallerContext *cactx);
+  /* Passphrases and the prompt_info, if they contain high-bit-set
+   * characters, are UTF-8.  The prompt_info may be a null pointer if
+   * no prompt information is available (it should not be an empty
+   * string).  It will not contain text like `enter passphrase';
+   * instead it might say something like `Operator Card for John
+   * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+   *
+   * buf points to a buffer in which to return the passphrase; on
+   * entry *len_io is the length of the buffer.  It should be updated
+   * by the callback.  The returned passphrase should not be
+   * null-terminated by the callback.
+   */
+  
+  int (*getphystoken)(const char *prompt_info,
+                      const char *wrong_info,
+                      HWCryptoHook_PassphraseContext *ppctx,
+                      HWCryptoHook_CallerContext *cactx);
+  /* Requests that the human user physically insert a different
+   * smartcard, DataKey, etc.  The plugin should check whether the
+   * currently inserted token(s) are appropriate, and if they are it
+   * should not make this call.
+   *
+   * prompt_info is as before.  wrong_info is a description of the
+   * currently inserted token(s) so that the user is told what
+   * something is.  wrong_info, like prompt_info, may be null, but
+   * should not be an empty string.  Its contents should be
+   * syntactically similar to that of prompt_info. 
+   */
+  
+  /* Note that a single LoadKey operation might cause several calls to
+   * getpassphrase and/or requestphystoken.  If requestphystoken is
+   * not provided (ie, a null pointer is passed) then the plugin may
+   * not support loading keys for which authorisation by several cards
+   * is required.  If getpassphrase is not provided then cards with
+   * passphrases may not be supported.
+   *
+   * getpassphrase and getphystoken do not need to check that the
+   * passphrase has been entered correctly or the correct token
+   * inserted; the crypto plugin will do that.  If this is not the
+   * case then the crypto plugin is responsible for calling these
+   * routines again as appropriate until the correct token(s) and
+   * passphrase(s) are supplied as required, or until any retry limits
+   * implemented by the crypto plugin are reached.
+   *
+   * In either case, the application must allow the user to say `no'
+   * or `cancel' to indicate that they do not know the passphrase or
+   * have the appropriate token; this should cause the callback to
+   * return nonzero indicating error.
+   */
+
+  void (*logmessage)(void *logstream, const char *message);
+  /* A log message will be generated at least every time something goes
+   * wrong and an ErrMsgBuf is filled in (or would be if one was
+   * provided).  Other diagnostic information may be written there too,
+   * including more detailed reasons for errors which are reported in an
+   * ErrMsgBuf.
+   *
+   * When a log message is generated, this callback is called.  It
+   * should write a message to the relevant logging arrangements.
+   *
+   * The message string passed will be null-terminated and may be of arbitrary
+   * length.  It will not be prefixed by the time and date, nor by the
+   * name of the library that is generating it - if this is required,
+   * the logmessage callback must do it.  The message will not have a
+   * trailing newline (though it may contain internal newlines).
+   *
+   * If a null pointer is passed for logmessage a default function is
+   * used.  The default function treats logstream as a FILE* which has
+   * been converted to a void*.  If logstream is 0 it does nothing.
+   * Otherwise it prepends the date and time and library name and
+   * writes the message to logstream.  Each line will be prefixed by a
+   * descriptive string containing the date, time and identity of the
+   * crypto plugin.  Errors on the logstream are not reported
+   * anywhere, and the default function doesn't flush the stream, so
+   * the application must set the buffering how it wants it.
+   *
+   * The crypto plugin may also provide a facility to have copies of
+   * log messages sent elsewhere, and or for adjusting the verbosity
+   * of the log messages; any such facilities will be configured by
+   * external means.
+   */
+
+} HWCryptoHook_InitInfo;
+
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
+                                               size_t initinfosize,
+                                               const HWCryptoHook_ErrMsgBuf *errors,
+                                               HWCryptoHook_CallerContext *cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+
+/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+
+/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct.  In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+
+/* The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US.  They are otherwise identical.
+ */
+
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+                               unsigned char *buf, size_t len,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+                          HWCryptoHook_MPI a,
+                          HWCryptoHook_MPI p,
+                          HWCryptoHook_MPI n,
+                          HWCryptoHook_MPI *r,
+                          const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+                               HWCryptoHook_MPI m,
+                               HWCryptoHook_MPI e,
+                               HWCryptoHook_MPI n,
+                               HWCryptoHook_MPI *r,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+                             HWCryptoHook_MPI a,
+                             HWCryptoHook_MPI p,
+                             HWCryptoHook_MPI q,
+                             HWCryptoHook_MPI dmp1,
+                             HWCryptoHook_MPI dmq1,
+                             HWCryptoHook_MPI iqmp,
+                             HWCryptoHook_MPI *r,
+                             const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+                                HWCryptoHook_MPI m,
+                                HWCryptoHook_MPI p,
+                                HWCryptoHook_MPI q,
+                                HWCryptoHook_MPI dmp1,
+                                HWCryptoHook_MPI dmq1,
+                                HWCryptoHook_MPI iqmp,
+                                HWCryptoHook_MPI *r,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+
+/* The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ *    should be no attempt to fall back to software.  (Eg, for some
+ *    applications, which support only the acceleration-only
+ *    functions, the `key material' may actually be an encoded key
+ *    identifier, and doing the operation in software would give wrong
+ *    answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ *    reasonable.  If an application pays attention to this and is
+ *    able to fall back, it should also set the Fallback init flags.
+ */
+
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+                              const char *key_ident,
+                              HWCryptoHook_RSAKeyHandle *keyhandle_r,
+                              const HWCryptoHook_ErrMsgBuf *errors,
+                              HWCryptoHook_PassphraseContext *ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/* The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system.  The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters.  The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters  _ - + . / @ ~  (the user is expected to be able
+ * to enter these without quoting).  The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, no error is recorded and 0 is returned;
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+                                   HWCryptoHook_MPI *n,
+                                   HWCryptoHook_MPI *e,
+                                   const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/* The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format.  These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request.  Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+                       HWCryptoHook_RSAKeyHandle k,
+                       HWCryptoHook_MPI *r,
+                       const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+/* RSA private key operation (sign or decrypt) - raw, unpadded. */
+
+#endif /*HWCRYPTOHOOK_H*/
diff --git a/crypto/openssl/crypto/engine/vendor_defns/sureware.h b/crypto/openssl/crypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000..1d378921
--- /dev/null
+++ b/crypto/openssl/crypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
+/*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+*																								*	
+*		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*
+*		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					* 
+*		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*
+*		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*
+*		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*
+*		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*
+*		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*
+*		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*
+*		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*
+*		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*
+*		SUCH DAMAGE.																			*
+*
+* 
+*/
+#ifdef WIN32
+#define SW_EXPORT	__declspec ( dllexport )
+#else
+#define SW_EXPORT
+#endif
+
+/*
+*	List of exposed SureWare errors
+*/
+#define SUREWAREHOOK_ERROR_FAILED		-1
+#define SUREWAREHOOK_ERROR_FALLBACK		-2
+#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
+#define SUREWAREHOOK_ERROR_DATA_SIZE -4
+#define SUREWAREHOOK_ERROR_INVALID_PAD -5
+/*
+* -----------------WARNING-----------------------------------
+* In all the following functions:
+* msg is a string with at least 24 bytes free.
+* A 24 bytes string will be concatenated to the existing content of msg. 
+*/
+/*
+*	SureWare Initialisation function
+*	in param threadsafe, if !=0, thread safe enabled
+*	return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
+*/
+typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
+extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
+/*
+*	SureWare Finish function
+*/
+typedef void SureWareHook_Finish_t();
+extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
+/*
+*	 PRE_CONDITION:
+*		DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
+*/
+/*
+*	SureWare RAND Bytes function
+*	In case of failure, the content of buf is unpredictable.
+*	return 1 if success
+*			SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in/out param buf : a num bytes long buffer where random bytes will be put
+*	in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
+
+/*
+*	SureWare RAND Seed function
+*	Adds some seed to the Hardware Random Number Generator
+*	return 1 if success
+*			SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param buf : the seed to add into the HRNG
+*	in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
+
+/*
+*	SureWare Load Private Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the private protected key file without the extension
+						".sws"
+*	out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*	out param num: the effective key length in bytes
+*	out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
+extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
+
+/*
+*	SureWare Info Public Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the private protected key file without the extension
+						".swp"
+*	out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*	out param num: the effective key length in bytes
+*	out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
+										char *keytype);
+extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
+
+/*
+*	SureWare Load Public Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the public protected key file without the extension
+						".swp"
+*	in param num : the bytes size of n and e
+*	out param n: where to write modulus in bn format
+*	out param e: where to write exponent in bn format
+*/
+typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+										unsigned long *n, unsigned long *e);
+extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
+
+/*
+*	SureWare Load DSA Public Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the public protected key file without the extension
+						".swp"
+*	in param num : the bytes size of n and e
+*	out param pub: where to write pub key in bn format
+*	out param p: where to write prime in bn format
+*	out param q: where to write sunprime (length 20 bytes) in bn format
+*	out param g: where to write base in bn format
+*/
+typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+										unsigned long *pub, unsigned long *p,unsigned long*q,
+										unsigned long *g);
+extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
+
+/*
+*	SureWare Free function
+*	Destroy the key into the hardware if destroy==1
+*/
+typedef void SureWareHook_Free_t(char *p,int destroy);
+extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
+
+#define SUREWARE_PKCS1_PAD 1
+#define SUREWARE_ISO9796_PAD 2
+#define SUREWARE_NO_PAD 0
+/*
+* SureWare RSA Private Decryption
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param flen : byte size of from and to
+*	in param from : encrypted data buffer, should be a not-null valid pointer
+*	out param tlen: byte size of decrypted data, if error, unexpected value
+*	out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*					SUREWARE_PKCS1_PAD
+*					SUREWARE_NO_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
+										int *tlen,unsigned char *to,
+										char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
+/*
+* SureWare RSA Signature
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param flen : byte size of from and to
+*	in param from : encrypted data buffer, should be a not-null valid pointer
+*	out param tlen: byte size of decrypted data, if error, unexpected value
+*	out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*					SUREWARE_PKCS1_PAD
+*					SUREWARE_ISO9796_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
+										int *tlen,unsigned char *to,
+										char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
+/*
+* SureWare DSA Signature
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param flen : byte size of from and to
+*	in param from : encrypted data buffer, should be a not-null valid pointer
+*	out param to : decrypted data buffer, should be a 40bytes valid pointer
+*   in param pdsa: a protected key pointer, should be a not-null valid pointer
+*
+*/
+typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
+										unsigned long *r,unsigned long *s,char *pdsa);
+extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
+
+
+/*
+* SureWare Mod Exp
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	mod and res are mlen bytes long.
+*	exp is elen bytes long
+*	data is dlen bytes long
+*	mlen,elen and dlen are all multiple of sizeof(unsigned long)
+*/
+typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
+									int elen,const unsigned long *exp,
+									int dlen,unsigned long *data,
+									unsigned long *res);
+extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
+
diff --git a/crypto/openssl/crypto/err/Makefile.ssl b/crypto/openssl/crypto/err/Makefile.ssl
index 3334821..390bde1 100644
--- a/crypto/openssl/crypto/err/Makefile.ssl
+++ b/crypto/openssl/crypto/err/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	err
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,38 +79,41 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err.o: ../cryptlib.h
-err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-err_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c
+err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+err_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+err_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
-err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
 err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-err_all.o: ../../include/openssl/x509v3.h
-err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err_prn.o: ../cryptlib.h
+err_prn.o: ../cryptlib.h err_prn.c
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index 94a2838..5abe44e 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -119,44 +119,36 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
 
-static LHASH *error_hash=NULL;
-static LHASH *thread_hash=NULL;
-
-static unsigned long err_hash(ERR_STRING_DATA *a);
-static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
-static unsigned long pid_hash(ERR_STATE *pid);
-static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
-static unsigned long get_error_values(int inc,const char **file,int *line,
-				      const char **data,int *flags);
 static void ERR_STATE_free(ERR_STATE *s);
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ERR_str_libraries[]=
 	{
 {ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},
 {ERR_PACK(ERR_LIB_SYS,0,0)		,"system library"},
 {ERR_PACK(ERR_LIB_BN,0,0)		,"bignum routines"},
 {ERR_PACK(ERR_LIB_RSA,0,0)		,"rsa routines"},
-{ERR_PACK(ERR_LIB_DSA,0,0)		,"dsa routines"},
 {ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},
 {ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},
 {ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},
 {ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)		,"dsa routines"},
 {ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
 {ERR_PACK(ERR_LIB_CONF,0,0)		,"configuration file routines"},
-{ERR_PACK(ERR_LIB_METH,0,0)		,"X509 lookup 'method' routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)		,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)		,"elliptic curve routines"},
 {ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
-{ERR_PACK(ERR_LIB_RSAREF,0,0)		,"RSAref routines"},
-{ERR_PACK(ERR_LIB_PROXY,0,0)		,"Proxy routines"},
 {ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
 {ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
 {ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
 {ERR_PACK(ERR_LIB_RAND,0,0)		,"random number generator"},
 {ERR_PACK(ERR_LIB_DSO,0,0)		,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)		,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)		,"OCSP routines"},
 {0,NULL},
 	};
 
@@ -170,49 +162,335 @@ static ERR_STRING_DATA ERR_str_functs[]=
 	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},
 	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},
 	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
 #endif
 	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},
+	{ERR_PACK(0,SYS_F_FREAD,0),		"fread"},
 	{0,NULL},
 	};
 
 static ERR_STRING_DATA ERR_str_reasons[]=
 	{
-{ERR_R_FATAL                             ,"fatal"},
 {ERR_R_SYS_LIB				,"system lib"},
 {ERR_R_BN_LIB				,"BN lib"},
 {ERR_R_RSA_LIB				,"RSA lib"},
 {ERR_R_DH_LIB				,"DH lib"},
 {ERR_R_EVP_LIB				,"EVP lib"},
 {ERR_R_BUF_LIB				,"BUF lib"},
-{ERR_R_BIO_LIB				,"BIO lib"},
 {ERR_R_OBJ_LIB				,"OBJ lib"},
 {ERR_R_PEM_LIB				,"PEM lib"},
+{ERR_R_DSA_LIB				,"DSA lib"},
 {ERR_R_X509_LIB				,"X509 lib"},
-{ERR_R_METH_LIB				,"METH lib"},
 {ERR_R_ASN1_LIB				,"ASN1 lib"},
 {ERR_R_CONF_LIB				,"CONF lib"},
+{ERR_R_CRYPTO_LIB			,"CRYPTO lib"},
+{ERR_R_EC_LIB				,"EC lib"},
 {ERR_R_SSL_LIB				,"SSL lib"},
-{ERR_R_PROXY_LIB			,"PROXY lib"},
 {ERR_R_BIO_LIB				,"BIO lib"},
 {ERR_R_PKCS7_LIB			,"PKCS7 lib"},
+{ERR_R_X509V3_LIB			,"X509V3 lib"},
 {ERR_R_PKCS12_LIB			,"PKCS12 lib"},
-{ERR_R_MALLOC_FAILURE			,"Malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
+{ERR_R_RAND_LIB				,"RAND lib"},
+{ERR_R_DSO_LIB				,"DSO lib"},
+{ERR_R_ENGINE_LIB			,"ENGINE lib"},
+{ERR_R_OCSP_LIB				,"OCSP lib"},
+
 {ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},
 {ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},
 {ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},
 {ERR_R_EXPECTING_AN_ASN1_SEQUENCE	,"expecting an asn1 sequence"},
 {ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},
 {ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},
-{ERR_R_DSO_LIB				,"DSO lib"},
+
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE			,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR			,"internal error"},
 
 {0,NULL},
 	};
 
 
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+	{
+	/* Works on the "error_hash" string table */
+	LHASH *(*cb_err_get)(int create);
+	void (*cb_err_del)(void);
+	ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+	ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+	ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+	/* Works on the "thread_hash" error-state table */
+	LHASH *(*cb_thread_get)(int create);
+	ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+	ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+	void (*cb_thread_del_item)(const ERR_STATE *);
+	/* Returns the next available error "library" numbers */
+	int (*cb_get_next_lib)(void);
+	};
+
+/* Predeclarations of the "err_defaults" functions */
+static LHASH *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH *int_thread_get(int create);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+	{
+	int_err_get,
+	int_err_del,
+	int_err_get_item,
+	int_err_set_item,
+	int_err_del_item,
+	int_thread_get,
+	int_thread_get_item,
+	int_thread_set_item,
+	int_thread_del_item,
+	int_err_get_next_lib
+	};
+
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH *int_error_hash = NULL;
+static LHASH *int_thread_hash = NULL;
+static int int_err_library_number= ERR_LIB_USER;
+
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+	{
+	if (err_fns) return;
+	
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (!err_fns)
+		err_fns = &err_defaults;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+/* API functions to get or set the underlying ERR functions. */
+
+const ERR_FNS *ERR_get_implementation(void)
+	{
+	err_fns_check();
+	return err_fns;
+	}
+
+int ERR_set_implementation(const ERR_FNS *fns)
+	{
+	int ret = 0;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	/* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+	 * an error is there?! */
+	if (!err_fns)
+		{
+		err_fns = fns;
+		ret = 1;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	return ret;
+	}
+
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a); */
+static unsigned long err_hash(const void *a_void);
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
+static int err_cmp(const void *a_void, const void *b_void);
+/* static unsigned long pid_hash(ERR_STATE *pid); */
+static unsigned long pid_hash(const void *pid_void);
+/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
+static int pid_cmp(const void *a_void,const void *pid_void);
+static unsigned long get_error_values(int inc,int top,const char **file,int *line,
+				      const char **data,int *flags);
+
+/* The internal functions used in the "err_defaults" implementation */
+
+static LHASH *int_err_get(int create)
+	{
+	LHASH *ret = NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (!int_error_hash && create)
+		{
+		CRYPTO_push_info("int_err_get (err.c)");
+		int_error_hash = lh_new(err_hash, err_cmp);
+		CRYPTO_pop_info();
+		}
+	if (int_error_hash)
+		ret = int_error_hash;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return ret;
+	}
+
+static void int_err_del(void)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (int_error_hash)
+		{
+		lh_free(int_error_hash);
+		int_error_hash = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+	{
+	ERR_STRING_DATA *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(err_get)(0);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+	{
+	ERR_STRING_DATA *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(err_get)(1);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STRING_DATA *)lh_insert(hash, d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+	{
+	ERR_STRING_DATA *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(err_get)(0);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STRING_DATA *)lh_delete(hash, d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static LHASH *int_thread_get(int create)
+	{
+	LHASH *ret = NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (!int_thread_hash && create)
+		{
+		CRYPTO_push_info("int_thread_get (err.c)");
+		int_thread_hash = lh_new(pid_hash, pid_cmp);
+		CRYPTO_pop_info();
+		}
+	if (int_thread_hash)
+		ret = int_thread_hash;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	return ret;
+	}
+
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+	{
+	ERR_STATE *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(thread_get)(0);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STATE *)lh_retrieve(hash, d);
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+	{
+	ERR_STATE *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(thread_get)(1);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STATE *)lh_insert(hash, d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static void int_thread_del_item(const ERR_STATE *d)
+	{
+	ERR_STATE *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(thread_get)(0);
+	if (!hash)
+		return;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STATE *)lh_delete(hash, d);
+	/* make sure we don't leak memory */
+	if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+		{
+		lh_free(int_thread_hash);
+		int_thread_hash = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	if (p)
+		ERR_STATE_free(p);
+	}
+
+static int int_err_get_next_lib(void)
+	{
+	int ret;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	ret = int_err_library_number++;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return ret;
+	}
+
+
 #define NUM_SYS_STR_REASONS 127
 #define LEN_SYS_STR_REASON 32
 
@@ -231,8 +509,11 @@ static void build_SYS_str_reasons()
 	/* OPENSSL_malloc cannot be used here, use static storage instead */
 	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
 	int i;
+	static int init = 1;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
+	if (!init) return;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
 
 	for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
 		{
@@ -257,7 +538,9 @@ static void build_SYS_str_reasons()
 	/* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
 	 * as required by ERR_load_strings. */
 
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+	init = 0;
+	
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 	}
 #endif
 
@@ -274,7 +557,7 @@ static void ERR_STATE_free(ERR_STATE *s)
 	{
 	int i;
 
-	if(s == NULL)
+	if (s == NULL)
 	    return;
 
 	for (i=0; i<ERR_NUM_ERRORS; i++)
@@ -286,66 +569,46 @@ static void ERR_STATE_free(ERR_STATE *s)
 
 void ERR_load_ERR_strings(void)
 	{
-	static int init=1;
+	err_fns_check();
+#ifndef OPENSSL_NO_ERR
+	err_load_strings(0,ERR_str_libraries);
+	err_load_strings(0,ERR_str_reasons);
+	err_load_strings(ERR_LIB_SYS,ERR_str_functs);
+	build_SYS_str_reasons();
+	err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
+#endif
+	}
 
-	if (init)
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+	{
+	while (str->error)
 		{
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-		if (init == 0)
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-			return;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-#ifndef NO_ERR
-		ERR_load_strings(0,ERR_str_libraries);
-		ERR_load_strings(0,ERR_str_reasons);
-		ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
-		build_SYS_str_reasons();
-		ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons);
-#endif
-		init=0;
+		str->error|=ERR_PACK(lib,0,0);
+		ERRFN(err_set_item)(str);
+		str++;
 		}
 	}
 
 void ERR_load_strings(int lib, ERR_STRING_DATA *str)
 	{
-	if (error_hash == NULL)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
-		error_hash=lh_new(err_hash,err_cmp);
-		if (error_hash == NULL)
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-			return;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-
-		ERR_load_ERR_strings();
-		}
+	ERR_load_ERR_strings();
+	err_load_strings(lib, str);
+	}
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+	{
 	while (str->error)
 		{
 		str->error|=ERR_PACK(lib,0,0);
-		lh_insert(error_hash,str);
+		ERRFN(err_del_item)(str);
 		str++;
 		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 	}
 
 void ERR_free_strings(void)
 	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-
-	if (error_hash != NULL)
-		{
-		lh_free(error_hash);
-		error_hash=NULL;
-		}
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	err_fns_check();
+	ERRFN(err_del)();
 	}
 
 /********************************************************/
@@ -404,30 +667,40 @@ void ERR_clear_error(void)
 
 
 unsigned long ERR_get_error(void)
-	{ return(get_error_values(1,NULL,NULL,NULL,NULL)); }
+	{ return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
 
 unsigned long ERR_get_error_line(const char **file,
 	     int *line)
-	{ return(get_error_values(1,file,line,NULL,NULL)); }
+	{ return(get_error_values(1,0,file,line,NULL,NULL)); }
 
 unsigned long ERR_get_error_line_data(const char **file, int *line,
 	     const char **data, int *flags)
-	{ return(get_error_values(1,file,line,
-	     data,flags)); }
+	{ return(get_error_values(1,0,file,line,data,flags)); }
+
 
 unsigned long ERR_peek_error(void)
-	{ return(get_error_values(0,NULL,NULL,NULL,NULL)); }
+	{ return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
 
-unsigned long ERR_peek_error_line(const char **file,
-	     int *line)
-	{ return(get_error_values(0,file,line,NULL,NULL)); }
+unsigned long ERR_peek_error_line(const char **file, int *line)
+	{ return(get_error_values(0,0,file,line,NULL,NULL)); }
 
 unsigned long ERR_peek_error_line_data(const char **file, int *line,
 	     const char **data, int *flags)
-	{ return(get_error_values(0,file,line,
-	     data,flags)); }
+	{ return(get_error_values(0,0,file,line,data,flags)); }
+
+
+unsigned long ERR_peek_last_error(void)
+	{ return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
 
-static unsigned long get_error_values(int inc, const char **file, int *line,
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+	{ return(get_error_values(0,1,file,line,NULL,NULL)); }
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(0,1,file,line,data,flags)); }
+
+
+static unsigned long get_error_values(int inc, int top, const char **file, int *line,
 	     const char **data, int *flags)
 	{	
 	int i=0;
@@ -436,8 +709,21 @@ static unsigned long get_error_values(int inc, const char **file, int *line,
 
 	es=ERR_get_state();
 
-	if (es->bottom == es->top) return(0);
-	i=(es->bottom+1)%ERR_NUM_ERRORS;
+	if (inc && top)
+		{
+		if (file) *file = "";
+		if (line) *line = 0;
+		if (data) *data = "";
+		if (flags) *flags = 0;
+			
+		return ERR_R_INTERNAL_ERROR;
+		}
+
+	if (es->bottom == es->top) return 0;
+	if (top)
+		i=es->top;			 /* last error */
+	else
+		i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
 
 	ret=es->err_buffer[i];
 	if (inc)
@@ -480,7 +766,7 @@ static unsigned long get_error_values(int inc, const char **file, int *line,
 			if (flags != NULL) *flags=es->err_data_flags[i];
 			}
 		}
-	return(ret);
+	return ret;
 	}
 
 void ERR_error_string_n(unsigned long e, char *buf, size_t len)
@@ -542,58 +828,43 @@ char *ERR_error_string(unsigned long e, char *ret)
 	if (ret == NULL) ret=buf;
 	ERR_error_string_n(e, ret, 256);
 
-	return(ret);
+	return ret;
 	}
 
 LHASH *ERR_get_string_table(void)
 	{
-	return(error_hash);
+	err_fns_check();
+	return ERRFN(err_get)(0);
 	}
 
-/* not thread-safe */
 LHASH *ERR_get_err_state_table(void)
 	{
-	return(thread_hash);
+	err_fns_check();
+	return ERRFN(thread_get)(0);
 	}
 
 const char *ERR_lib_error_string(unsigned long e)
 	{
-	ERR_STRING_DATA d,*p=NULL;
+	ERR_STRING_DATA d,*p;
 	unsigned long l;
 
+	err_fns_check();
 	l=ERR_GET_LIB(e);
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
-
-	if (error_hash != NULL)
-		{
-		d.error=ERR_PACK(l,0,0);
-		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
-		}
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-
+	d.error=ERR_PACK(l,0,0);
+	p=ERRFN(err_get_item)(&d);
 	return((p == NULL)?NULL:p->string);
 	}
 
 const char *ERR_func_error_string(unsigned long e)
 	{
-	ERR_STRING_DATA d,*p=NULL;
+	ERR_STRING_DATA d,*p;
 	unsigned long l,f;
 
+	err_fns_check();
 	l=ERR_GET_LIB(e);
 	f=ERR_GET_FUNC(e);
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
-
-	if (error_hash != NULL)
-		{
-		d.error=ERR_PACK(l,f,0);
-		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
-		}
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-
+	d.error=ERR_PACK(l,f,0);
+	p=ERRFN(err_get_item)(&d);
 	return((p == NULL)?NULL:p->string);
 	}
 
@@ -602,93 +873,73 @@ const char *ERR_reason_error_string(unsigned long e)
 	ERR_STRING_DATA d,*p=NULL;
 	unsigned long l,r;
 
+	err_fns_check();
 	l=ERR_GET_LIB(e);
 	r=ERR_GET_REASON(e);
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
-
-	if (error_hash != NULL)
+	d.error=ERR_PACK(l,0,r);
+	p=ERRFN(err_get_item)(&d);
+	if (!p)
 		{
-		d.error=ERR_PACK(l,0,r);
-		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
-		if (p == NULL)
-			{
-			d.error=ERR_PACK(0,0,r);
-			p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
-			}
+		d.error=ERR_PACK(0,0,r);
+		p=ERRFN(err_get_item)(&d);
 		}
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-
 	return((p == NULL)?NULL:p->string);
 	}
 
-static unsigned long err_hash(ERR_STRING_DATA *a)
+/* static unsigned long err_hash(ERR_STRING_DATA *a) */
+static unsigned long err_hash(const void *a_void)
 	{
 	unsigned long ret,l;
 
-	l=a->error;
+	l=((ERR_STRING_DATA *)a_void)->error;
 	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
 	return(ret^ret%19*13);
 	}
 
-static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b)
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
+static int err_cmp(const void *a_void, const void *b_void)
 	{
-	return((int)(a->error-b->error));
+	return((int)(((ERR_STRING_DATA *)a_void)->error -
+			((ERR_STRING_DATA *)b_void)->error));
 	}
 
-static unsigned long pid_hash(ERR_STATE *a)
+/* static unsigned long pid_hash(ERR_STATE *a) */
+static unsigned long pid_hash(const void *a_void)
 	{
-	return(a->pid*13);
+	return(((ERR_STATE *)a_void)->pid*13);
 	}
 
-static int pid_cmp(ERR_STATE *a, ERR_STATE *b)
+/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
+static int pid_cmp(const void *a_void, const void *b_void)
 	{
-	return((int)((long)a->pid - (long)b->pid));
+	return((int)((long)((ERR_STATE *)a_void)->pid -
+			(long)((ERR_STATE *)b_void)->pid));
 	}
 
 void ERR_remove_state(unsigned long pid)
 	{
-	ERR_STATE *p = NULL,tmp;
+	ERR_STATE tmp;
 
-	if (thread_hash == NULL)
-		return;
+	err_fns_check();
 	if (pid == 0)
 		pid=(unsigned long)CRYPTO_thread_id();
 	tmp.pid=pid;
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (thread_hash)
-		{
-		p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
-		if (lh_num_items(thread_hash) == 0)
-			{
-			/* make sure we don't leak memory */
-			lh_free(thread_hash);
-			thread_hash = NULL;
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	if (p != NULL) ERR_STATE_free(p);
+	/* thread_del_item automatically destroys the LHASH if the number of
+	 * items reaches zero. */
+	ERRFN(thread_del_item)(&tmp);
 	}
 
 ERR_STATE *ERR_get_state(void)
 	{
 	static ERR_STATE fallback;
-	ERR_STATE *ret=NULL,tmp,*tmpp=NULL;
-	int thread_state_exists;
+	ERR_STATE *ret,tmp,*tmpp=NULL;
 	int i;
 	unsigned long pid;
 
+	err_fns_check();
 	pid=(unsigned long)CRYPTO_thread_id();
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (thread_hash != NULL)
-		{
-		tmp.pid=pid;
-		ret=(ERR_STATE *)lh_retrieve(thread_hash,&tmp);
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	tmp.pid=pid;
+	ret=ERRFN(thread_get_item)(&tmp);
 
 	/* ret == the error state, if NULL, make a new one */
 	if (ret == NULL)
@@ -703,42 +954,25 @@ ERR_STATE *ERR_get_state(void)
 			ret->err_data[i]=NULL;
 			ret->err_data_flags[i]=0;
 			}
-
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-
-		/* no entry yet in thread_hash for current thread -
-		 * thus, it may have changed since we last looked at it */
-		if (thread_hash == NULL)
-			thread_hash = lh_new(pid_hash, pid_cmp);
-		if (thread_hash == NULL)
-			thread_state_exists = 0; /* allocation error */
-		else
-			{
-			tmpp=(ERR_STATE *)lh_insert(thread_hash,ret);
-			thread_state_exists = 1;
-			}
-
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-		if (!thread_state_exists)
+		tmpp = ERRFN(thread_set_item)(ret);
+		/* To check if insertion failed, do a get. */
+		if (ERRFN(thread_get_item)(ret) != ret)
 			{
 			ERR_STATE_free(ret); /* could not insert it */
 			return(&fallback);
 			}
-		
-		if (tmpp != NULL) /* old entry - should not happen */
-			{
+		/* If a race occured in this function and we came second, tmpp
+		 * is the first one that we just replaced. */
+		if (tmpp)
 			ERR_STATE_free(tmpp);
-			}
 		}
-	return(ret);
+	return ret;
 	}
 
 int ERR_get_next_error_library(void)
 	{
-	static int value=ERR_LIB_USER;
-
-	return(value++);
+	err_fns_check();
+	return ERRFN(get_next_lib)();
 	}
 
 void ERR_set_error_data(char *data, int flags)
@@ -797,4 +1031,3 @@ void ERR_add_error_data(int num, ...)
 err:
 	va_end(args);
 	}
-
diff --git a/crypto/openssl/crypto/err/err.h b/crypto/openssl/crypto/err/err.h
index af6c4d4..988ef81 100644
--- a/crypto/openssl/crypto/err/err.h
+++ b/crypto/openssl/crypto/err/err.h
@@ -59,15 +59,15 @@
 #ifndef HEADER_ERR_H
 #define HEADER_ERR_H
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
 #include <stdlib.h>
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#ifndef NO_LHASH
+#ifndef OPENSSL_NO_LHASH
 #include <openssl/lhash.h>
 #endif
 
@@ -75,13 +75,7 @@
 extern "C" {
 #endif
 
-/* The following is a bit of a trick to help the object files only contain
- * the 'name of the file' string once.  Since 'err.h' is protected by the
- * HEADER_ERR_H stuff, this should be included only once per file. */
-
-#define ERR_file_name	__FILE__
-
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 #define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)
 #else
 #define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
@@ -116,53 +110,55 @@ typedef struct err_state_st
 #define ERR_LIB_PEM		9
 #define ERR_LIB_DSA		10
 #define ERR_LIB_X509		11
-#define ERR_LIB_METH		12
+/* #define ERR_LIB_METH         12 */
 #define ERR_LIB_ASN1		13
 #define ERR_LIB_CONF		14
 #define ERR_LIB_CRYPTO		15
+#define ERR_LIB_EC		16
 #define ERR_LIB_SSL		20
-#define ERR_LIB_SSL23		21
-#define ERR_LIB_SSL2		22
-#define ERR_LIB_SSL3		23
-#define ERR_LIB_RSAREF		30
-#define ERR_LIB_PROXY		31
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
 #define ERR_LIB_BIO		32
 #define ERR_LIB_PKCS7		33
 #define ERR_LIB_X509V3		34
 #define ERR_LIB_PKCS12		35
 #define ERR_LIB_RAND		36
 #define ERR_LIB_DSO		37
-#define ERR_LIB_COMP		41
+#define ERR_LIB_ENGINE		38
+#define ERR_LIB_OCSP            39
+#define ERR_LIB_UI              40
+#define ERR_LIB_COMP            41
 
 #define ERR_LIB_USER		128
 
-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
-#define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__)
-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
-#define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
-#define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
-#define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
-#define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
-#define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),ERR_file_name,__LINE__)
+#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
+#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
+#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
+#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
+#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
+#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
+#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
+#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
+#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
+#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
+#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
+#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
+#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
+#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
+#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
+#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
+#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
+#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
+#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
+#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
+#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
+#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
+#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
+#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
+#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
@@ -174,6 +170,7 @@ typedef struct err_state_st
 #define ERR_GET_REASON(l)	(int)((l)&0xfffL)
 #define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
 
+
 /* OS functions */
 #define SYS_F_FOPEN		1
 #define SYS_F_CONNECT		2
@@ -185,45 +182,53 @@ typedef struct err_state_st
 #define SYS_F_ACCEPT		8
 #define SYS_F_WSASTARTUP	9 /* Winsock stuff */
 #define SYS_F_OPENDIR		10
+#define SYS_F_FREAD		11
+
 
-#define ERR_R_FATAL		32	
 /* reasons */
-#define ERR_R_SYS_LIB	ERR_LIB_SYS
-#define ERR_R_BN_LIB	ERR_LIB_BN
-#define ERR_R_RSA_LIB	ERR_LIB_RSA
-#define ERR_R_DSA_LIB	ERR_LIB_DSA
-#define ERR_R_DH_LIB	ERR_LIB_DH
-#define ERR_R_EVP_LIB	ERR_LIB_EVP
-#define ERR_R_BUF_LIB	ERR_LIB_BUF
-#define ERR_R_BIO_LIB	ERR_LIB_BIO
-#define ERR_R_OBJ_LIB	ERR_LIB_OBJ
-#define ERR_R_PEM_LIB	ERR_LIB_PEM
-#define ERR_R_X509_LIB	ERR_LIB_X509
-#define ERR_R_METH_LIB	ERR_LIB_METH
-#define ERR_R_ASN1_LIB	ERR_LIB_ASN1
-#define ERR_R_CONF_LIB	ERR_LIB_CONF
-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
-#define ERR_R_SSL_LIB	ERR_LIB_SSL
-#define ERR_R_SSL23_LIB	ERR_LIB_SSL23
-#define ERR_R_SSL2_LIB	ERR_LIB_SSL2
-#define ERR_R_SSL3_LIB	ERR_LIB_SSL3
-#define ERR_R_PROXY_LIB	ERR_LIB_PROXY
-#define ERR_R_BIO_LIB	ERR_LIB_BIO
-#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
-#define ERR_R_DSO_LIB	ERR_LIB_DSO
-#define ERR_R_COMP_LIB	ERR_LIB_COMP
+#define ERR_R_SYS_LIB	ERR_LIB_SYS       /* 2 */
+#define ERR_R_BN_LIB	ERR_LIB_BN        /* 3 */
+#define ERR_R_RSA_LIB	ERR_LIB_RSA       /* 4 */
+#define ERR_R_DH_LIB	ERR_LIB_DH        /* 5 */
+#define ERR_R_EVP_LIB	ERR_LIB_EVP       /* 6 */
+#define ERR_R_BUF_LIB	ERR_LIB_BUF       /* 7 */
+#define ERR_R_OBJ_LIB	ERR_LIB_OBJ       /* 8 */
+#define ERR_R_PEM_LIB	ERR_LIB_PEM       /* 9 */
+#define ERR_R_DSA_LIB	ERR_LIB_DSA      /* 10 */
+#define ERR_R_X509_LIB	ERR_LIB_X509     /* 11 */
+#define ERR_R_ASN1_LIB	ERR_LIB_ASN1     /* 13 */
+#define ERR_R_CONF_LIB	ERR_LIB_CONF     /* 14 */
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */
+#define ERR_R_EC_LIB	ERR_LIB_EC       /* 16 */
+#define ERR_R_SSL_LIB	ERR_LIB_SSL      /* 20 */
+#define ERR_R_BIO_LIB	ERR_LIB_BIO      /* 32 */
+#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7    /* 33 */
+#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */
+#define ERR_R_RAND_LIB	ERR_LIB_RAND     /* 36 */
+#define ERR_R_DSO_LIB	ERR_LIB_DSO      /* 37 */
+#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */
+#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
+#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
+#define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */
+
+#define ERR_R_NESTED_ASN1_ERROR			58
+#define ERR_R_BAD_ASN1_OBJECT_HEADER		59
+#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		60
+#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	61
+#define ERR_R_ASN1_LENGTH_MISMATCH		62
+#define ERR_R_MISSING_ASN1_EOS			63
 
 /* fatal error */
+#define ERR_R_FATAL				64
 #define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
 #define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
 #define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
-#define ERR_R_NESTED_ASN1_ERROR			(4)
-#define ERR_R_BAD_ASN1_OBJECT_HEADER		(5)
-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		(6)
-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	(7)
-#define ERR_R_ASN1_LENGTH_MISMATCH		(8)
-#define ERR_R_MISSING_ASN1_EOS			(9)
+#define	ERR_R_INTERNAL_ERROR			(4|ERR_R_FATAL)
+
+/* 99 is the maximum possible ERR_R_... code, higher values
+ * are reserved for the individual libraries */
+
 
 typedef struct ERR_string_data_st
 	{
@@ -234,28 +239,35 @@ typedef struct ERR_string_data_st
 void ERR_put_error(int lib, int func,int reason,const char *file,int line);
 void ERR_set_error_data(char *data,int flags);
 
-unsigned long ERR_get_error(void );
+unsigned long ERR_get_error(void);
 unsigned long ERR_get_error_line(const char **file,int *line);
 unsigned long ERR_get_error_line_data(const char **file,int *line,
 				      const char **data, int *flags);
-unsigned long ERR_peek_error(void );
+unsigned long ERR_peek_error(void);
 unsigned long ERR_peek_error_line(const char **file,int *line);
 unsigned long ERR_peek_error_line_data(const char **file,int *line,
 				       const char **data,int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file,int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
+				       const char **data,int *flags);
 void ERR_clear_error(void );
 char *ERR_error_string(unsigned long e,char *buf);
 void ERR_error_string_n(unsigned long e, char *buf, size_t len);
 const char *ERR_lib_error_string(unsigned long e);
 const char *ERR_func_error_string(unsigned long e);
 const char *ERR_reason_error_string(unsigned long e);
-#ifndef NO_FP_API
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+			 void *u);
+#ifndef OPENSSL_NO_FP_API
 void ERR_print_errors_fp(FILE *fp);
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 void ERR_print_errors(BIO *bp);
 void ERR_add_error_data(int num, ...);
 #endif
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_load_ERR_strings(void);
 void ERR_load_crypto_strings(void);
 void ERR_free_strings(void);
@@ -263,14 +275,22 @@ void ERR_free_strings(void);
 void ERR_remove_state(unsigned long pid); /* if zero we look it up */
 ERR_STATE *ERR_get_state(void);
 
-#ifndef NO_LHASH
+#ifndef OPENSSL_NO_LHASH
 LHASH *ERR_get_string_table(void);
-LHASH *ERR_get_err_state_table(void); /* even less thread-safe than
-				       * ERR_get_string_table :-) */
+LHASH *ERR_get_err_state_table(void);
 #endif
 
 int ERR_get_next_error_library(void);
 
+/* This opaque type encapsulates the low-level error-state functions */
+typedef struct st_ERR_FNS ERR_FNS;
+/* An application can use this function and provide the return value to loaded
+ * modules that should use the application's ERR state/functionality */
+const ERR_FNS *ERR_get_implementation(void);
+/* A loaded module should call this function prior to any ERR operations using
+ * the application's "ERR_FNS". */
+int ERR_set_implementation(const ERR_FNS *fns);
+
 #ifdef	__cplusplus
 }
 #endif
diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c
index 638ed3f..90029fd 100644
--- a/crypto/openssl/crypto/err/err_all.c
+++ b/crypto/openssl/crypto/err/err_all.c
@@ -59,18 +59,18 @@
 #include <stdio.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifdef RSAref
-#include <openssl/rsaref.h>
-#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #include <openssl/evp.h>
@@ -81,8 +81,10 @@
 #include <openssl/conf.h>
 #include <openssl/pkcs12.h>
 #include <openssl/rand.h>
-#include <openssl/err.h>
 #include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
 
 void ERR_load_crypto_strings(void)
 	{
@@ -90,35 +92,38 @@ void ERR_load_crypto_strings(void)
 
 	if (done) return;
 	done=1;
-#ifndef NO_ERR
-	ERR_load_ASN1_strings();
+#ifndef OPENSSL_NO_ERR
+	ERR_load_ERR_strings(); /* include error strings for SYSerr */
 	ERR_load_BN_strings();
-	ERR_load_BUF_strings();
-	ERR_load_BIO_strings();
-	ERR_load_CONF_strings();
-#ifndef NO_RSA
-#ifdef RSAref
-	ERR_load_RSAREF_strings();
-#else
+#ifndef OPENSSL_NO_RSA
 	ERR_load_RSA_strings();
 #endif
-#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	ERR_load_DH_strings();
 #endif
-#ifndef NO_DSA
-	ERR_load_DSA_strings();
-#endif
-	ERR_load_ERR_strings();
 	ERR_load_EVP_strings();
+	ERR_load_BUF_strings();
 	ERR_load_OBJ_strings();
 	ERR_load_PEM_strings();
+#ifndef OPENSSL_NO_DSA
+	ERR_load_DSA_strings();
+#endif
 	ERR_load_X509_strings();
-	ERR_load_X509V3_strings();
+	ERR_load_ASN1_strings();
+	ERR_load_CONF_strings();
 	ERR_load_CRYPTO_strings();
-	ERR_load_PKCS7_strings();
+#ifndef OPENSSL_NO_EC
+	ERR_load_EC_strings();
+#endif
+	/* skip ERR_load_SSL_strings() because it is not in this library */
+	ERR_load_BIO_strings();
+	ERR_load_PKCS7_strings();	
+	ERR_load_X509V3_strings();
 	ERR_load_PKCS12_strings();
 	ERR_load_RAND_strings();
 	ERR_load_DSO_strings();
+	ERR_load_ENGINE_strings();
+	ERR_load_OCSP_strings();
+	ERR_load_UI_strings();
 #endif
 	}
diff --git a/crypto/openssl/crypto/err/err_prn.c b/crypto/openssl/crypto/err/err_prn.c
index 6f60b01..81e34bd 100644
--- a/crypto/openssl/crypto/err/err_prn.c
+++ b/crypto/openssl/crypto/err/err_prn.c
@@ -62,13 +62,13 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include <openssl/crypto.h>
 
-#ifndef NO_FP_API
-void ERR_print_errors_fp(FILE *fp)
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+			 void *u)
 	{
 	unsigned long l;
-	char buf[200];
+	char buf[256];
+	char buf2[4096];
 	const char *file,*data;
 	int line,flags;
 	unsigned long es;
@@ -77,31 +77,30 @@ void ERR_print_errors_fp(FILE *fp)
 	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
 		{
 		ERR_error_string_n(l, buf, sizeof buf);
-		fprintf(fp,"%lu:%s:%s:%d:%s\n",es,buf,
-			file,line,(flags&ERR_TXT_STRING)?data:"");
+		BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
+			file, line, (flags & ERR_TXT_STRING) ? data : "");
+		cb(buf2, strlen(buf2), u);
 		}
 	}
+
+#ifndef OPENSSL_NO_FP_API
+static int print_fp(const char *str, size_t len, void *fp)
+	{
+	return fprintf((FILE *)fp, "%s", str);
+	}
+void ERR_print_errors_fp(FILE *fp)
+	{
+	ERR_print_errors_cb(print_fp, fp);
+	}
 #endif
 
+static int print_bio(const char *str, size_t len, void *bp)
+	{
+	return BIO_write((BIO *)bp, str, len);
+	}
 void ERR_print_errors(BIO *bp)
 	{
-	unsigned long l;
-	char buf[256];
-	char buf2[256];
-	const char *file,*data;
-	int line,flags;
-	unsigned long es;
-
-	es=CRYPTO_thread_id();
-	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
-		{
-		ERR_error_string_n(l, buf, sizeof buf);
-		sprintf(buf2,"%lu:%s:%s:%d:",es,buf,
-			file,line);
-		BIO_write(bp,buf2,strlen(buf2));
-		if (flags & ERR_TXT_STRING)
-			BIO_write(bp,data,strlen(data));
-		BIO_write(bp,"\n",1);
-		}
+	ERR_print_errors_cb(print_bio, bp);
 	}
 
+	
diff --git a/crypto/openssl/crypto/err/openssl.ec b/crypto/openssl/crypto/err/openssl.ec
index 02deaa6..29a69df 100644
--- a/crypto/openssl/crypto/err/openssl.ec
+++ b/crypto/openssl/crypto/err/openssl.ec
@@ -1,28 +1,36 @@
+# crypto/err/openssl.ec
+
+# configuration file for util/mkerr.pl
+
+# files that may have to be rewritten by util/mkerr.pl
 L ERR		NONE				NONE
-L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
 L BN		crypto/bn/bn.h			crypto/bn/bn_err.c
 L RSA		crypto/rsa/rsa.h		crypto/rsa/rsa_err.c
-L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c
-L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
 L DH		crypto/dh/dh.h			crypto/dh/dh_err.c
 L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c
 L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c
-L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
 L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c
 L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c
+L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c
 L X509		crypto/x509/x509.h		crypto/x509/x509_err.c
-L NONE		crypto/x509/x509_vfy.h		NONE
-L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c
-#L METH		crypto/meth/meth.h		crypto/meth/meth_err.c
 L ASN1		crypto/asn1/asn1.h		crypto/asn1/asn1_err.c
 L CONF		crypto/conf/conf.h		crypto/conf/conf_err.c
-#L PROXY		crypto/proxy/proxy.h		crypto/proxy/proxy_err.c
+L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
+L EC		crypto/ec/ec.h			crypto/ec/ec_err.c
+L SSL		ssl/ssl.h			ssl/ssl_err.c
+L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
 L PKCS7		crypto/pkcs7/pkcs7.h		crypto/pkcs7/pkcs7err.c
+L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c
 L PKCS12	crypto/pkcs12/pkcs12.h		crypto/pkcs12/pk12err.c
-L RSAREF	rsaref/rsaref.h			rsaref/rsar_err.c
-L SSL		ssl/ssl.h			ssl/ssl_err.c
-L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
 L RAND		crypto/rand/rand.h		crypto/rand/rand_err.c
+L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
+L ENGINE	crypto/engine/engine.h		crypto/engine/eng_err.c
+L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c
+L UI		crypto/ui/ui.h			crypto/ui/ui_err.c
+
+# additional header files to be scanned for function names
+L NONE		crypto/x509/x509_vfy.h		NONE
+L NONE		crypto/ec/ec_lcl.h		NONE
 
 
 F RSAREF_F_RSA_BN2BIN
diff --git a/crypto/openssl/crypto/evp/Makefile.ssl b/crypto/openssl/crypto/evp/Makefile.ssl
index fb9945d..94f61b3 100644
--- a/crypto/openssl/crypto/evp/Makefile.ssl
+++ b/crypto/openssl/crypto/evp/Makefile.ssl
@@ -5,26 +5,28 @@
 DIR=	evp
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST=
+TEST=evp_test.c
+TESTDATA=evptests.txt
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
 	e_des.c e_bf.c e_idea.c e_des3.c \
-	e_rc4.c names.c \
+	e_rc4.c e_aes.c names.c \
 	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
 	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
 	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
@@ -33,9 +35,9 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
 	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
 	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
 
-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
+LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
 	e_des.o e_bf.o e_idea.o e_des3.o \
-	e_rc4.o names.o \
+	e_rc4.o e_aes.o names.o \
 	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
 	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
 	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
@@ -58,8 +60,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -69,6 +70,7 @@ links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -87,7 +89,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -98,356 +100,443 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
+bio_b64.o: ../../e_os.h ../../include/openssl/aes.h
 bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-bio_b64.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bio_b64.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_b64.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_b64.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bio_b64.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-bio_b64.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bio_b64.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_b64.o: ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/aes.h
 bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-bio_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bio_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bio_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-bio_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bio_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h
-bio_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_md.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_enc.o: ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_md.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_md.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bio_md.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_md.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-bio_md.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_md.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h
-bio_ok.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_ok.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_md.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+bio_md.o: ../../include/openssl/ui_compat.h ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_ok.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_ok.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-bio_ok.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-bio_ok.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-bio_ok.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_ok.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_ok.o: ../cryptlib.h
-c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-c_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-c_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_ok.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_ok.o: ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-c_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h
-c_allc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_allc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_all.o: ../../include/openssl/ui_compat.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_allc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_allc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-c_allc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-c_allc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-c_allc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_allc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_allc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_allc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-c_alld.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_alld.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-c_alld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_allc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_alld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_alld.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-c_alld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-c_alld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-c_alld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_alld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_alld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_alld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_alld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+digest.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-digest.o: ../../include/openssl/symhacks.h ../cryptlib.h
-e_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+digest.o: ../../include/openssl/ui_compat.h ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_aes.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_aes.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_aes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_aes.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_aes.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_aes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_aes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_aes.c
+e_aes.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_bf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_bf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_bf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_bf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_bf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_bf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_bf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-e_cast.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cast.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_bf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_bf.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_bf.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_cast.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_cast.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cast.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_cast.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_cast.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_cast.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_cast.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_cast.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-e_des.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_des.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_des.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cast.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_cast.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_des.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_des.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_des.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_des.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-e_des3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_des3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des3.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des3.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_des3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_des3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_des3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_des3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_des3.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-e_idea.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_idea.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_idea.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_idea.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_idea.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_idea.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_idea.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_idea.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_idea.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_idea.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_idea.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-e_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_idea.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_idea.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
-e_rc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_rc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c
+e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_rc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_rc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_rc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_rc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_rc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-e_rc4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_rc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc2.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_rc4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_rc4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h
-e_rc5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_rc5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
+e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_rc5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_rc5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_rc5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_rc5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_rc5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_rc5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+e_rc5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc5.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc5.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/aes.h
 e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_xcbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_xcbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_xcbc_d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 e_xcbc_d.o: ../../include/openssl/opensslconf.h
-e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_xcbc_d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_xcbc_d.o: ../cryptlib.h
-encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-encode.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_xcbc_d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+encode.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+encode.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+encode.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-encode.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-encode.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-encode.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+encode.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-encode.o: ../../include/openssl/symhacks.h ../cryptlib.h
+encode.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+encode.o: ../../include/openssl/ui_compat.h ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/aes.h
+evp_acnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_acnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_acnf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_acnf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_acnf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_acnf.o: ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
 evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-evp_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-evp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-evp_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-evp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+evp_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+evp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+evp_err.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
@@ -455,463 +544,517 @@ evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_err.o: ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_err.o: evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/aes.h
 evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-evp_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_key.o: ../cryptlib.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/aes.h
 evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-evp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_lib.o: ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/aes.h
 evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_pbe.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-evp_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pbe.o: ../cryptlib.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pbe.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/aes.h
 evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 evp_pkey.o: ../../include/openssl/opensslconf.h
-evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pkey.o: ../cryptlib.h
-m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_dss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss.o: ../cryptlib.h
-m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_dss1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss1.o: ../cryptlib.h
-m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_md2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_md2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_md2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md2.o: ../cryptlib.h
-m_md4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_md4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md2.o: ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_md4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_md4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_md4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md4.o: ../cryptlib.h
-m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md4.o: ../cryptlib.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_md5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_md5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md5.o: ../cryptlib.h
-m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_mdc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md5.o: ../cryptlib.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_mdc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_mdc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_mdc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_mdc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_mdc2.o: ../cryptlib.h
-m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_mdc2.o: ../cryptlib.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_null.o: ../cryptlib.h
+m_null.o: ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/aes.h
 m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_ripemd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+m_ripemd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 m_ripemd.o: ../../include/openssl/opensslconf.h
-m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-m_sha.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_ripemd.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_ripemd.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_ripemd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ripemd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ripemd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_sha.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_sha.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h
-m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_sha.o: ../cryptlib.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-m_sha1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-m_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha1.o: ../cryptlib.h
-names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-names.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-names.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-names.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+names.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+names.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-names.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-names.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+names.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+names.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-names.o: ../cryptlib.h
+names.o: ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/aes.h
 p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p5_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p5_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt.o: ../cryptlib.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/aes.h
 p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p5_crpt2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
 p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p_dec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_dec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_dec.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_dec.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p_dec.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-p_dec.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_dec.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_dec.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_dec.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-p_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_enc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p_open.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_open.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p_open.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p_open.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_open.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_open.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p_open.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-p_open.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_open.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_open.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_open.o: ../cryptlib.h
-p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_seal.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_seal.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-p_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_seal.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_seal.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-p_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_sign.o: ../cryptlib.h
+p_sign.o: ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/aes.h
 p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p_verify.o: ../../include/openssl/opensslconf.h
-p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h p_verify.c
diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c
index f12eac1..6e550f6 100644
--- a/crypto/openssl/crypto/evp/bio_b64.c
+++ b/crypto/openssl/crypto/evp/bio_b64.c
@@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
 		{
 		i=ctx->buf_len-ctx->buf_off;
 		if (i > outl) i=outl;
+		OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
 		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
 		ret=i;
 		out+=i;
diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/openssl/crypto/evp/bio_enc.c
index c425a97..510e1bc 100644
--- a/crypto/openssl/crypto/evp/bio_enc.c
+++ b/crypto/openssl/crypto/evp/bio_enc.c
@@ -71,6 +71,7 @@ static int enc_new(BIO *h);
 static int enc_free(BIO *data);
 static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
 #define ENC_BLOCK_SIZE	(1024*4)
+#define BUF_OFFSET	EVP_MAX_BLOCK_LENGTH
 
 typedef struct enc_struct
 	{
@@ -80,7 +81,10 @@ typedef struct enc_struct
 	int finished;
 	int ok;			/* bad decrypt */
 	EVP_CIPHER_CTX cipher;
-	char buf[ENC_BLOCK_SIZE+10];
+	/* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
+	 * can return up to a block more data than is presented to it
+	 */
+	char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
 	} BIO_ENC_CTX;
 
 static BIO_METHOD methods_enc=
@@ -128,7 +132,7 @@ static int enc_free(BIO *a)
 	if (a == NULL) return(0);
 	b=(BIO_ENC_CTX *)a->ptr;
 	EVP_CIPHER_CTX_cleanup(&(b->cipher));
-	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
@@ -170,9 +174,9 @@ static int enc_read(BIO *b, char *out, int outl)
 		{
 		if (ctx->cont <= 0) break;
 
-		/* read in at offset 8, read the EVP_Cipher
+		/* read in at IV offset, read the EVP_Cipher
 		 * documentation about why */
-		i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE);
+		i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
 
 		if (i <= 0)
 			{
@@ -180,7 +184,7 @@ static int enc_read(BIO *b, char *out, int outl)
 			if (!BIO_should_retry(b->next_bio))
 				{
 				ctx->cont=i;
-				i=EVP_CipherFinal(&(ctx->cipher),
+				i=EVP_CipherFinal_ex(&(ctx->cipher),
 					(unsigned char *)ctx->buf,
 					&(ctx->buf_len));
 				ctx->ok=i;
@@ -196,7 +200,7 @@ static int enc_read(BIO *b, char *out, int outl)
 			{
 			EVP_CipherUpdate(&(ctx->cipher),
 				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)&(ctx->buf[8]),i);
+				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
 			ctx->cont=1;
 			/* Note: it is possible for EVP_CipherUpdate to
 			 * decrypt zero bytes because this is or looks like
@@ -294,7 +298,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
 	case BIO_CTRL_RESET:
 		ctx->ok=1;
 		ctx->finished=0;
-		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
 			ctx->cipher.encrypt);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
@@ -331,7 +335,7 @@ again:
 			{
 			ctx->finished=1;
 			ctx->buf_off=0;
-			ret=EVP_CipherFinal(&(ctx->cipher),
+			ret=EVP_CipherFinal_ex(&(ctx->cipher),
 				(unsigned char *)ctx->buf,
 				&(ctx->buf_len));
 			ctx->ok=(int)ret;
@@ -417,7 +421,7 @@ void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
 
 	b->init=1;
 	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
 	
 	if (b->callback != NULL)
 		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
diff --git a/crypto/openssl/crypto/evp/bio_md.c b/crypto/openssl/crypto/evp/bio_md.c
index 2373c24..c632dfb 100644
--- a/crypto/openssl/crypto/evp/bio_md.c
+++ b/crypto/openssl/crypto/evp/bio_md.c
@@ -96,7 +96,7 @@ static int md_new(BIO *bi)
 	{
 	EVP_MD_CTX *ctx;
 
-	ctx=(EVP_MD_CTX *)OPENSSL_malloc(sizeof(EVP_MD_CTX));
+	ctx=EVP_MD_CTX_create();
 	if (ctx == NULL) return(0);
 
 	bi->init=0;
@@ -108,7 +108,7 @@ static int md_new(BIO *bi)
 static int md_free(BIO *a)
 	{
 	if (a == NULL) return(0);
-	OPENSSL_free(a->ptr);
+	EVP_MD_CTX_destroy(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
@@ -121,7 +121,7 @@ static int md_read(BIO *b, char *out, int outl)
 	EVP_MD_CTX *ctx;
 
 	if (out == NULL) return(0);
-	ctx=(EVP_MD_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
 
@@ -145,7 +145,7 @@ static int md_write(BIO *b, const char *in, int inl)
 	EVP_MD_CTX *ctx;
 
 	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=(EVP_MD_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	if ((ctx != NULL) && (b->next_bio != NULL))
 		ret=BIO_write(b->next_bio,in,inl);
@@ -170,13 +170,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 	long ret=1;
 	BIO *dbio;
 
-	ctx=(EVP_MD_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	switch (cmd)
 		{
 	case BIO_CTRL_RESET:
 		if (b->init)
-			EVP_DigestInit(ctx,ctx->digest);
+			EVP_DigestInit_ex(ctx,ctx->digest, NULL);
 		else
 			ret=0;
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -184,7 +184,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 	case BIO_C_GET_MD:
 		if (b->init)
 			{
-			ppmd=(const EVP_MD **)ptr;
+			ppmd=ptr;
 			*ppmd=ctx->digest;
 			}
 		else
@@ -193,7 +193,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 	case BIO_C_GET_MD_CTX:
 		if (b->init)
 			{
-			pctx=(EVP_MD_CTX **)ptr;
+			pctx=ptr;
 			*pctx=ctx;
 			}
 		else
@@ -206,14 +206,14 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 
 	case BIO_C_SET_MD:
-		md=(EVP_MD *)ptr;
-		EVP_DigestInit(ctx,md);
+		md=ptr;
+		EVP_DigestInit_ex(ctx,md, NULL);
 		b->init=1;
 		break;
 	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		dctx=(EVP_MD_CTX *)dbio->ptr;
-		memcpy(dctx,ctx,sizeof(ctx));
+		dbio=ptr;
+		dctx=dbio->ptr;
+		EVP_MD_CTX_copy_ex(dctx,ctx);
 		b->init=1;
 		break;
 	default:
@@ -243,10 +243,10 @@ static int md_gets(BIO *bp, char *buf, int size)
 	unsigned int ret;
 
 
-	ctx=(EVP_MD_CTX *)bp->ptr;
+	ctx=bp->ptr;
 	if (size < ctx->digest->md_size)
 		return(0);
-	EVP_DigestFinal(ctx,(unsigned char *)buf,&ret);
+	EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
 	return((int)ret);
 	}
 
diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c
index e617ce1..530ab93 100644
--- a/crypto/openssl/crypto/evp/bio_ok.c
+++ b/crypto/openssl/crypto/evp/bio_ok.c
@@ -162,7 +162,7 @@ typedef struct ok_struct
 	EVP_MD_CTX md;
 	int blockout;		/* output block is ready */ 
 	int sigio;		/* must process signature */
-	char buf[IOBS];
+	unsigned char buf[IOBS];
 	} BIO_OK_CTX;
 
 static BIO_METHOD methods_ok=
@@ -199,6 +199,8 @@ static int ok_new(BIO *bi)
 	ctx->blockout= 0;
 	ctx->sigio=1;
 
+	EVP_MD_CTX_init(&ctx->md);
+
 	bi->init=0;
 	bi->ptr=(char *)ctx;
 	bi->flags=0;
@@ -208,7 +210,8 @@ static int ok_new(BIO *bi)
 static int ok_free(BIO *a)
 	{
 	if (a == NULL) return(0);
-	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
@@ -353,7 +356,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
 	long ret=1;
 	int i;
 
-	ctx=(BIO_OK_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	switch (cmd)
 		{
@@ -411,14 +414,14 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
 		ret=(long)ctx->cont;
 		break;
 	case BIO_C_SET_MD:
-		md=(EVP_MD *)ptr;
-		EVP_DigestInit(&(ctx->md),md);
+		md=ptr;
+		EVP_DigestInit_ex(&ctx->md, md, NULL);
 		b->init=1;
 		break;
 	case BIO_C_GET_MD:
 		if (b->init)
 			{
-			ppmd=(const EVP_MD **)ptr;
+			ppmd=ptr;
 			*ppmd=ctx->md.digest;
 			}
 		else
@@ -462,19 +465,22 @@ static void sig_out(BIO* b)
 	BIO_OK_CTX *ctx;
 	EVP_MD_CTX *md;
 
-	ctx=(BIO_OK_CTX *)b->ptr;
-	md= &(ctx->md);
+	ctx=b->ptr;
+	md=&ctx->md;
 
 	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
 
-	EVP_DigestInit(md, md->digest);
-	RAND_pseudo_bytes(&(md->md.base[0]), md->digest->md_size);
-	memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size);
+	EVP_DigestInit_ex(md, md->digest, NULL);
+	/* FIXME: there's absolutely no guarantee this makes any sense at all,
+	 * particularly now EVP_MD_CTX has been restructured.
+	 */
+	RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+	memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
 	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
 	ctx->buf_len+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	ctx->sigio= 0;
@@ -487,18 +493,18 @@ static void sig_in(BIO* b)
 	unsigned char tmp[EVP_MAX_MD_SIZE];
 	int ret= 0;
 
-	ctx=(BIO_OK_CTX *)b->ptr;
-	md= &(ctx->md);
+	ctx=b->ptr;
+	md=&ctx->md;
 
 	if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return;
 
-	EVP_DigestInit(md, md->digest);
-	memcpy(&(md->md.base[0]), &(ctx->buf[ctx->buf_off]), md->digest->md_size);
-	longswap(&(md->md.base[0]), md->digest->md_size);
+	EVP_DigestInit_ex(md, md->digest, NULL);
+	memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+	longswap(md->md_data, md->digest->md_size);
 	ctx->buf_off+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	md->digest->final(tmp, &(md->md.base[0]));
+	EVP_DigestFinal_ex(md, tmp, NULL);
 	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
 	ctx->buf_off+= md->digest->md_size;
 	if(ret == 1)
@@ -523,15 +529,15 @@ static void block_out(BIO* b)
 	EVP_MD_CTX *md;
 	unsigned long tl;
 
-	ctx=(BIO_OK_CTX *)b->ptr;
-	md= &(ctx->md);
+	ctx=b->ptr;
+	md=&ctx->md;
 
 	tl= ctx->buf_len- OK_BLOCK_BLOCK;
 	tl= swapem(tl);
 	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
 	tl= swapem(tl);
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	}
@@ -543,15 +549,15 @@ static void block_in(BIO* b)
 	long tl= 0;
 	unsigned char tmp[EVP_MAX_MD_SIZE];
 
-	ctx=(BIO_OK_CTX *)b->ptr;
-	md= &(ctx->md);
+	ctx=b->ptr;
+	md=&ctx->md;
 
 	memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK);
 	tl= swapem(tl);
 	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
  
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	md->digest->final(tmp, &(md->md.base[0]));
+	EVP_DigestFinal_ex(md, tmp, NULL);
 	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
 		{
 		/* there might be parts from next block lurking around ! */
diff --git a/crypto/openssl/crypto/evp/c_all.c b/crypto/openssl/crypto/evp/c_all.c
index 1e18583..1bd54d7 100644
--- a/crypto/openssl/crypto/evp/c_all.c
+++ b/crypto/openssl/crypto/evp/c_all.c
@@ -60,8 +60,20 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 
+#if 0
+#undef OpenSSL_add_all_algorithms
+
 void OpenSSL_add_all_algorithms(void)
-{
+	{
+	OPENSSL_add_all_algorithms_noconf();
+	}
+#endif
+
+void OPENSSL_add_all_algorithms_noconf(void)
+	{
 	OpenSSL_add_all_ciphers();
 	OpenSSL_add_all_digests();
-}
+#ifdef __OpenBSD__
+	ENGINE_setup_openbsd();
+#endif
+	}
diff --git a/crypto/openssl/crypto/evp/c_allc.c b/crypto/openssl/crypto/evp/c_allc.c
index 0820557..341a958 100644
--- a/crypto/openssl/crypto/evp/c_allc.c
+++ b/crypto/openssl/crypto/evp/c_allc.c
@@ -64,11 +64,8 @@
 
 void OpenSSL_add_all_ciphers(void)
 	{
-	static int done=0;
 
-	if (done) return;
-	done=1;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cfb());
 	EVP_add_cipher(EVP_des_ede_cfb());
 	EVP_add_cipher(EVP_des_ede3_cfb());
@@ -94,12 +91,12 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher(EVP_des_ede3());
 #endif
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	EVP_add_cipher(EVP_rc4());
 	EVP_add_cipher(EVP_rc4_40());
 #endif
 
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	EVP_add_cipher(EVP_idea_ecb());
 	EVP_add_cipher(EVP_idea_cfb());
 	EVP_add_cipher(EVP_idea_ofb());
@@ -108,7 +105,7 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_idea_cbc,"idea");
 #endif
 
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	EVP_add_cipher(EVP_rc2_ecb());
 	EVP_add_cipher(EVP_rc2_cfb());
 	EVP_add_cipher(EVP_rc2_ofb());
@@ -119,7 +116,7 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
 #endif
 
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 	EVP_add_cipher(EVP_bf_ecb());
 	EVP_add_cipher(EVP_bf_cfb());
 	EVP_add_cipher(EVP_bf_ofb());
@@ -129,7 +126,7 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
 #endif
 
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	EVP_add_cipher(EVP_cast5_ecb());
 	EVP_add_cipher(EVP_cast5_cfb());
 	EVP_add_cipher(EVP_cast5_ofb());
@@ -140,7 +137,7 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
 #endif
 
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
 	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
 	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
@@ -148,6 +145,36 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
 	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
 #endif
+
+#ifndef OPENSSL_NO_AES
+	EVP_add_cipher(EVP_aes_128_ecb());
+	EVP_add_cipher(EVP_aes_128_cbc());
+	EVP_add_cipher(EVP_aes_128_cfb());
+	EVP_add_cipher(EVP_aes_128_ofb());
+#if 0
+	EVP_add_cipher(EVP_aes_128_ctr());
+#endif
+	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
+	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
+	EVP_add_cipher(EVP_aes_192_ecb());
+	EVP_add_cipher(EVP_aes_192_cbc());
+	EVP_add_cipher(EVP_aes_192_cfb());
+	EVP_add_cipher(EVP_aes_192_ofb());
+#if 0
+	EVP_add_cipher(EVP_aes_192_ctr());
+#endif
+	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
+	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
+	EVP_add_cipher(EVP_aes_256_ecb());
+	EVP_add_cipher(EVP_aes_256_cbc());
+	EVP_add_cipher(EVP_aes_256_cfb());
+	EVP_add_cipher(EVP_aes_256_ofb());
+#if 0
+	EVP_add_cipher(EVP_aes_256_ctr());
+#endif
+	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
+	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#endif
 	PKCS12_PBE_add();
 	PKCS5_PBE_add();
 	}
diff --git a/crypto/openssl/crypto/evp/c_alld.c b/crypto/openssl/crypto/evp/c_alld.c
index 41695df..be91cdb 100644
--- a/crypto/openssl/crypto/evp/c_alld.c
+++ b/crypto/openssl/crypto/evp/c_alld.c
@@ -64,42 +64,38 @@
 
 void OpenSSL_add_all_digests(void)
 	{
-	static int done=0;
-
-	if (done) return;
-	done=1;
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 	EVP_add_digest(EVP_md4());
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
 	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	EVP_add_digest(EVP_sha());
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	EVP_add_digest(EVP_dss());
 #endif
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	EVP_add_digest(EVP_sha1());
 	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	EVP_add_digest(EVP_dss1());
 	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
 	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
 	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
 #endif
-#if !defined(NO_MDC2) && !defined(NO_DES)
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
 	EVP_add_digest(EVP_mdc2());
 #endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 	EVP_add_digest(EVP_ripemd160());
 	EVP_add_digest_alias(SN_ripemd160,"ripemd");
 	EVP_add_digest_alias(SN_ripemd160,"rmd160");
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
index c560733..33013c4 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -55,38 +55,260 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/engine.h>
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+	{
+	memset(ctx,'\0',sizeof *ctx);
+	}
+
+EVP_MD_CTX *EVP_MD_CTX_create(void)
+	{
+	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+
+	EVP_MD_CTX_init(ctx);
+
+	return ctx;
+	}
 
-void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 	{
-	ctx->digest=type;
-	type->init(&(ctx->md));
+	EVP_MD_CTX_init(ctx);
+	return EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
-void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+	{
+	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+	 * so this context may already have an ENGINE! Try to avoid releasing
+	 * the previous handle, re-querying for an ENGINE, and having a
+	 * reinitialisation, when it may all be unecessary. */
+	if (ctx->engine && ctx->digest && (!type ||
+			(type && (type->type == ctx->digest->type))))
+		goto skip_to_init;
+	if (type)
+		{
+		/* Ensure an ENGINE left lying around from last time is cleared
+		 * (the previous check attempted to avoid this if the same
+		 * ENGINE and EVP_MD could be used). */
+		if(ctx->engine)
+			ENGINE_finish(ctx->engine);
+		if(impl)
+			{
+			if (!ENGINE_init(impl))
+				{
+				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		else
+			/* Ask if an ENGINE is reserved for this job */
+			impl = ENGINE_get_digest_engine(type->type);
+		if(impl)
+			{
+			/* There's an ENGINE for this job ... (apparently) */
+			const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+			if(!d)
+				{
+				/* Same comment from evp_enc.c */
+				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			/* We'll use the ENGINE's private digest definition */
+			type = d;
+			/* Store the ENGINE functional reference so we know
+			 * 'type' came from an ENGINE and we need to release
+			 * it when done. */
+			ctx->engine = impl;
+			}
+		else
+			ctx->engine = NULL;
+		}
+	else if(!ctx->digest)
+		{
+		EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+		return 0;
+		}
+	if (ctx->digest != type)
+		{
+		if (ctx->digest && ctx->digest->ctx_size)
+			OPENSSL_free(ctx->md_data);
+		ctx->digest=type;
+		if (type->ctx_size)
+			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+		}
+skip_to_init:
+	return ctx->digest->init(ctx);
+	}
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
 	     unsigned int count)
 	{
-	ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count);
+	return ctx->digest->update(ctx,data,(unsigned long)count);
+	}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+	{
+	int ret;
+	ret = EVP_DigestFinal_ex(ctx, md, size);
+	EVP_MD_CTX_cleanup(ctx);
+	return ret;
 	}
 
-void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
-	ctx->digest->final(md,&(ctx->md.base[0]));
+	int ret;
+
+	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+	ret=ctx->digest->final(ctx,md);
 	if (size != NULL)
 		*size=ctx->digest->md_size;
-	memset(&(ctx->md),0,sizeof(ctx->md));
+	if (ctx->digest->cleanup)
+		{
+		ctx->digest->cleanup(ctx);
+		EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+		}
+	memset(ctx->md_data,0,ctx->digest->ctx_size);
+	return ret;
+	}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+	{
+	EVP_MD_CTX_init(out);
+	return EVP_MD_CTX_copy_ex(out, in);
+	}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+	{
+	if ((in == NULL) || (in->digest == NULL))
+		{
+		EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+		return 0;
+		}
+	/* Make sure it's safe to copy a digest context using an ENGINE */
+	if (in->engine && !ENGINE_init(in->engine))
+		{
+		EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
+		return 0;
+		}
+
+	EVP_MD_CTX_cleanup(out);
+	memcpy(out,in,sizeof *out);
+
+	if (out->digest->ctx_size)
+		{
+		out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
+		}
+	
+	if (out->digest->copy)
+		return out->digest->copy(out,in);
+	
+	return 1;
+	}
+
+int EVP_Digest(void *data, unsigned int count,
+		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
+	{
+	EVP_MD_CTX ctx;
+	int ret;
+
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+	ret=EVP_DigestInit_ex(&ctx, type, impl)
+	  && EVP_DigestUpdate(&ctx, data, count)
+	  && EVP_DigestFinal_ex(&ctx, md, size);
+	EVP_MD_CTX_cleanup(&ctx);
+
+	return ret;
 	}
 
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in)
-{
-    if ((in == NULL) || (in->digest == NULL)) {
-        EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
-	return 0;
-    }
-    memcpy((char *)out,(char *)in,in->digest->ctx_size);
-    return 1;
-}    
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+	{
+	EVP_MD_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+	}
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+	{
+	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+	 * because sometimes only copies of the context are ever finalised.
+	 */
+	if (ctx->digest && ctx->digest->cleanup
+	    && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+		ctx->digest->cleanup(ctx);
+	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
+		{
+		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+		OPENSSL_free(ctx->md_data);
+		}
+	if(ctx->engine)
+		/* The EVP_MD we used belongs to an ENGINE, release the
+		 * functional reference we held for this reason. */
+		ENGINE_finish(ctx->engine);
+	memset(ctx,'\0',sizeof *ctx);
+
+	return 1;
+	}
diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c
new file mode 100644
index 0000000..fe8bcda
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_aes.c
@@ -0,0 +1,100 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef OPENSSL_NO_AES
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <openssl/aes.h>
+#include "evp_locl.h"
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+					const unsigned char *iv, int enc);
+
+typedef struct
+	{
+	AES_KEY ks;
+	} EVP_AES_KEY;
+
+#define data(ctx)	EVP_C_DATA(EVP_AES_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
+		       NID_aes_128, 16, 16, 16, 128,
+		       0, aes_init_key, NULL, 
+		       EVP_CIPHER_set_asn1_iv,
+		       EVP_CIPHER_get_asn1_iv,
+		       NULL)
+IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
+		       NID_aes_192, 16, 24, 16, 128,
+		       0, aes_init_key, NULL, 
+		       EVP_CIPHER_set_asn1_iv,
+		       EVP_CIPHER_get_asn1_iv,
+		       NULL)
+IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
+		       NID_aes_256, 16, 32, 16, 128,
+		       0, aes_init_key, NULL, 
+		       EVP_CIPHER_set_asn1_iv,
+		       EVP_CIPHER_get_asn1_iv,
+		       NULL)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		   const unsigned char *iv, int enc) {
+
+	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
+	    || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
+	    || enc) 
+		AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+	else
+		AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+
+	return 1;
+}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_bf.c b/crypto/openssl/crypto/evp/e_bf.c
index 53559b0..e743375 100644
--- a/crypto/openssl/crypto/evp/e_bf.c
+++ b/crypto/openssl/crypto/evp/e_bf.c
@@ -56,24 +56,32 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include "evp_locl.h"
 #include <openssl/objects.h>
+#include <openssl/blowfish.h>
 
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		       const unsigned char *iv, int enc);
 
-IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
+typedef struct
+	{
+	BF_KEY ks;
+	} EVP_BF_KEY;
+
+#define data(ctx)	EVP_C_DATA(EVP_BF_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
 			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 	
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		       const unsigned char *iv, int enc)
 	{
-	BF_set_key(&(ctx->c.bf_ks),EVP_CIPHER_CTX_key_length(ctx),key);
+	BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
 	return 1;
 	}
 
diff --git a/crypto/openssl/crypto/evp/e_cast.c b/crypto/openssl/crypto/evp/e_cast.c
index e5af7fb..3400fef 100644
--- a/crypto/openssl/crypto/evp/e_cast.c
+++ b/crypto/openssl/crypto/evp/e_cast.c
@@ -56,26 +56,34 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
+#include <openssl/cast.h>
 
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			 const unsigned char *iv,int enc);
 
-IMPLEMENT_BLOCK_CIPHER(cast5, cast_ks, CAST, cast_ks, 
-			NID_cast5, 8, EVP_CAST5_KEY_SIZE, 8,
+typedef struct
+	{
+	CAST_KEY ks;
+	} EVP_CAST_KEY;
+
+#define data(ctx)	EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 
+			NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
 			EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 			
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			 const unsigned char *iv, int enc)
 	{
-	CAST_set_key(&(ctx->c.cast_ks),EVP_CIPHER_CTX_key_length(ctx),key);
+	CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
 	return 1;
 	}
 
diff --git a/crypto/openssl/crypto/evp/e_des.c b/crypto/openssl/crypto/evp/e_des.c
index f4e998b..105266a 100644
--- a/crypto/openssl/crypto/evp/e_des.c
+++ b/crypto/openssl/crypto/evp/e_des.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
+#include <openssl/des.h>
 
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc);
@@ -72,34 +73,34 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			  const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
-		des_ecb_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), ctx->c.des_ks, ctx->encrypt);
+		DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
 	return 1;
 }
 
 static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			  const unsigned char *in, unsigned int inl)
 {
-	des_ofb64_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, &ctx->num);
+	DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
 	return 1;
 }
 
 static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			  const unsigned char *in, unsigned int inl)
 {
-	des_ncbc_encrypt(in, out, (long)inl, ctx->c.des_ks,
-			 (des_cblock *)ctx->iv, ctx->encrypt);
+	DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+			 (DES_cblock *)ctx->iv, ctx->encrypt);
 	return 1;
 }
 
 static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			  const unsigned char *in, unsigned int inl)
 {
-	des_cfb64_encrypt(in, out, (long)inl, ctx->c.des_ks,
-			  (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+	DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
 	return 1;
 }
 
-BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8,
+BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
 			0, des_init_key, NULL,
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
@@ -109,9 +110,9 @@ BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8,
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc)
 	{
-	des_cblock *deskey = (des_cblock *)key;
+	DES_cblock *deskey = (DES_cblock *)key;
 
-	des_set_key_unchecked(deskey,ctx->c.des_ks);
+	DES_set_key_unchecked(deskey,ctx->cipher_data);
 	return 1;
 	}
 
diff --git a/crypto/openssl/crypto/evp/e_des3.c b/crypto/openssl/crypto/evp/e_des3.c
index a9aba4a..077860e 100644
--- a/crypto/openssl/crypto/evp/e_des3.c
+++ b/crypto/openssl/crypto/evp/e_des3.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
+#include <openssl/des.h>
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			    const unsigned char *iv,int enc);
@@ -69,60 +70,78 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			     const unsigned char *iv,int enc);
 
+typedef struct
+    {
+    DES_key_schedule ks1;/* key schedule */
+    DES_key_schedule ks2;/* key schedule (for ede) */
+    DES_key_schedule ks3;/* key schedule (for ede3) */
+    } DES_EDE_KEY;
+
+#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+
 /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
 
 static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
-		des_ecb3_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), 
-			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
-			 ctx->encrypt);
+		DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), 
+				 &data(ctx)->ks1, &data(ctx)->ks2,
+				 &data(ctx)->ks3,
+				 ctx->encrypt);
 	return 1;
 }
 
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
-	des_ede3_ofb64_encrypt(in, out, (long)inl,
-			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
-								(des_cblock *)ctx->iv, &ctx->num);
+	DES_ede3_ofb64_encrypt(in, out, (long)inl,
+			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+			       (DES_cblock *)ctx->iv, &ctx->num);
 	return 1;
 }
 
 static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
-	des_ede3_cbc_encrypt(in, out, (long)inl,
-			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
- 								(des_cblock *)ctx->iv, ctx->encrypt);
+#ifdef KSSL_DEBUG
+	{
+        int i;
+        char *cp;
+	printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
+	printf("\t iv= ");
+        for(i=0;i<8;i++)
+                printf("%02X",ctx->iv[i]);
+	printf("\n");
+	}
+#endif    /* KSSL_DEBUG */
+	DES_ede3_cbc_encrypt(in, out, (long)inl,
+			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+			     (DES_cblock *)ctx->iv, ctx->encrypt);
 	return 1;
 }
 
 static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
-	des_ede3_cfb64_encrypt(in, out, (long)inl, 
-			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
-					(des_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+	DES_ede3_cfb64_encrypt(in, out, (long)inl, 
+			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+			       (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
 	return 1;
 }
 
-#define NID_des_ede_ecb NID_des_ede
-
-BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8,
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 			0, des_ede_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
 
-#define NID_des_ede3_ecb NID_des_ede3
 #define des_ede3_cfb_cipher des_ede_cfb_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 
-BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8,
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
 			0, des_ede3_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
@@ -131,34 +150,43 @@ BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8,
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			    const unsigned char *iv, int enc)
 	{
-	des_cblock *deskey = (des_cblock *)key;
+	DES_cblock *deskey = (DES_cblock *)key;
 
-	des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-	des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-	memcpy( (char *)ctx->c.des_ede.ks3,
-			(char *)ctx->c.des_ede.ks1,
-			sizeof(ctx->c.des_ede.ks1));
+	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
+	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
+	       sizeof(data(ctx)->ks1));
 	return 1;
 	}
 
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			     const unsigned char *iv, int enc)
 	{
-	des_cblock *deskey = (des_cblock *)key;
+	DES_cblock *deskey = (DES_cblock *)key;
+#ifdef KSSL_DEBUG
+	{
+        int i;
+        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
+	printf("\tKEY= ");
+        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
+	printf("\t IV= ");
+        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
+	}
+#endif	/* KSSL_DEBUG */
 
-	des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-	des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-	des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
+	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
 
 	return 1;
 	}
 
-EVP_CIPHER *EVP_des_ede(void)
+const EVP_CIPHER *EVP_des_ede(void)
 {
 	return &des_ede_ecb;
 }
 
-EVP_CIPHER *EVP_des_ede3(void)
+const EVP_CIPHER *EVP_des_ede3(void)
 {
 	return &des_ede3_ecb;
 }
diff --git a/crypto/openssl/crypto/evp/e_idea.c b/crypto/openssl/crypto/evp/e_idea.c
index 8d3c88d..b9efa75 100644
--- a/crypto/openssl/crypto/evp/e_idea.c
+++ b/crypto/openssl/crypto/evp/e_idea.c
@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
+#include <openssl/idea.h>
 
 static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			 const unsigned char *iv,int enc);
@@ -75,17 +76,22 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			   const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
-		idea_ecb_encrypt(in + i, out + i, &ctx->c.idea_ks);
+		idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
 	return 1;
 }
 
 /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
 
-BLOCK_CIPHER_func_cbc(idea, idea, idea_ks)
-BLOCK_CIPHER_func_ofb(idea, idea, idea_ks)
-BLOCK_CIPHER_func_cfb(idea, idea, idea_ks)
+typedef struct
+	{
+	IDEA_KEY_SCHEDULE ks;
+	} EVP_IDEA_KEY;
+
+BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
 
-BLOCK_CIPHER_defs(idea, idea_ks, NID_idea, 8, 16, 8,
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
 			0, idea_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
@@ -96,14 +102,14 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
 		else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
 	}
-	if (enc) idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+	if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
 	else
 		{
 		IDEA_KEY_SCHEDULE tmp;
 
 		idea_set_encrypt_key(key,&tmp);
-		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
-		memset((unsigned char *)&tmp,0,
+		idea_set_decrypt_key(&tmp,ctx->cipher_data);
+		OPENSSL_cleanse((unsigned char *)&tmp,
 				sizeof(IDEA_KEY_SCHEDULE));
 		}
 	return 1;
diff --git a/crypto/openssl/crypto/evp/e_null.c b/crypto/openssl/crypto/evp/e_null.c
index e0702cf..2420d7e 100644
--- a/crypto/openssl/crypto/evp/e_null.c
+++ b/crypto/openssl/crypto/evp/e_null.c
@@ -65,7 +65,7 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	const unsigned char *in, unsigned int inl);
-static EVP_CIPHER n_cipher=
+static const EVP_CIPHER n_cipher=
 	{
 	NID_undef,
 	1,0,0,
@@ -79,7 +79,7 @@ static EVP_CIPHER n_cipher=
 	NULL
 	};
 
-EVP_CIPHER *EVP_enc_null(void)
+const EVP_CIPHER *EVP_enc_null(void)
 	{
 	return(&n_cipher);
 	}
@@ -87,7 +87,7 @@ EVP_CIPHER *EVP_enc_null(void)
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	     const unsigned char *iv, int enc)
 	{
-	memset(&(ctx->c),0,sizeof(ctx->c));
+	/*	memset(&(ctx->c),0,sizeof(ctx->c));*/
 	return 1;
 	}
 
diff --git a/crypto/openssl/crypto/evp/e_rc2.c b/crypto/openssl/crypto/evp/e_rc2.c
index 3955c3e..d42cbfd 100644
--- a/crypto/openssl/crypto/evp/e_rc2.c
+++ b/crypto/openssl/crypto/evp/e_rc2.c
@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
+#include <openssl/rc2.h>
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv,int enc);
@@ -72,9 +73,17 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2,
+typedef struct
+	{
+	int key_bits;	/* effective key bits */
+	RC2_KEY ks;	/* key schedule */
+	} EVP_RC2_KEY;
+
+#define data(ctx)	((EVP_RC2_KEY *)(ctx)->cipher_data)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
 			8,
-			EVP_RC2_KEY_SIZE, 8,
+			RC2_KEY_LENGTH, 8, 64,
 			EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
 			rc2_init_key, NULL,
 			rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
@@ -84,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2,
 #define RC2_64_MAGIC	0x78
 #define RC2_128_MAGIC	0x3a
 
-static EVP_CIPHER r2_64_cbc_cipher=
+static const EVP_CIPHER r2_64_cbc_cipher=
 	{
 	NID_rc2_64_cbc,
 	8,8 /* 64 bit */,8,
@@ -92,15 +101,14 @@ static EVP_CIPHER r2_64_cbc_cipher=
 	rc2_init_key,
 	rc2_cbc_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)),
+	sizeof(EVP_RC2_KEY),
 	rc2_set_asn1_type_and_iv,
 	rc2_get_asn1_type_and_iv,
 	rc2_ctrl,
 	NULL
 	};
 
-static EVP_CIPHER r2_40_cbc_cipher=
+static const EVP_CIPHER r2_40_cbc_cipher=
 	{
 	NID_rc2_40_cbc,
 	8,5 /* 40 bit */,8,
@@ -108,20 +116,19 @@ static EVP_CIPHER r2_40_cbc_cipher=
 	rc2_init_key,
 	rc2_cbc_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)),
+	sizeof(EVP_RC2_KEY),
 	rc2_set_asn1_type_and_iv,
 	rc2_get_asn1_type_and_iv,
 	rc2_ctrl,
 	NULL
 	};
 
-EVP_CIPHER *EVP_rc2_64_cbc(void)
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
 	{
 	return(&r2_64_cbc_cipher);
 	}
 
-EVP_CIPHER *EVP_rc2_40_cbc(void)
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
 	{
 	return(&r2_40_cbc_cipher);
 	}
@@ -129,8 +136,8 @@ EVP_CIPHER *EVP_rc2_40_cbc(void)
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc)
 	{
-	RC2_set_key(&(ctx->c.rc2.ks),EVP_CIPHER_CTX_key_length(ctx),
-			key,ctx->c.rc2.key_bits);
+	RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		    key,data(ctx)->key_bits);
 	return 1;
 	}
 
@@ -167,13 +174,14 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	if (type != NULL)
 		{
 		l=EVP_CIPHER_CTX_iv_length(c);
+		OPENSSL_assert(l <= sizeof iv);
 		i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
 		if (i != l)
 			return(-1);
 		key_bits =rc2_magic_to_meth((int)num);
 		if (!key_bits)
 			return(-1);
-		if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1);
+		if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
 		EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
 		EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
 		}
@@ -196,26 +204,26 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 
 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 	{
-		switch(type) {
-
-			case EVP_CTRL_INIT:
-			c->c.rc2.key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
-			return 1;
+	switch(type)
+		{
+	case EVP_CTRL_INIT:
+		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+		return 1;
 
-			case EVP_CTRL_GET_RC2_KEY_BITS:
-			*(int *)ptr = c->c.rc2.key_bits;
-			return 1;
+	case EVP_CTRL_GET_RC2_KEY_BITS:
+		*(int *)ptr = data(c)->key_bits;
+		return 1;
 			
-			
-			case EVP_CTRL_SET_RC2_KEY_BITS:
-			if(arg > 0) {
-				c->c.rc2.key_bits = arg;
-				return 1;
+	case EVP_CTRL_SET_RC2_KEY_BITS:
+		if(arg > 0)
+			{
+			data(c)->key_bits = arg;
+			return 1;
 			}
-			return 0;
+		return 0;
 
-			default:
-			return -1;
+	default:
+		return -1;
 		}
 	}
 
diff --git a/crypto/openssl/crypto/evp/e_rc4.c b/crypto/openssl/crypto/evp/e_rc4.c
index 1c1e3b3..d58f507 100644
--- a/crypto/openssl/crypto/evp/e_rc4.c
+++ b/crypto/openssl/crypto/evp/e_rc4.c
@@ -56,18 +56,29 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include <openssl/rc4.h>
+
+/* FIXME: surely this is available elsewhere? */
+#define EVP_RC4_KEY_SIZE		16
+
+typedef struct
+    {
+    RC4_KEY ks;	/* working key */
+    } EVP_RC4_KEY;
+
+#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
 
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv,int enc);
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		      const unsigned char *in, unsigned int inl);
-static EVP_CIPHER r4_cipher=
+static const EVP_CIPHER r4_cipher=
 	{
 	NID_rc4,
 	1,EVP_RC4_KEY_SIZE,0,
@@ -75,14 +86,13 @@ static EVP_CIPHER r4_cipher=
 	rc4_init_key,
 	rc4_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+	sizeof(EVP_RC4_KEY),
 	NULL,
 	NULL,
 	NULL
 	};
 
-static EVP_CIPHER r4_40_cipher=
+static const EVP_CIPHER r4_40_cipher=
 	{
 	NID_rc4_40,
 	1,5 /* 40 bit */,0,
@@ -90,19 +100,18 @@ static EVP_CIPHER r4_40_cipher=
 	rc4_init_key,
 	rc4_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+	sizeof(EVP_RC4_KEY),
 	NULL, 
 	NULL,
 	NULL
 	};
 
-EVP_CIPHER *EVP_rc4(void)
+const EVP_CIPHER *EVP_rc4(void)
 	{
 	return(&r4_cipher);
 	}
 
-EVP_CIPHER *EVP_rc4_40(void)
+const EVP_CIPHER *EVP_rc4_40(void)
 	{
 	return(&r4_40_cipher);
 	}
@@ -110,16 +119,15 @@ EVP_CIPHER *EVP_rc4_40(void)
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc)
 	{
-	memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
-	RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
-		ctx->c.rc4.key);
+	RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		    key);
 	return 1;
 	}
 
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		      const unsigned char *in, unsigned int inl)
 	{
-	RC4(&(ctx->c.rc4.ks),inl,in,out);
+	RC4(&data(ctx)->ks,inl,in,out);
 	return 1;
 	}
 #endif
diff --git a/crypto/openssl/crypto/evp/e_rc5.c b/crypto/openssl/crypto/evp/e_rc5.c
index 5885f18..3c7713b 100644
--- a/crypto/openssl/crypto/evp/e_rc5.c
+++ b/crypto/openssl/crypto/evp/e_rc5.c
@@ -56,62 +56,69 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
+#include <openssl/rc5.h>
 
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			       const unsigned char *iv,int enc);
 static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, rc5.ks, RC5_32, rc5, NID_rc5,
-			8, EVP_RC5_32_12_16_KEY_SIZE, 8, 
-			EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-			r_32_12_16_init_key, NULL,
-			NULL, NULL, rc5_ctrl)
+typedef struct
+	{
+	int rounds;	/* number of rounds */
+	RC5_32_KEY ks;	/* key schedule */
+	} EVP_RC5_KEY;
 
+#define data(ctx)	EVP_C_DATA(EVP_RC5_KEY,ctx)
 
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+		       8, RC5_32_KEY_LENGTH, 8, 64,
+		       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+		       r_32_12_16_init_key, NULL,
+		       NULL, NULL, rc5_ctrl)
 
 static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 	{
-		switch(type) {
-
-			case EVP_CTRL_INIT:
-			c->c.rc5.rounds = RC5_12_ROUNDS;
-			return 1;
+	switch(type)
+		{
+	case EVP_CTRL_INIT:
+		data(c)->rounds = RC5_12_ROUNDS;
+		return 1;
 
-			case EVP_CTRL_GET_RC5_ROUNDS:
-			*(int *)ptr = c->c.rc5.rounds;
-			return 1;
-			
+	case EVP_CTRL_GET_RC5_ROUNDS:
+		*(int *)ptr = data(c)->rounds;
+		return 1;
 			
-			case EVP_CTRL_SET_RC5_ROUNDS:
-			switch(arg) {
-				case RC5_8_ROUNDS:
-				case RC5_12_ROUNDS:
-				case RC5_16_ROUNDS:
-				c->c.rc5.rounds = arg;
-				return 1;
+	case EVP_CTRL_SET_RC5_ROUNDS:
+		switch(arg)
+			{
+		case RC5_8_ROUNDS:
+		case RC5_12_ROUNDS:
+		case RC5_16_ROUNDS:
+			data(c)->rounds = arg;
+			return 1;
 
-				default:
-				EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
-				return 0;
+		default:
+			EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+			return 0;
 			}
 
-			default:
-			return -1;
+	default:
+		return -1;
 		}
 	}
 
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			       const unsigned char *iv, int enc)
 	{
-	RC5_32_set_key(&(ctx->c.rc5.ks),EVP_CIPHER_CTX_key_length(ctx),
-			key,ctx->c.rc5.rounds);
+	RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		       key,data(ctx)->rounds);
 	return 1;
 	}
 
diff --git a/crypto/openssl/crypto/evp/e_xcbc_d.c b/crypto/openssl/crypto/evp/e_xcbc_d.c
index e5b15ac..a6f849e 100644
--- a/crypto/openssl/crypto/evp/e_xcbc_d.c
+++ b/crypto/openssl/crypto/evp/e_xcbc_d.c
@@ -56,17 +56,29 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include <openssl/des.h>
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			     const unsigned char *iv,int enc);
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			   const unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_xcbc_cipher=
+
+
+typedef struct
+    {
+    DES_key_schedule ks;/* key schedule */
+    DES_cblock inw;
+    DES_cblock outw;
+    } DESX_CBC_KEY;
+
+#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
+
+static const EVP_CIPHER d_xcbc_cipher=
 	{
 	NID_desx_cbc,
 	8,24,8,
@@ -74,14 +86,13 @@ static EVP_CIPHER d_xcbc_cipher=
 	desx_cbc_init_key,
 	desx_cbc_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)),
+	sizeof(DESX_CBC_KEY),
 	EVP_CIPHER_set_asn1_iv,
 	EVP_CIPHER_get_asn1_iv,
 	NULL
 	};
 
-EVP_CIPHER *EVP_desx_cbc(void)
+const EVP_CIPHER *EVP_desx_cbc(void)
 	{
 	return(&d_xcbc_cipher);
 	}
@@ -89,11 +100,11 @@ EVP_CIPHER *EVP_desx_cbc(void)
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			     const unsigned char *iv, int enc)
 	{
-	des_cblock *deskey = (des_cblock *)key;
+	DES_cblock *deskey = (DES_cblock *)key;
 
-	des_set_key_unchecked(deskey,ctx->c.desx_cbc.ks);
-	memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
-	memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
+	DES_set_key_unchecked(deskey,&data(ctx)->ks);
+	memcpy(&data(ctx)->inw[0],&key[8],8);
+	memcpy(&data(ctx)->outw[0],&key[16],8);
 
 	return 1;
 	}
@@ -101,11 +112,11 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			   const unsigned char *in, unsigned int inl)
 	{
-	des_xcbc_encrypt(in,out,inl,ctx->c.desx_cbc.ks,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->c.desx_cbc.inw,
-		&ctx->c.desx_cbc.outw,
-		ctx->encrypt);
+	DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
+			 (DES_cblock *)&(ctx->iv[0]),
+			 &data(ctx)->inw,
+			 &data(ctx)->outw,
+			 ctx->encrypt);
 	return 1;
 	}
 #endif
diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c
index 12c6379..0820935 100644
--- a/crypto/openssl/crypto/evp/encode.c
+++ b/crypto/openssl/crypto/evp/encode.c
@@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 
 	*outl=0;
 	if (inl == 0) return;
+	OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
 	if ((ctx->num+inl) < ctx->length)
 		{
 		memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 		/* only save the good data :-) */
 		if (!B64_NOT_BASE64(v))
 			{
+			OPENSSL_assert(n < sizeof ctx->enc_data);
 			d[n++]=tmp;
 			ln++;
 			}
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index dd1b8fa..45a25f9 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -67,71 +67,81 @@
 # undef OPENSSL_ALGORITHM_DEFINES
 #endif
 
-#ifndef NO_BIO
+#include <openssl/ossl_typ.h>
+
+#include <openssl/symhacks.h>
+
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 #include <openssl/md2.h>
 #endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 #include <openssl/md4.h>
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>
 #endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 #include <openssl/ripemd.h>
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 #include <openssl/rc4.h>
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 #include <openssl/rc2.h>
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 #include <openssl/rc5.h>
 #endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
 #include <openssl/blowfish.h>
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 #include <openssl/cast.h>
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 #include <openssl/mdc2.h>
 #endif
+#ifndef OPENSSL_NO_AES
+#include <openssl/aes.h>
+#endif
 
+/*
 #define EVP_RC2_KEY_SIZE		16
 #define EVP_RC4_KEY_SIZE		16
 #define EVP_BLOWFISH_KEY_SIZE		16
 #define EVP_CAST5_KEY_SIZE		16
 #define EVP_RC5_32_12_16_KEY_SIZE	16
+*/
 #define EVP_MAX_MD_SIZE			(16+20) /* The SSLv3 md5+sha1 type */
-#define EVP_MAX_KEY_LENGTH		24
-#define EVP_MAX_IV_LENGTH		8
+#define EVP_MAX_KEY_LENGTH		32
+#define EVP_MAX_IV_LENGTH		16
+#define EVP_MAX_BLOCK_LENGTH		32
 
 #define PKCS5_SALT_LEN			8
 /* Default PKCS#5 iteration count */
 #define PKCS5_DEFAULT_ITER		2048
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
 
@@ -164,26 +174,26 @@ extern "C" {
 /* Type needs to be a bit field
  * Sub-type needs to be for variations on the method, as in, can it do
  * arbitrary encryption.... */
-typedef struct evp_pkey_st
+struct evp_pkey_st
 	{
 	int type;
 	int save_type;
 	int references;
 	union	{
 		char *ptr;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		struct rsa_st *rsa;	/* RSA */
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		struct dsa_st *dsa;	/* DSA */
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		struct dh_st *dh;	/* DH */
 #endif
 		} pkey;
 	int save_parameters;
 	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	} EVP_PKEY;
+	} /* EVP_PKEY */;
 
 #define EVP_PKEY_MO_SIGN	0x0001
 #define EVP_PKEY_MO_VERIFY	0x0002
@@ -244,7 +254,6 @@ typedef struct evp_pkey_method_st
 	int (*sign)();
 	int (*verify)();
 	struct	{
-		int
 		int (*set)();	/* get and/or set the underlying type */
 		int (*get)();
 		int (*encrypt)();
@@ -259,27 +268,32 @@ typedef struct evp_pkey_method_st
 #endif
 
 #ifndef EVP_MD
-typedef struct env_md_st
+struct env_md_st
 	{
 	int type;
 	int pkey_type;
 	int md_size;
-	void (*init)();
-	void (*update)();
-	void (*final)();
-
+	unsigned long flags;
+	int (*init)(EVP_MD_CTX *ctx);
+	int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count);
+	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
+	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
+	int (*cleanup)(EVP_MD_CTX *ctx);
+
+	/* FIXME: prototype these some day */
 	int (*sign)();
 	int (*verify)();
 	int required_pkey_type[5]; /*EVP_PKEY_xxx */
 	int block_size;
-	int ctx_size; /* how big does the ctx need to be */
-	} EVP_MD;
-
+	int ctx_size; /* how big does the ctx->md_data need to be */
+	} /* EVP_MD */;
 
+#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single
+					* block */
 
 #define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #define EVP_PKEY_DSA_method	DSA_sign,DSA_verify, \
 				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
 					EVP_PKEY_DSA4,0}
@@ -287,7 +301,7 @@ typedef struct env_md_st
 #define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #define EVP_PKEY_RSA_method	RSA_sign,RSA_verify, \
 				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
 #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
@@ -301,34 +315,20 @@ typedef struct env_md_st
 
 #endif /* !EVP_MD */
 
-typedef struct env_md_ctx_st
+struct env_md_ctx_st
 	{
 	const EVP_MD *digest;
-	union	{
-		unsigned char base[4];
-#ifndef NO_MD2
-		MD2_CTX md2;
-#endif
-#ifndef NO_MD5
-		MD5_CTX md5;
-#endif
-#ifndef NO_MD4
-		MD4_CTX md4;
-#endif
-#ifndef NO_RIPEMD
-		RIPEMD160_CTX ripemd160;
-#endif
-#ifndef NO_SHA
-		SHA_CTX sha;
-#endif
-#ifndef NO_MDC2
-		MDC2_CTX mdc2;
-#endif
-		} md;
-	} EVP_MD_CTX;
+	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
+	unsigned long flags;
+	void *md_data;
+	} /* EVP_MD_CTX */;
+
+/* values for EVP_MD_CTX flags */
 
-typedef struct evp_cipher_st EVP_CIPHER;
-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called
+						* once only */
+#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been
+						* cleaned */
 
 struct evp_cipher_st
 	{
@@ -342,12 +342,12 @@ struct evp_cipher_st
 	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
 	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
-	int ctx_size;		/* how big the ctx needs to be */
+	int ctx_size;		/* how big ctx->cipher_data needs to be */
 	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
 	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
 	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
 	void *app_data;		/* Application data */
-	};
+	} /* EVP_CIPHER */;
 
 /* Values for cipher flags */
 
@@ -369,6 +369,8 @@ struct evp_cipher_st
 #define 	EVP_CIPH_CTRL_INIT		0x40
 /* Don't use standard key length function */
 #define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80
+/* Don't use standard block padding */
+#define 	EVP_CIPH_NO_PADDING		0x100
 
 /* ctrl() values */
 
@@ -388,62 +390,23 @@ typedef struct evp_cipher_info_st
 struct evp_cipher_ctx_st
 	{
 	const EVP_CIPHER *cipher;
+	ENGINE *engine;	/* functional reference if 'cipher' is ENGINE-provided */
 	int encrypt;		/* encrypt or decrypt */
 	int buf_len;		/* number we have left */
 
 	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */
 	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */
-	unsigned char buf[EVP_MAX_IV_LENGTH];	/* saved partial block */
+	unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
 	int num;				/* used by cfb/ofb mode */
 
 	void *app_data;		/* application stuff */
 	int key_len;		/* May change for variable length cipher */
-	union	{
-#ifndef NO_RC4
-		struct
-			{
-			unsigned char key[EVP_RC4_KEY_SIZE];
-			RC4_KEY ks;	/* working key */
-			} rc4;
-#endif
-#ifndef NO_DES
-		des_key_schedule des_ks;/* key schedule */
-		struct
-			{
-			des_key_schedule ks;/* key schedule */
-			des_cblock inw;
-			des_cblock outw;
-			} desx_cbc;
-		struct
-			{
-			des_key_schedule ks1;/* key schedule */
-			des_key_schedule ks2;/* key schedule (for ede) */
-			des_key_schedule ks3;/* key schedule (for ede3) */
-			} des_ede;
-#endif
-#ifndef NO_IDEA
-		IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
-#endif
-#ifndef NO_RC2
-		struct {
-			int key_bits;	/* effective key bits */
-			RC2_KEY ks;/* key schedule */
-		} rc2;
-#endif
-#ifndef NO_RC5
-		struct {
-			int rounds;	/* number of rounds */
-			RC5_32_KEY ks;/* key schedule */
-		} rc5;
-#endif
-#ifndef NO_BF
-		BF_KEY bf_ks;/* key schedule */
-#endif
-#ifndef NO_CAST
-		CAST_KEY cast_ks;/* key schedule */
-#endif
-		} c;
-	};
+	unsigned long flags;	/* Various flags */
+	void *cipher_data; /* per EVP data */
+	int final_used;
+	int block_mask;
+	unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
+	} /* EVP_CIPHER_CTX */;
 
 typedef struct evp_Encode_Ctx_st
 	{
@@ -460,20 +423,20 @@ typedef struct evp_Encode_Ctx_st
 
 /* Password based encryption function */
 typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, EVP_CIPHER *cipher,
-                EVP_MD *md, int en_de);
+		ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                const EVP_MD *md, int en_de);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
 					(char *)(rsa))
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
 					(char *)(dsa))
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
 					(char *)(dh))
 #endif
@@ -485,6 +448,8 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
 #define EVP_MD_type(e)			((e)->type)
+#define EVP_MD_nid(e)			EVP_MD_type(e)
+#define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))
 #define EVP_MD_pkey_type(e)		((e)->pkey_type)
 #define EVP_MD_size(e)			((e)->md_size)
 #define EVP_MD_block_size(e)		((e)->block_size)
@@ -495,6 +460,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_MD_CTX_type(e)		EVP_MD_type((e)->digest)
 
 #define EVP_CIPHER_nid(e)		((e)->nid)
+#define EVP_CIPHER_name(e)		OBJ_nid2sn(EVP_CIPHER_nid(e))
 #define EVP_CIPHER_block_size(e)	((e)->block_size)
 #define EVP_CIPHER_key_length(e)	((e)->key_len)
 #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
@@ -515,8 +481,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
 
+#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)
 #define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
 #define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)
 #define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
 #define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
@@ -543,38 +511,61 @@ void BIO_set_md(BIO *,const EVP_MD *md);
 #define EVP_delete_digest_alias(alias) \
 	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
 
-
-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
-void	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-void	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+EVP_MD_CTX *EVP_MD_CTX_create(void);
+void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
 			 unsigned int cnt);
-void	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int	EVP_Digest(void *data, unsigned int count,
+		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
+
+int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 
 int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
 void	EVP_set_pw_prompt(char *prompt);
 char *	EVP_get_pw_prompt(void);
 
-int     EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
-		const unsigned char *salt, const unsigned char *data, int datal,
-       		int count, unsigned char *key, unsigned char *iv);
+int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+		const unsigned char *salt, const unsigned char *data,
+		int datal, int count, unsigned char *key,unsigned char *iv);
 
-int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
-		unsigned char *key, unsigned char *iv);
+int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+		const unsigned char *key, const unsigned char *iv);
+int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv);
 int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, unsigned char *in, int inl);
+		int *outl, const unsigned char *in, int inl);
+int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
-		unsigned char *key, unsigned char *iv);
+int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+		const unsigned char *key, const unsigned char *iv);
+int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv);
 int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, unsigned char *in, int inl);
+		int *outl, const unsigned char *in, int inl);
 int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
-		       unsigned char *key,unsigned char *iv,int enc);
+int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+		       const unsigned char *key,const unsigned char *iv,
+		       int enc);
+int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		       const unsigned char *key,const unsigned char *iv,
+		       int enc);
 int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, unsigned char *in, int inl);
+		int *outl, const unsigned char *in, int inl);
 int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
 int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 		EVP_PKEY *pkey);
@@ -582,13 +573,13 @@ int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 int	EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
 		unsigned int siglen,EVP_PKEY *pkey);
 
-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek,
 		int ekl,unsigned char *iv,EVP_PKEY *priv);
 int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+int	EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
 		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
-void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+int	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
 
 void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
 void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
@@ -606,9 +597,10 @@ int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_md(void);
 BIO_METHOD *BIO_f_base64(void);
 BIO_METHOD *BIO_f_cipher(void);
@@ -617,89 +609,134 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 	unsigned char *i, int enc);
 #endif
 
-EVP_MD *EVP_md_null(void);
-#ifndef NO_MD2
-EVP_MD *EVP_md2(void);
-#endif
-#ifndef NO_MD4
-EVP_MD *EVP_md4(void);
-#endif
-#ifndef NO_MD5
-EVP_MD *EVP_md5(void);
-#endif
-#ifndef NO_SHA
-EVP_MD *EVP_sha(void);
-EVP_MD *EVP_sha1(void);
-EVP_MD *EVP_dss(void);
-EVP_MD *EVP_dss1(void);
-#endif
-#ifndef NO_MDC2
-EVP_MD *EVP_mdc2(void);
-#endif
-#ifndef NO_RIPEMD
-EVP_MD *EVP_ripemd160(void);
-#endif
-EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
-#ifndef NO_DES
-EVP_CIPHER *EVP_des_ecb(void);
-EVP_CIPHER *EVP_des_ede(void);
-EVP_CIPHER *EVP_des_ede3(void);
-EVP_CIPHER *EVP_des_cfb(void);
-EVP_CIPHER *EVP_des_ede_cfb(void);
-EVP_CIPHER *EVP_des_ede3_cfb(void);
-EVP_CIPHER *EVP_des_ofb(void);
-EVP_CIPHER *EVP_des_ede_ofb(void);
-EVP_CIPHER *EVP_des_ede3_ofb(void);
-EVP_CIPHER *EVP_des_cbc(void);
-EVP_CIPHER *EVP_des_ede_cbc(void);
-EVP_CIPHER *EVP_des_ede3_cbc(void);
-EVP_CIPHER *EVP_desx_cbc(void);
-#endif
-#ifndef NO_RC4
-EVP_CIPHER *EVP_rc4(void);
-EVP_CIPHER *EVP_rc4_40(void);
-#endif
-#ifndef NO_IDEA
-EVP_CIPHER *EVP_idea_ecb(void);
-EVP_CIPHER *EVP_idea_cfb(void);
-EVP_CIPHER *EVP_idea_ofb(void);
-EVP_CIPHER *EVP_idea_cbc(void);
-#endif
-#ifndef NO_RC2
-EVP_CIPHER *EVP_rc2_ecb(void);
-EVP_CIPHER *EVP_rc2_cbc(void);
-EVP_CIPHER *EVP_rc2_40_cbc(void);
-EVP_CIPHER *EVP_rc2_64_cbc(void);
-EVP_CIPHER *EVP_rc2_cfb(void);
-EVP_CIPHER *EVP_rc2_ofb(void);
-#endif
-#ifndef NO_BF
-EVP_CIPHER *EVP_bf_ecb(void);
-EVP_CIPHER *EVP_bf_cbc(void);
-EVP_CIPHER *EVP_bf_cfb(void);
-EVP_CIPHER *EVP_bf_ofb(void);
-#endif
-#ifndef NO_CAST
-EVP_CIPHER *EVP_cast5_ecb(void);
-EVP_CIPHER *EVP_cast5_cbc(void);
-EVP_CIPHER *EVP_cast5_cfb(void);
-EVP_CIPHER *EVP_cast5_ofb(void);
-#endif
-#ifndef NO_RC5
-EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-#endif
-void OpenSSL_add_all_algorithms(void);
+const EVP_MD *EVP_md_null(void);
+#ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+#endif
+#ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+#endif
+#ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+#endif
+#ifndef OPENSSL_NO_SHA
+const EVP_MD *EVP_sha(void);
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_dss(void);
+const EVP_MD *EVP_dss1(void);
+#endif
+#ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+const EVP_MD *EVP_ripemd160(void);
+#endif
+const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
+#ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+/* This should now be supported through the dev_crypto ENGINE. But also, why are
+ * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
+#if 0
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_dev_crypto_rc4(void);
+const EVP_MD *EVP_dev_crypto_md5(void);
+# endif
+#endif
+#endif
+#ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+#endif
+#ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+#endif
+#ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_ofb(void);
+#endif
+#ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_ofb(void);
+#endif
+#ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_ofb(void);
+#endif
+#ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+#endif
+#ifndef OPENSSL_NO_AES
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+#endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+#endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+#endif
+#endif
+
+void OPENSSL_add_all_algorithms_noconf(void);
+void OPENSSL_add_all_algorithms_conf(void);
+
+#ifdef OPENSSL_LOAD_CONF
+#define OpenSSL_add_all_algorithms() \
+		OPENSSL_add_all_algorithms_conf()
+#else
+#define OpenSSL_add_all_algorithms() \
+		OPENSSL_add_all_algorithms_noconf()
+#endif
+
 void OpenSSL_add_all_ciphers(void);
 void OpenSSL_add_all_digests(void);
 #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
 #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
 #define SSLeay_add_all_digests() OpenSSL_add_all_digests()
 
-int EVP_add_cipher(EVP_CIPHER *cipher);
-int EVP_add_digest(EVP_MD *digest);
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 const EVP_MD *EVP_get_digestbyname(const char *name);
@@ -713,18 +750,24 @@ int		EVP_PKEY_type(int type);
 int		EVP_PKEY_bits(EVP_PKEY *pkey);
 int		EVP_PKEY_size(EVP_PKEY *pkey);
 int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
-#ifndef NO_RSA
-int 		EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
-RSA *		EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+
+#ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
 #endif
-#ifndef NO_DSA
-int 		EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
-DSA *		EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+#ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
 #endif
-#ifndef NO_DH
-int 		EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
-DH *		EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+#ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
 #endif
+
+
 EVP_PKEY *	EVP_PKEY_new(void);
 void		EVP_PKEY_free(EVP_PKEY *pkey);
 EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
@@ -754,20 +797,20 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
 
 /* PKCS5 password based encryption */
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
 			 int en_de);
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 			   unsigned char *salt, int saltlen, int iter,
 			   int keylen, unsigned char *out);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
 			 int en_de);
 
 void PKCS5_PBE_add(void);
 
 int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 		    EVP_PBE_KEYGEN *keygen);
 void EVP_PBE_cleanup(void);
 
@@ -785,6 +828,8 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_CIPHER_CTX_CTRL			 124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
 #define EVP_F_EVP_DECRYPTFINAL				 101
+#define EVP_F_EVP_DIGESTINIT				 128
+#define EVP_F_EVP_ENCRYPTFINAL				 127
 #define EVP_F_EVP_MD_CTX_COPY				 110
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PBE_ALG_ADD				 115
@@ -799,6 +844,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_PKEY_GET1_DSA				 120
 #define EVP_F_EVP_PKEY_GET1_RSA				 121
 #define EVP_F_EVP_PKEY_NEW				 106
+#define EVP_F_EVP_RIJNDAEL				 126
 #define EVP_F_EVP_SIGNFINAL				 107
 #define EVP_F_EVP_VERIFYFINAL				 108
 #define EVP_F_PKCS5_PBE_KEYIVGEN			 117
@@ -807,12 +853,15 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_RC5_CTRL					 125
 
 /* Reason codes. */
+#define EVP_R_BAD_BLOCK_LENGTH				 136
 #define EVP_R_BAD_DECRYPT				 100
+#define EVP_R_BAD_KEY_LENGTH				 137
 #define EVP_R_BN_DECODE_ERROR				 112
 #define EVP_R_BN_PUBKEY_ERROR				 113
 #define EVP_R_CIPHER_PARAMETER_ERROR			 122
 #define EVP_R_CTRL_NOT_IMPLEMENTED			 132
 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED		 133
+#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138
 #define EVP_R_DECODE_ERROR				 114
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
 #define EVP_R_ENCODE_ERROR				 115
@@ -827,6 +876,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_KEYGEN_FAILURE				 120
 #define EVP_R_MISSING_PARAMETERS			 103
 #define EVP_R_NO_CIPHER_SET				 131
+#define EVP_R_NO_DIGEST_SET				 139
 #define EVP_R_NO_DSA_PARAMETERS				 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
diff --git a/crypto/openssl/crypto/evp/evp_acnf.c b/crypto/openssl/crypto/evp/evp_acnf.c
new file mode 100644
index 0000000..a68b979
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_acnf.c
@@ -0,0 +1,74 @@
+/* evp_acnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+
+/* Load all algorithms and configure OpenSSL.
+ * This function is called automatically when
+ * OPENSSL_LOAD_CONF is set.
+ */
+
+void OPENSSL_add_all_algorithms_conf(void)
+	{
+	OPENSSL_add_all_algorithms_noconf();
+	OPENSSL_config(NULL);
+	}
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index e2687f9..66c48d1 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 #include "evp_locl.h"
 
 const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
@@ -70,23 +71,100 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	/* ctx->cipher=NULL; */
 	}
 
+
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     unsigned char *key, unsigned char *iv, int enc)
+	     const unsigned char *key, const unsigned char *iv, int enc)
+	{
+	if (cipher)
+		EVP_CIPHER_CTX_init(ctx);
+	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
+	}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
-	if(enc && (enc != -1)) enc = 1;
-	if (cipher) {
+	if (enc == -1)
+		enc = ctx->encrypt;
+	else
+		{
+		if (enc)
+			enc = 1;
+		ctx->encrypt = enc;
+		}
+	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+	 * so this context may already have an ENGINE! Try to avoid releasing
+	 * the previous handle, re-querying for an ENGINE, and having a
+	 * reinitialisation, when it may all be unecessary. */
+	if (ctx->engine && ctx->cipher && (!cipher ||
+			(cipher && (cipher->nid == ctx->cipher->nid))))
+		goto skip_to_init;
+	if (cipher)
+		{
+		/* Ensure a context left lying around from last time is cleared
+		 * (the previous check attempted to avoid this if the same
+		 * ENGINE and EVP_CIPHER could be used). */
+		EVP_CIPHER_CTX_cleanup(ctx);
+
+		/* Restore encrypt field: it is zeroed by cleanup */
+		ctx->encrypt = enc;
+		if(impl)
+			{
+			if (!ENGINE_init(impl))
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		else
+			/* Ask if an ENGINE is reserved for this job */
+			impl = ENGINE_get_cipher_engine(cipher->nid);
+		if(impl)
+			{
+			/* There's an ENGINE for this job ... (apparently) */
+			const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+			if(!c)
+				{
+				/* One positive side-effect of US's export
+				 * control history, is that we should at least
+				 * be able to avoid using US mispellings of
+				 * "initialisation"? */
+				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			/* We'll use the ENGINE's private cipher definition */
+			cipher = c;
+			/* Store the ENGINE functional reference so we know
+			 * 'cipher' came from an ENGINE and we need to release
+			 * it when done. */
+			ctx->engine = impl;
+			}
+		else
+			ctx->engine = NULL;
+
 		ctx->cipher=cipher;
+		ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
 		ctx->key_len = cipher->key_len;
-		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
-			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+		ctx->flags = 0;
+		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+			{
+			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+				{
 				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
 				return 0;
+				}
 			}
 		}
-	} else if(!ctx->cipher) {
+	else if(!ctx->cipher)
+		{
 		EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
 		return 0;
-	}
+		}
+skip_to_init:
+	/* we assume block size is a power of 2 in *cryptUpdate */
+	OPENSSL_assert(ctx->cipher->block_size == 1
+	    || ctx->cipher->block_size == 8
+	    || ctx->cipher->block_size == 16);
+
 	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
 		switch(EVP_CIPHER_CTX_mode(ctx)) {
 
@@ -101,6 +179,7 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 
 			case EVP_CIPH_CBC_MODE:
 
+			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
 			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
 			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
 			break;
@@ -114,68 +193,103 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
 	}
-	if(enc != -1) ctx->encrypt=enc;
 	ctx->buf_len=0;
+	ctx->final_used=0;
+	ctx->block_mask=ctx->cipher->block_size-1;
 	return 1;
 	}
 
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
+	     const unsigned char *in, int inl)
 	{
 	if (ctx->encrypt)
 		return EVP_EncryptUpdate(ctx,out,outl,in,inl);
 	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
 	}
 
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	if (ctx->encrypt)
+		return EVP_EncryptFinal_ex(ctx,out,outl);
+	else	return EVP_DecryptFinal_ex(ctx,out,outl);
+	}
+
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	if (ctx->encrypt)
 		return EVP_EncryptFinal(ctx,out,outl);
-	else	return(EVP_DecryptFinal(ctx,out,outl));
+	else	return EVP_DecryptFinal(ctx,out,outl);
 	}
 
 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     unsigned char *key, unsigned char *iv)
+	     const unsigned char *key, const unsigned char *iv)
 	{
 	return EVP_CipherInit(ctx, cipher, key, iv, 1);
 	}
 
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv)
+	{
+	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+	}
+
 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     unsigned char *key, unsigned char *iv)
+	     const unsigned char *key, const unsigned char *iv)
 	{
-	return EVP_CipherInit(ctx, cipher, key, iv, 0);
+	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
 	}
 
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+	     const unsigned char *key, const unsigned char *iv)
+	{
+	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+	}
 
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
+	     const unsigned char *in, int inl)
 	{
 	int i,j,bl;
 
+	OPENSSL_assert(inl > 0);
+	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
+		{
+		if(ctx->cipher->do_cipher(ctx,out,in,inl))
+			{
+			*outl=inl;
+			return 1;
+			}
+		else
+			{
+			*outl=0;
+			return 0;
+			}
+		}
 	i=ctx->buf_len;
 	bl=ctx->cipher->block_size;
-	*outl=0;
-	if ((inl == 0) && (i != bl)) return 1;
+	OPENSSL_assert(bl <= sizeof ctx->buf);
 	if (i != 0)
 		{
 		if (i+inl < bl)
 			{
 			memcpy(&(ctx->buf[i]),in,inl);
 			ctx->buf_len+=inl;
+			*outl=0;
 			return 1;
 			}
 		else
 			{
 			j=bl-i;
-			if (j != 0) memcpy(&(ctx->buf[i]),in,j);
+			memcpy(&(ctx->buf[i]),in,j);
 			if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
 			inl-=j;
 			in+=j;
 			out+=bl;
-			*outl+=bl;
+			*outl=bl;
 			}
 		}
-	i=inl%bl; /* how much is left */
+	else
+		*outl = 0;
+	i=inl&(bl-1);
 	inl-=i;
 	if (inl > 0)
 		{
@@ -191,87 +305,126 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 
 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	int i,n,b,bl;
+	int ret;
+	ret = EVP_EncryptFinal_ex(ctx, out, outl);
+	return ret;
+	}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i,n,b,bl,ret;
 
 	b=ctx->cipher->block_size;
+	OPENSSL_assert(b <= sizeof ctx->buf);
 	if (b == 1)
 		{
 		*outl=0;
 		return 1;
 		}
 	bl=ctx->buf_len;
+	if (ctx->flags & EVP_CIPH_NO_PADDING)
+		{
+		if(bl)
+			{
+			EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+			return 0;
+			}
+		*outl = 0;
+		return 1;
+		}
+
 	n=b-bl;
 	for (i=bl; i<b; i++)
 		ctx->buf[i]=n;
-	if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,b)) return 0;
-	*outl=b;
-	return 1;
+	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+
+
+	if(ret)
+		*outl=b;
+
+	return ret;
 	}
 
 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
+	     const unsigned char *in, int inl)
 	{
-	int b,bl,n;
-	int keep_last=0;
+	int b, fix_len;
 
-	*outl=0;
-	if (inl == 0) return 1;
+	if (inl == 0)
+		{
+		*outl=0;
+		return 1;
+		}
+
+	if (ctx->flags & EVP_CIPH_NO_PADDING)
+		return EVP_EncryptUpdate(ctx, out, outl, in, inl);
 
 	b=ctx->cipher->block_size;
-	if (b > 1)
+	OPENSSL_assert(b <= sizeof ctx->final);
+
+	if(ctx->final_used)
 		{
-		/* Is the input a multiple of the block size? */
-		bl=ctx->buf_len;
-		n=inl+bl;
-		if (n%b == 0)
-			{
-			if (inl < b) /* must be 'just one' buff */
-				{
-				memcpy(&(ctx->buf[bl]),in,inl);
-				ctx->buf_len=b;
-				*outl=0;
-				return 1;
-				}
-			keep_last=1;
-			inl-=b; /* don't do the last block */
-			}
+		memcpy(out,ctx->final,b);
+		out+=b;
+		fix_len = 1;
 		}
-	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) return 0;
+	else
+		fix_len = 0;
+
+
+	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
+		return 0;
 
 	/* if we have 'decrypted' a multiple of block size, make sure
 	 * we have a copy of this last block */
-	if (keep_last)
+	if (b > 1 && !ctx->buf_len)
 		{
-		memcpy(&(ctx->buf[0]),&(in[inl]),b);
-#ifdef DEBUG
-		if (ctx->buf_len != 0)
-			{
-			abort();
-			}
-#endif
-		ctx->buf_len=b;
+		*outl-=b;
+		ctx->final_used=1;
+		memcpy(ctx->final,&out[*outl],b);
 		}
+	else
+		ctx->final_used = 0;
+
+	if (fix_len)
+		*outl += b;
+		
 	return 1;
 	}
 
 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
+	int ret;
+	ret = EVP_DecryptFinal_ex(ctx, out, outl);
+	return ret;
+	}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
 	int i,b;
 	int n;
 
 	*outl=0;
 	b=ctx->cipher->block_size;
+	if (ctx->flags & EVP_CIPH_NO_PADDING)
+		{
+		if(ctx->buf_len)
+			{
+			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+			return 0;
+			}
+		*outl = 0;
+		return 1;
+		}
 	if (b > 1)
 		{
-		if (ctx->buf_len != b)
+		if (ctx->buf_len || !ctx->final_used)
 			{
 			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
 			return(0);
 			}
-		if(!EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0)) return 0;
-		if (n != b)
-			return(0);
-		n=ctx->buf[b-1];
+		OPENSSL_assert(b <= sizeof ctx->final);
+		n=ctx->final[b-1];
 		if (n > b)
 			{
 			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
@@ -279,7 +432,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 			}
 		for (i=0; i<n; i++)
 			{
-			if (ctx->buf[--b] != n)
+			if (ctx->final[--b] != n)
 				{
 				EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
 				return(0);
@@ -287,7 +440,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 			}
 		n=ctx->cipher->block_size-n;
 		for (i=0; i<n; i++)
-			out[i]=ctx->buf[i];
+			out[i]=ctx->final[i];
 		*outl=n;
 		}
 	else
@@ -297,10 +450,20 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 	{
-	if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+	if (c->cipher != NULL)
 		{
-		if(!c->cipher->cleanup(c)) return 0;
+		if(c->cipher->cleanup && !c->cipher->cleanup(c))
+			return 0;
+		/* Cleanse cipher context data */
+		if (c->cipher_data)
+			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
 		}
+	if (c->cipher_data)
+		OPENSSL_free(c->cipher_data);
+	if (c->engine)
+		/* The EVP_CIPHER we used belongs to an ENGINE, release the
+		 * functional reference we held for this reason. */
+		ENGINE_finish(c->engine);
 	memset(c,0,sizeof(EVP_CIPHER_CTX));
 	return 1;
 	}
@@ -319,6 +482,13 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
 	return 0;
 	}
 
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+	{
+	if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
+	else ctx->flags |= EVP_CIPH_NO_PADDING;
+	return 1;
+	}
+
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
 	int ret;
diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c
index a01412a..3a23d21 100644
--- a/crypto/openssl/crypto/evp/evp_err.c
+++ b/crypto/openssl/crypto/evp/evp_err.c
@@ -63,7 +63,7 @@
 #include <openssl/evp.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
@@ -71,6 +71,8 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),	"EVP_CIPHER_CTX_ctrl"},
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0),	"EVP_CIPHER_CTX_set_key_length"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0),	"EVP_DigestInit"},
+{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0),	"EVP_EncryptFinal"},
 {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),	"EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
 {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),	"EVP_PBE_alg_add"},
@@ -85,6 +87,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0),	"EVP_PKEY_get1_DSA"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0),	"EVP_PKEY_get1_RSA"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0),	"EVP_RIJNDAEL"},
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
 {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),	"PKCS5_PBE_keyivgen"},
@@ -96,12 +99,15 @@ static ERR_STRING_DATA EVP_str_functs[]=
 
 static ERR_STRING_DATA EVP_str_reasons[]=
 	{
+{EVP_R_BAD_BLOCK_LENGTH                  ,"bad block length"},
 {EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_BAD_KEY_LENGTH                    ,"bad key length"},
 {EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
 {EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
 {EVP_R_CIPHER_PARAMETER_ERROR            ,"cipher parameter error"},
 {EVP_R_CTRL_NOT_IMPLEMENTED              ,"ctrl not implemented"},
 {EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED    ,"ctrl operation not implemented"},
+{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
 {EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
 {EVP_R_ENCODE_ERROR                      ,"encode error"},
@@ -116,6 +122,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
 {EVP_R_MISSING_PARAMETERS                ,"missing parameters"},
 {EVP_R_NO_CIPHER_SET                     ,"no cipher set"},
+{EVP_R_NO_DIGEST_SET                     ,"no digest set"},
 {EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
 {EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
 {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
@@ -144,7 +151,7 @@ void ERR_load_EVP_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/evp/evp_key.c b/crypto/openssl/crypto/evp/evp_key.c
index e7434ef..5f387a9 100644
--- a/crypto/openssl/crypto/evp/evp_key.c
+++ b/crypto/openssl/crypto/evp/evp_key.c
@@ -61,6 +61,7 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/ui.h>
 
 /* should be init to zeros. */
 static char prompt_string[80];
@@ -70,7 +71,10 @@ void EVP_set_pw_prompt(char *prompt)
 	if (prompt == NULL)
 		prompt_string[0]='\0';
 	else
+		{
 		strncpy(prompt_string,prompt,79);
+		prompt_string[79]='\0';
+		}
 	}
 
 char *EVP_get_pw_prompt(void)
@@ -86,18 +90,26 @@ char *EVP_get_pw_prompt(void)
  * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 	{
-#ifndef NO_DES
+	int ret;
+	char buff[BUFSIZ];
+	UI *ui;
+
 	if ((prompt == NULL) && (prompt_string[0] != '\0'))
 		prompt=prompt_string;
-	return(des_read_pw_string(buf,len,prompt,verify));
-#else
-	return -1;
-#endif
+	ui = UI_new();
+	UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+	if (verify)
+		UI_add_verify_string(ui,prompt,0,
+			buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+	ret = UI_process(ui);
+	UI_free(ui);
+	OPENSSL_cleanse(buff,BUFSIZ);
+	return ret;
 	}
 
-int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, 
-             const unsigned char *salt, const unsigned char *data, int datal, 
-             int count, unsigned char *key, unsigned char *iv)
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
+	     const unsigned char *salt, const unsigned char *data, int datal,
+	     int count, unsigned char *key, unsigned char *iv)
 	{
 	EVP_MD_CTX c;
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
@@ -106,24 +118,27 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
 
 	nkey=type->key_len;
 	niv=type->iv_len;
+	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
 	if (data == NULL) return(nkey);
 
+	EVP_MD_CTX_init(&c);
 	for (;;)
 		{
-		EVP_DigestInit(&c,md);
+		EVP_DigestInit_ex(&c,md, NULL);
 		if (addmd++)
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
 		EVP_DigestUpdate(&c,data,datal);
 		if (salt != NULL)
 			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-		EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 
 		for (i=1; i<(unsigned int)count; i++)
 			{
-			EVP_DigestInit(&c,md);
+			EVP_DigestInit_ex(&c,md, NULL);
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-			EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 			}
 		i=0;
 		if (nkey)
@@ -152,8 +167,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
 			}
 		if ((nkey == 0) && (niv == 0)) break;
 		}
-	memset(&c,0,sizeof(c));
-	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+	EVP_MD_CTX_cleanup(&c);
+	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
 	return(type->key_len);
 	}
 
diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/openssl/crypto/evp/evp_lib.c
index a431945..52a3b28 100644
--- a/crypto/openssl/crypto/evp/evp_lib.c
+++ b/crypto/openssl/crypto/evp/evp_lib.c
@@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	if (type != NULL) 
 		{
 		l=EVP_CIPHER_CTX_iv_length(c);
+		OPENSSL_assert(l <= sizeof c->iv);
 		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
 		if (i != l)
 			return(-1);
@@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	if (type != NULL)
 		{
 		j=EVP_CIPHER_CTX_iv_length(c);
+		OPENSSL_assert(j <= sizeof c->iv);
 		i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
 		}
 	return(i);
diff --git a/crypto/openssl/crypto/evp/evp_locl.h b/crypto/openssl/crypto/evp/evp_locl.h
index ce49d5b..4d81a3b 100644
--- a/crypto/openssl/crypto/evp/evp_locl.h
+++ b/crypto/openssl/crypto/evp/evp_locl.h
@@ -61,50 +61,107 @@
 /* Wrapper functions for each cipher mode */
 
 #define BLOCK_CIPHER_ecb_loop() \
-	unsigned int i; \
-	if(inl < 8) return 1;\
-	inl -= 8; \
-	for(i=0; i <= inl; i+=8) \
+	unsigned int i, bl; \
+	bl = ctx->cipher->block_size;\
+	if(inl < bl) return 1;\
+	inl -= bl; \
+	for(i=0; i <= inl; i+=bl) \
 
-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
 	BLOCK_CIPHER_ecb_loop() \
-		cprefix##_ecb_encrypt(in + i, out + i, &ctx->c.kname, ctx->encrypt);\
+		cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
 	return 1;\
 }
 
-#define BLOCK_CIPHER_func_ofb(cname, cprefix, kname) \
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
 static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
-	cprefix##_ofb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num);\
+	cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
 	return 1;\
 }
 
-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
 static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
-	cprefix##_cbc_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, ctx->encrypt);\
+	cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
 	return 1;\
 }
 
-#define BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
 static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
-	cprefix##_cfb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num, ctx->encrypt);\
+	cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
 	return 1;\
 }
 
-#define BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \
-	BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \
-	BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \
-	BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
-	BLOCK_CIPHER_func_ofb(cname, cprefix, kname)
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+	BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+	BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+	BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+	BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
 
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+			  key_len, iv_len, flags, init_key, cleanup, \
+			  set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+	nid##_##nmode, block_size, key_len, iv_len, \
+	flags | EVP_CIPH_##MODE##_MODE, \
+	init_key, \
+	cname##_##mode##_cipher, \
+	cleanup, \
+	sizeof(kstruct), \
+	set_asn1, get_asn1,\
+	ctrl, \
+	NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+			     iv_len, flags, init_key, cleanup, set_asn1, \
+			     get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+			     iv_len, cbits, flags, init_key, cleanup, \
+			     set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
+		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+		  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+			     iv_len, cbits, flags, init_key, cleanup, \
+			     set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+		  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+			     iv_len, flags, init_key, cleanup, set_asn1, \
+			     get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+			  nid, block_size, key_len, iv_len, cbits, flags, \
+			  init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+		     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+		     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+
+/*
 #define BLOCK_CIPHER_defs(cname, kstruct, \
 				nid, block_size, key_len, iv_len, flags,\
 				 init_key, cleanup, set_asn1, get_asn1, ctrl)\
-static EVP_CIPHER cname##_cbc = {\
+static const EVP_CIPHER cname##_cbc = {\
 	nid##_cbc, block_size, key_len, iv_len, \
 	flags | EVP_CIPH_CBC_MODE,\
 	init_key,\
@@ -116,8 +173,8 @@ static EVP_CIPHER cname##_cbc = {\
 	ctrl, \
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
-static EVP_CIPHER cname##_cfb = {\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
 	nid##_cfb64, 1, key_len, iv_len, \
 	flags | EVP_CIPH_CFB_MODE,\
 	init_key,\
@@ -129,8 +186,8 @@ static EVP_CIPHER cname##_cfb = {\
 	ctrl,\
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
-static EVP_CIPHER cname##_ofb = {\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
 	nid##_ofb64, 1, key_len, iv_len, \
 	flags | EVP_CIPH_OFB_MODE,\
 	init_key,\
@@ -142,8 +199,8 @@ static EVP_CIPHER cname##_ofb = {\
 	ctrl,\
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
-static EVP_CIPHER cname##_ecb = {\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
 	nid##_ecb, block_size, key_len, iv_len, \
 	flags | EVP_CIPH_ECB_MODE,\
 	init_key,\
@@ -155,14 +212,16 @@ static EVP_CIPHER cname##_ecb = {\
 	ctrl,\
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-
-
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
 
-#define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \
-				nid, block_size, key_len, iv_len, flags, \
-				 init_key, cleanup, set_asn1, get_asn1, ctrl) \
-	BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \
-	BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, flags,\
-		 init_key, cleanup, set_asn1, get_asn1, ctrl) 
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+			       block_size, key_len, iv_len, cbits, \
+			       flags, init_key, \
+			       cleanup, set_asn1, get_asn1, ctrl) \
+	BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+	BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+			  cbits, flags, init_key, cleanup, set_asn1, \
+			  get_asn1, ctrl)
 
+#define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c
index 224a422..0da88fd 100644
--- a/crypto/openssl/crypto/evp/evp_pbe.c
+++ b/crypto/openssl/crypto/evp/evp_pbe.c
@@ -57,9 +57,9 @@
  */
 
 #include <stdio.h>
+#include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "cryptlib.h"
 
 /* Password based encryption (PBE) functions */
 
@@ -69,8 +69,8 @@ static STACK *pbe_algs;
 
 typedef struct {
 int pbe_nid;
-EVP_CIPHER *cipher;
-EVP_MD *md;
+const EVP_CIPHER *cipher;
+const EVP_MD *md;
 EVP_PBE_KEYGEN *keygen;
 } EVP_PBE_CTL;
 
@@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 		char obj_tmp[80];
 		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
 		if (!pbe_obj) strcpy (obj_tmp, "NULL");
-		else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+		else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
 		ERR_add_error_data(2, "TYPE=", obj_tmp);
 		return 0;
 	}
@@ -112,7 +112,7 @@ static int pbe_cmp(const char * const *a, const char * const *b)
 
 /* Add a PBE algorithm */
 
-int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md,
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 	     EVP_PBE_KEYGEN *keygen)
 {
 	EVP_PBE_CTL *pbe_tmp;
diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/openssl/crypto/evp/evp_pkey.c
index 8df2874..34b5b1d 100644
--- a/crypto/openssl/crypto/evp/evp_pkey.c
+++ b/crypto/openssl/crypto/evp/evp_pkey.c
@@ -62,17 +62,19 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
+#ifndef OPENSSL_NO_DSA
 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
 
 /* Extract a private key from a PKCS8 structure */
 
 EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 {
 	EVP_PKEY *pkey = NULL;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa = NULL;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	DSA *dsa = NULL;
 	ASN1_INTEGER *privkey;
 	ASN1_TYPE *t1, *t2, *param = NULL;
@@ -82,6 +84,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 #endif
 	X509_ALGOR *a;
 	unsigned char *p;
+	const unsigned char *cp;
 	int pkeylen;
 	char obj_tmp[80];
 
@@ -101,16 +104,17 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 	a = p8->pkeyalg;
 	switch (OBJ_obj2nid(a->algorithm))
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		case NID_rsaEncryption:
-		if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
+		cp = p;
+		if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
 			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 			return NULL;
 		}
 		EVP_PKEY_assign_RSA (pkey, rsa);
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		case NID_dsa:
 		/* PKCS#8 DSA is weird: you just get a private key integer
 	         * and parameters in the AlgorithmIdentifier the pubkey must
@@ -163,9 +167,9 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 			goto dsaerr;
 		}
-		p = param->value.sequence->data;
+		cp = p = param->value.sequence->data;
 		plen = param->value.sequence->length;
-		if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
+		if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
 			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 			goto dsaerr;
 		}
@@ -239,7 +243,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 	}
 	p8->pkey->type = V_ASN1_OCTET_STRING;
 	switch (EVP_PKEY_type(pkey->type)) {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		case EVP_PKEY_RSA:
 
 		if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
@@ -254,7 +258,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 		}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		case EVP_PKEY_DSA:
 		if(!dsa_pkey2pkcs8(p8, pkey)) {
 			PKCS8_PRIV_KEY_INFO_free (p8);
@@ -296,7 +300,7 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
 	}
 }
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 {
 	ASN1_STRING *params;
diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c
new file mode 100644
index 0000000..698aff2
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_test.c
@@ -0,0 +1,395 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+    {
+    int n=0;
+
+    fprintf(f,"%s",title);
+    for( ; n < l ; ++n)
+	{
+	if((n%16) == 0)
+	    fprintf(f,"\n%04x",n);
+	fprintf(f," %02x",s[n]);
+	}
+    fprintf(f,"\n");
+    }
+
+static int convert(unsigned char *s)
+    {
+    unsigned char *d;
+
+    for(d=s ; *s ; s+=2,++d)
+	{
+	unsigned int n;
+
+	if(!s[1])
+	    {
+	    fprintf(stderr,"Odd number of hex digits!");
+	    EXIT(4);
+	    }
+	sscanf((char *)s,"%2x",&n);
+	*d=(unsigned char)n;
+	}
+    return s-d;
+    }
+
+static char *sstrsep(char **string, const char *delim)
+    {
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, 256);
+    isdelim[0] = 1;
+
+    while (*delim)
+        {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+        }
+
+    while (!isdelim[(unsigned char)(**string)])
+        {
+        (*string)++;
+        }
+
+    if (**string)
+        {
+        **string = 0;
+        (*string)++;
+        }
+
+    return token;
+    }
+
+static unsigned char *ustrsep(char **p,const char *sep)
+    { return (unsigned char *)sstrsep(p,sep); }
+
+static int test1_exit(int ec)
+	{
+	EXIT(ec);
+	return(0);		/* To keep some compilers quiet */
+	}
+
+static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
+		  const unsigned char *iv,int in,
+		  const unsigned char *plaintext,int pn,
+		  const unsigned char *ciphertext,int cn,
+		  int encdec)
+    {
+    EVP_CIPHER_CTX ctx;
+    unsigned char out[4096];
+    int outl,outl2;
+
+    printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
+	   (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
+    hexdump(stdout,"Key",key,kn);
+    if(in)
+	hexdump(stdout,"IV",iv,in);
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Ciphertext",ciphertext,cn);
+    
+    if(kn != c->key_len)
+	{
+	fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
+		c->key_len);
+	test1_exit(5);
+	}
+    EVP_CIPHER_CTX_init(&ctx);
+    if (encdec != 0)
+        {
+	if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
+	    {
+	    fprintf(stderr,"EncryptInit failed\n");
+	    test1_exit(10);
+	    }
+	EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
+	    {
+	    fprintf(stderr,"Encrypt failed\n");
+	    test1_exit(6);
+	    }
+	if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
+	    {
+	    fprintf(stderr,"EncryptFinal failed\n");
+	    test1_exit(7);
+	    }
+
+	if(outl+outl2 != cn)
+	    {
+	    fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
+		    outl+outl2,cn);
+	    test1_exit(8);
+	    }
+
+	if(memcmp(out,ciphertext,cn))
+	    {
+	    fprintf(stderr,"Ciphertext mismatch\n");
+	    hexdump(stderr,"Got",out,cn);
+	    hexdump(stderr,"Expected",ciphertext,cn);
+	    test1_exit(9);
+	    }
+	}
+
+    if (encdec <= 0)
+        {
+	if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
+	    {
+	    fprintf(stderr,"DecryptInit failed\n");
+	    test1_exit(11);
+	    }
+	EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
+	    {
+	    fprintf(stderr,"Decrypt failed\n");
+	    test1_exit(6);
+	    }
+	if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
+	    {
+	    fprintf(stderr,"DecryptFinal failed\n");
+	    test1_exit(7);
+	    }
+
+	if(outl+outl2 != cn)
+	    {
+	    fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
+		    outl+outl2,cn);
+	    test1_exit(8);
+	    }
+
+	if(memcmp(out,plaintext,cn))
+	    {
+	    fprintf(stderr,"Plaintext mismatch\n");
+	    hexdump(stderr,"Got",out,cn);
+	    hexdump(stderr,"Expected",plaintext,cn);
+	    test1_exit(9);
+	    }
+	}
+
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    printf("\n");
+    }
+
+static int test_cipher(const char *cipher,const unsigned char *key,int kn,
+		       const unsigned char *iv,int in,
+		       const unsigned char *plaintext,int pn,
+		       const unsigned char *ciphertext,int cn,
+		       int encdec)
+    {
+    const EVP_CIPHER *c;
+
+    c=EVP_get_cipherbyname(cipher);
+    if(!c)
+	return 0;
+
+    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
+
+    return 1;
+    }
+
+static int test_digest(const char *digest,
+		       const unsigned char *plaintext,int pn,
+		       const unsigned char *ciphertext, unsigned int cn)
+    {
+    const EVP_MD *d;
+    EVP_MD_CTX ctx;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdn;
+
+    d=EVP_get_digestbyname(digest);
+    if(!d)
+	return 0;
+
+    printf("Testing digest %s\n",EVP_MD_name(d));
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Digest",ciphertext,cn);
+
+    EVP_MD_CTX_init(&ctx);
+    if(!EVP_DigestInit_ex(&ctx,d, NULL))
+	{
+	fprintf(stderr,"DigestInit failed\n");
+	EXIT(100);
+	}
+    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
+	{
+	fprintf(stderr,"DigestUpdate failed\n");
+	EXIT(101);
+	}
+    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
+	{
+	fprintf(stderr,"DigestFinal failed\n");
+	EXIT(101);
+	}
+    EVP_MD_CTX_cleanup(&ctx);
+
+    if(mdn != cn)
+	{
+	fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
+	EXIT(102);
+	}
+
+    if(memcmp(md,ciphertext,cn))
+	{
+	fprintf(stderr,"Digest mismatch\n");
+	hexdump(stderr,"Got",md,cn);
+	hexdump(stderr,"Expected",ciphertext,cn);
+	EXIT(103);
+	}
+
+    printf("\n");
+
+    EVP_MD_CTX_cleanup(&ctx);
+
+    return 1;
+    }
+
+int main(int argc,char **argv)
+    {
+    const char *szTestFile;
+    FILE *f;
+
+    if(argc != 2)
+	{
+	fprintf(stderr,"%s <test file>\n",argv[0]);
+	EXIT(1);
+	}
+    CRYPTO_malloc_debug_init();
+    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    szTestFile=argv[1];
+
+    f=fopen(szTestFile,"r");
+    if(!f)
+	{
+	perror(szTestFile);
+	EXIT(2);
+	}
+
+    /* Load up the software EVP_CIPHER and EVP_MD definitions */
+    OpenSSL_add_all_ciphers();
+    OpenSSL_add_all_digests();
+    /* Load all compiled-in ENGINEs */
+    ENGINE_load_builtin_engines();
+#if 0
+    OPENSSL_config();
+#endif
+    /* Register all available ENGINE implementations of ciphers and digests.
+     * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+    ENGINE_register_all_ciphers();
+    ENGINE_register_all_digests();
+    /* If we add command-line options, this statement should be switchable.
+     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+     * they weren't already initialised. */
+    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+
+    for( ; ; )
+	{
+	char line[4096];
+	char *p;
+	char *cipher;
+	unsigned char *iv,*key,*plaintext,*ciphertext;
+	int encdec;
+	int kn,in,pn,cn;
+
+	if(!fgets((char *)line,sizeof line,f))
+	    break;
+	if(line[0] == '#' || line[0] == '\n')
+	    continue;
+	p=line;
+	cipher=sstrsep(&p,":");	
+	key=ustrsep(&p,":");
+	iv=ustrsep(&p,":");
+	plaintext=ustrsep(&p,":");
+	ciphertext=ustrsep(&p,":");
+	if (p[-1] == '\n') {
+	    p[-1] = '\0';
+	    encdec = -1;
+	} else {
+	    encdec = atoi(sstrsep(&p,"\n"));
+	}
+	      
+
+	kn=convert(key);
+	in=convert(iv);
+	pn=convert(plaintext);
+	cn=convert(ciphertext);
+
+	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
+	   && !test_digest(cipher,plaintext,pn,ciphertext,cn))
+	    {
+	    fprintf(stderr,"Can't find %s\n",cipher);
+	    EXIT(3);
+	    }
+	}
+
+    ENGINE_cleanup();
+    EVP_cleanup();
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return 0;
+    }
diff --git a/crypto/openssl/crypto/evp/evptests.txt b/crypto/openssl/crypto/evp/evptests.txt
new file mode 100644
index 0000000..80bd9c7
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evptests.txt
@@ -0,0 +1,183 @@
+#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+#digest:::input:output
+
+# SHA(1) tests (from shatest.c)
+SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
+
+# MD5 tests (from md5test.c)
+MD5::::d41d8cd98f00b204e9800998ecf8427e
+MD5:::61:0cc175b9c0f1b6a831c399e269772661
+MD5:::616263:900150983cd24fb0d6963f7d28e17f72
+MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
+MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
+MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
+MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
+
+# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
+
+# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
+
+# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
+
+# AES 128 ECB tests (from NIST test vectors, encrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
+
+# AES 128 ECB tests (from NIST test vectors, decrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
+
+# AES 192 ECB tests (from NIST test vectors, decrypt)
+
+#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
+
+# AES 256 ECB tests (from NIST test vectors, decrypt)
+
+#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
+
+# AES 128 CBC tests (from NIST test vectors, encrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
+
+# AES 192 CBC tests (from NIST test vectors, encrypt)
+
+#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
+
+# AES 256 CBC tests (from NIST test vectors, encrypt)
+
+#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
+
+# AES 128 CBC tests (from NIST test vectors, decrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
+
+# AES tests from NIST document SP800-38A
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   AES-bits-ECB:key::plaintext:ciphertext:encdec
+# ECB-AES128.Encrypt and ECB-AES128.Decrypt
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
+# ECB-AES192.Encrypt and ECB-AES192.Decrypt 
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
+# ECB-AES256.Encrypt and ECB-AES256.Decrypt 
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-AES128.Encrypt and CBC-AES128.Decrypt 
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
+# CBC-AES192.Encrypt and CBC-AES192.Decrypt 
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
+# CBC-AES256.Encrypt and CBC-AES256.Decrypt 
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
+# We don't support CFB{1,8}-AESxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-AES128.Encrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
+# CFB128-AES128.Decrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
+# CFB128-AES192.Encrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
+# CFB128-AES192.Decrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
+# CFB128-AES256.Encrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
+# CFB128-AES256.Decrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-AES128.Encrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 
+# OFB-AES128.Decrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
+# OFB-AES192.Encrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 
+# OFB-AES192.Decrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 
+# OFB-AES256.Encrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
+# OFB-AES256.Decrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
+
+# DES ECB tests (from destest)
+
+DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
+DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
+DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
+DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
+DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
+DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
+DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
+
+# DESX-CBC tests (from destest)
+DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
+
+# DES EDE3 CBC tests (from destest)
+DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+# RC4 tests (from rc4test)
+RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
+RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
+RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
+RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
diff --git a/crypto/openssl/crypto/evp/m_dss.c b/crypto/openssl/crypto/evp/m_dss.c
index 8ea8268..beb8d7f 100644
--- a/crypto/openssl/crypto/evp/m_dss.c
+++ b/crypto/openssl/crypto/evp/m_dss.c
@@ -62,21 +62,33 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-#ifndef NO_SHA
-static EVP_MD dsa_md=
+#ifndef OPENSSL_NO_SHA
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dsa_md=
 	{
 	NID_dsaWithSHA,
 	NID_dsaWithSHA,
 	SHA_DIGEST_LENGTH,
-	SHA1_Init,
-	SHA1_Update,
-	SHA1_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_DSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_dss(void)
+const EVP_MD *EVP_dss(void)
 	{
 	return(&dsa_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_dss1.c b/crypto/openssl/crypto/evp/m_dss1.c
index 9d8d1ce..f5668eb 100644
--- a/crypto/openssl/crypto/evp/m_dss1.c
+++ b/crypto/openssl/crypto/evp/m_dss1.c
@@ -56,27 +56,39 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static EVP_MD dss1_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dss1_md=
 	{
 	NID_dsa,
 	NID_dsaWithSHA1,
 	SHA_DIGEST_LENGTH,
-	SHA1_Init,
-	SHA1_Update,
-	SHA1_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_DSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_dss1(void)
+const EVP_MD *EVP_dss1(void)
 	{
 	return(&dss1_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_md2.c b/crypto/openssl/crypto/evp/m_md2.c
index 3281e91..50914c8 100644
--- a/crypto/openssl/crypto/evp/m_md2.c
+++ b/crypto/openssl/crypto/evp/m_md2.c
@@ -56,27 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/md2.h>
 
-static EVP_MD md2_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MD2_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MD2_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MD2_Final(md,ctx->md_data); }
+
+static const EVP_MD md2_md=
 	{
 	NID_md2,
 	NID_md2WithRSAEncryption,
 	MD2_DIGEST_LENGTH,
-	MD2_Init,
-	MD2_Update,
-	MD2_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	MD2_BLOCK,
 	sizeof(EVP_MD *)+sizeof(MD2_CTX),
 	};
 
-EVP_MD *EVP_md2(void)
+const EVP_MD *EVP_md2(void)
 	{
 	return(&md2_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_md4.c b/crypto/openssl/crypto/evp/m_md4.c
index e5005ab..e19b663 100644
--- a/crypto/openssl/crypto/evp/m_md4.c
+++ b/crypto/openssl/crypto/evp/m_md4.c
@@ -56,27 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/md4.h>
 
-static EVP_MD md4_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MD4_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MD4_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MD4_Final(md,ctx->md_data); }
+
+static const EVP_MD md4_md=
 	{
 	NID_md4,
 	NID_md4WithRSAEncryption,
 	MD4_DIGEST_LENGTH,
-	MD4_Init,
-	MD4_Update,
-	MD4_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	MD4_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(MD4_CTX),
 	};
 
-EVP_MD *EVP_md4(void)
+const EVP_MD *EVP_md4(void)
 	{
 	return(&md4_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_md5.c b/crypto/openssl/crypto/evp/m_md5.c
index 9fc9530..b00a03e 100644
--- a/crypto/openssl/crypto/evp/m_md5.c
+++ b/crypto/openssl/crypto/evp/m_md5.c
@@ -56,27 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/md5.h>
 
-static EVP_MD md5_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MD5_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MD5_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MD5_Final(md,ctx->md_data); }
+
+static const EVP_MD md5_md=
 	{
 	NID_md5,
 	NID_md5WithRSAEncryption,
 	MD5_DIGEST_LENGTH,
-	MD5_Init,
-	MD5_Update,
-	MD5_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	MD5_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(MD5_CTX),
 	};
 
-EVP_MD *EVP_md5(void)
+const EVP_MD *EVP_md5(void)
 	{
 	return(&md5_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_mdc2.c b/crypto/openssl/crypto/evp/m_mdc2.c
index 2c7f1ae..9f6467c 100644
--- a/crypto/openssl/crypto/evp/m_mdc2.c
+++ b/crypto/openssl/crypto/evp/m_mdc2.c
@@ -56,27 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/mdc2.h>
 
-static EVP_MD mdc2_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MDC2_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MDC2_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MDC2_Final(md,ctx->md_data); }
+
+static const EVP_MD mdc2_md=
 	{
 	NID_mdc2,
 	NID_mdc2WithRSA,
 	MDC2_DIGEST_LENGTH,
-	MDC2_Init,
-	MDC2_Update,
-	MDC2_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
 	MDC2_BLOCK,
 	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
 	};
 
-EVP_MD *EVP_mdc2(void)
+const EVP_MD *EVP_mdc2(void)
 	{
 	return(&mdc2_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_null.c b/crypto/openssl/crypto/evp/m_null.c
index e2dadf3..f6f0a1d 100644
--- a/crypto/openssl/crypto/evp/m_null.c
+++ b/crypto/openssl/crypto/evp/m_null.c
@@ -62,25 +62,32 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static void function(void)
-	{
-	}
+static int init(EVP_MD_CTX *ctx)
+	{ return 1; }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return 1; }
 
-static EVP_MD null_md=
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return 1; }
+
+static const EVP_MD null_md=
 	{
 	NID_undef,
 	NID_undef,
 	0,
-	function,
-	function,
-	function,
-	
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_NULL_method,
 	0,
 	sizeof(EVP_MD *),
 	};
 
-EVP_MD *EVP_md_null(void)
+const EVP_MD *EVP_md_null(void)
 	{
 	return(&null_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_ripemd.c b/crypto/openssl/crypto/evp/m_ripemd.c
index 3d781a4..6472552 100644
--- a/crypto/openssl/crypto/evp/m_ripemd.c
+++ b/crypto/openssl/crypto/evp/m_ripemd.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/ripemd.h>
@@ -64,20 +64,32 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static EVP_MD ripemd160_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return RIPEMD160_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return RIPEMD160_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return RIPEMD160_Final(md,ctx->md_data); }
+
+static const EVP_MD ripemd160_md=
 	{
 	NID_ripemd160,
 	NID_ripemd160WithRSA,
 	RIPEMD160_DIGEST_LENGTH,
-	RIPEMD160_Init,
-	RIPEMD160_Update,
-	RIPEMD160_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	RIPEMD160_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
 	};
 
-EVP_MD *EVP_ripemd160(void)
+const EVP_MD *EVP_ripemd160(void)
 	{
 	return(&ripemd160_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_sha.c b/crypto/openssl/crypto/evp/m_sha.c
index 6d35b71..10697c7 100644
--- a/crypto/openssl/crypto/evp/m_sha.c
+++ b/crypto/openssl/crypto/evp/m_sha.c
@@ -56,27 +56,39 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static EVP_MD sha_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA_Final(md,ctx->md_data); }
+
+static const EVP_MD sha_md=
 	{
 	NID_sha,
 	NID_shaWithRSAEncryption,
 	SHA_DIGEST_LENGTH,
-	SHA_Init,
-	SHA_Update,
-	SHA_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_sha(void)
+const EVP_MD *EVP_sha(void)
 	{
 	return(&sha_md);
 	}
diff --git a/crypto/openssl/crypto/evp/m_sha1.c b/crypto/openssl/crypto/evp/m_sha1.c
index 57a1ab0..d6be350 100644
--- a/crypto/openssl/crypto/evp/m_sha1.c
+++ b/crypto/openssl/crypto/evp/m_sha1.c
@@ -56,27 +56,39 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static EVP_MD sha1_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD sha1_md=
 	{
 	NID_sha1,
 	NID_sha1WithRSAEncryption,
 	SHA_DIGEST_LENGTH,
-	SHA1_Init,
-	SHA1_Update,
-	SHA1_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_sha1(void)
+const EVP_MD *EVP_sha1(void)
 	{
 	return(&sha1_md);
 	}
diff --git a/crypto/openssl/crypto/evp/names.c b/crypto/openssl/crypto/evp/names.c
index 620f43f..eb9f432 100644
--- a/crypto/openssl/crypto/evp/names.c
+++ b/crypto/openssl/crypto/evp/names.c
@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int EVP_add_cipher(EVP_CIPHER *c)
+int EVP_add_cipher(const EVP_CIPHER *c)
 	{
 	int r;
 
@@ -72,7 +72,7 @@ int EVP_add_cipher(EVP_CIPHER *c)
 	return(r);
 	}
 
-int EVP_add_digest(EVP_MD *md)
+int EVP_add_digest(const EVP_MD *md)
 	{
 	int r;
 	const char *name;
diff --git a/crypto/openssl/crypto/evp/openbsd_hw.c b/crypto/openssl/crypto/evp/openbsd_hw.c
new file mode 100644
index 0000000..3831a57
--- /dev/null
+++ b/crypto/openssl/crypto/evp/openbsd_hw.c
@@ -0,0 +1,446 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include "evp_locl.h"
+
+/* This stuff should now all be supported through
+ * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
+static void *dummy=&dummy;
+
+#if 0
+
+/* check flag after OpenSSL headers to ensure make depend works */
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+#include <unistd.h>
+#include <assert.h>
+
+/* longest key supported in hardware */
+#define MAX_HW_KEY	24
+#define MAX_HW_IV	8
+
+#define MD5_DIGEST_LENGTH	16
+#define MD5_CBLOCK		64
+
+static int fd;
+static int dev_failed;
+
+typedef struct session_op session_op;
+
+#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(session_op *ses)
+    {
+    if(dev_failed)
+	return 0;
+    if(!fd)
+	{
+	int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+	    {
+	    err("/dev/crypto");
+	    dev_failed=1;
+	    return 0;
+	    }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+	    {
+	    err("CRIOGET failed");
+	    close(cryptodev_fd);
+	    dev_failed=1;
+	    return 0;
+	    }
+	close(cryptodev_fd);
+	}
+    assert(ses);
+    memset(ses,'\0',sizeof *ses);
+
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
+	err("CIOCFSESSION failed");
+
+    OPENSSL_free(CDATA(ctx)->key);
+
+    return 1;
+    }
+
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+			       const unsigned char *key,int klen)
+    {
+    if(!dev_crypto_init(CDATA(ctx)))
+	return 0;
+
+    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
+
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+    memcpy(CDATA(ctx)->key,key,klen);
+    
+    CDATA(ctx)->cipher=cipher;
+    CDATA(ctx)->keylen=klen;
+
+    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
+	{
+	err("CIOCGSESSION failed");
+	return 0;
+	}
+    return 1;
+    }
+
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+			     const unsigned char *in,unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[MAX_HW_IV];
+
+    if(!inl)
+	return 1;
+
+    assert(CDATA(ctx));
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=CDATA(ctx)->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    cryp.len=inl;
+    assert((inl&(ctx->cipher->block_size-1)) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    if(ctx->cipher->iv_len)
+	cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+	memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+	{
+	if(errno == EINVAL) /* buffers are misaligned */
+	    {
+	    unsigned int cinl=0;
+	    char *cin=NULL;
+	    char *cout=NULL;
+
+	    /* NB: this can only make cinl != inl with stream ciphers */
+	    cinl=(inl+3)/4*4;
+
+	    if(((unsigned long)in&3) || cinl != inl)
+		{
+		cin=OPENSSL_malloc(cinl);
+		memcpy(cin,in,inl);
+		cryp.src=cin;
+		}
+
+	    if(((unsigned long)out&3) || cinl != inl)
+		{
+		cout=OPENSSL_malloc(cinl);
+		cryp.dst=cout;
+		}
+
+	    cryp.len=cinl;
+
+	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+		{
+		err("CIOCCRYPT(2) failed");
+		printf("src=%p dst=%p\n",cryp.src,cryp.dst);
+		abort();
+		return 0;
+		}
+		
+	    if(cout)
+		{
+		memcpy(out,cout,inl);
+		OPENSSL_free(cout);
+		}
+	    if(cin)
+		OPENSSL_free(cin);
+	    }
+	else 
+	    {	    
+	    err("CIOCCRYPT failed");
+	    abort();
+	    return 0;
+	    }
+	}
+
+    if(ctx->encrypt)
+	memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    else
+	memcpy(ctx->iv,lb,ctx->cipher->iv_len);
+
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+					const unsigned char *key,
+					const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+		     0, dev_crypto_des_ede3_init_key,
+		     dev_crypto_cleanup, 
+		     EVP_CIPHER_set_asn1_iv,
+		     EVP_CIPHER_get_asn1_iv,
+		     NULL)
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+					const unsigned char *key,
+					const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,	/* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+
+const EVP_CIPHER *EVP_dev_crypto_rc4(void)
+    { return &r4_cipher; }
+
+typedef struct
+    {
+    session_op sess;
+    char *data;
+    int len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    } MD_DATA;
+
+static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
+    {
+    if(!dev_crypto_init(&md_data->sess))
+	return 0;
+
+    md_data->len=0;
+    md_data->data=NULL;
+
+    md_data->sess.mac=mac;
+
+    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
+	{
+	err("CIOCGSESSION failed");
+	return 0;
+	}
+    return 1;
+    }
+
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+    {
+    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
+	{
+	err("CIOCFSESSION failed");
+	return 0;
+	}
+
+    return 1;
+    }
+
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
+
+static int do_digest(int ses,unsigned char *md,const void *data,int len)
+    {
+    struct crypt_op cryp;
+    static unsigned char md5zero[16]=
+	{
+	0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
+	0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
+	};
+
+    /* some cards can't do zero length */
+    if(!len)
+	{
+	memcpy(md,md5zero,16);
+	return 1;
+	}
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ses;
+    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
+    cryp.len=len;
+    cryp.src=(caddr_t)data;
+    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.mac=(caddr_t)md;
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+	{
+	if(errno == EINVAL) /* buffer is misaligned */
+	    {
+	    char *dcopy;
+
+	    dcopy=OPENSSL_malloc(len);
+	    memcpy(dcopy,data,len);
+	    cryp.src=dcopy;
+	    cryp.dst=cryp.src; // FIXME!!!
+
+	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+		{
+		err("CIOCCRYPT(MAC2) failed");
+		abort();
+		return 0;
+		}
+	    OPENSSL_free(dcopy);
+	    }
+	else
+	    {
+	    err("CIOCCRYPT(MAC) failed");
+	    abort();
+	    return 0;
+	    }
+	}
+    //    printf("done\n");
+
+    return 1;
+    }
+
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
+				 unsigned long len)
+    {
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+	return do_digest(md_data->sess.ses,md_data->md,data,len);
+
+    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
+    memcpy(md_data->data+md_data->len,data,len);
+    md_data->len+=len;
+
+    return 1;
+    }	
+
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+    {
+    int ret;
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+	{
+	memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
+	ret=1;
+	}
+    else
+	{
+	ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
+	OPENSSL_free(md_data->data);
+	md_data->data=NULL;
+	md_data->len=0;
+	}
+
+    return ret;
+    }
+
+static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+    {
+    const MD_DATA *from_md=from->md_data;
+    MD_DATA *to_md=to->md_data;
+
+    // How do we copy sessions?
+    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
+
+    to_md->data=OPENSSL_malloc(from_md->len);
+    memcpy(to_md->data,from_md->data,from_md->len);
+
+    return 1;
+    }
+
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+    {
+    return dev_crypto_cleanup_digest(ctx->md_data);
+    }
+
+static const EVP_MD md5_md=
+    {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    EVP_MD_FLAG_ONESHOT,	// XXX: set according to device info...
+    dev_crypto_md5_init,
+    dev_crypto_md5_update,
+    dev_crypto_md5_final,
+    dev_crypto_md5_copy,
+    dev_crypto_md5_cleanup,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(MD_DATA),
+    };
+
+const EVP_MD *EVP_dev_crypto_md5(void)
+    { return &md5_md; }
+
+#endif
+#endif
diff --git a/crypto/openssl/crypto/evp/p5_crpt.c b/crypto/openssl/crypto/evp/p5_crpt.c
index 6bfa2c5..a1874e8 100644
--- a/crypto/openssl/crypto/evp/p5_crpt.c
+++ b/crypto/openssl/crypto/evp/p5_crpt.c
@@ -58,50 +58,50 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/evp.h>
-#include "cryptlib.h"
 
 /* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
  */
 
 void PKCS5_PBE_add(void)
 {
-#ifndef NO_DES
-#  ifndef NO_MD5
+#ifndef OPENSSL_NO_DES
+#  ifndef OPENSSL_NO_MD5
 EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
 							 PKCS5_PBE_keyivgen);
 #  endif
-#  ifndef NO_MD2
+#  ifndef OPENSSL_NO_MD2
 EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
 							 PKCS5_PBE_keyivgen);
 #  endif
-#  ifndef NO_SHA
+#  ifndef OPENSSL_NO_SHA
 EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
 							 PKCS5_PBE_keyivgen);
 #  endif
 #endif
-#ifndef NO_RC2
-#  ifndef NO_MD5
+#ifndef OPENSSL_NO_RC2
+#  ifndef OPENSSL_NO_MD5
 EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
 							 PKCS5_PBE_keyivgen);
 #  endif
-#  ifndef NO_MD2
+#  ifndef OPENSSL_NO_MD2
 EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
 							 PKCS5_PBE_keyivgen);
 #  endif
-#  ifndef NO_SHA
+#  ifndef OPENSSL_NO_SHA
 EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
 							 PKCS5_PBE_keyivgen);
 #  endif
 #endif
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
 EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
 #endif
 }
 
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
 			 int en_de)
 {
 	EVP_MD_CTX ctx;
@@ -128,22 +128,26 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	if(!pass) passlen = 0;
 	else if(passlen == -1) passlen = strlen(pass);
 
-	EVP_DigestInit (&ctx, md);
-	EVP_DigestUpdate (&ctx, pass, passlen);
-	EVP_DigestUpdate (&ctx, salt, saltlen);
+	EVP_MD_CTX_init(&ctx);
+	EVP_DigestInit_ex(&ctx, md, NULL);
+	EVP_DigestUpdate(&ctx, pass, passlen);
+	EVP_DigestUpdate(&ctx, salt, saltlen);
 	PBEPARAM_free(pbe);
-	EVP_DigestFinal (&ctx, md_tmp, NULL);
+	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
 	for (i = 1; i < iter; i++) {
-		EVP_DigestInit(&ctx, md);
+		EVP_DigestInit_ex(&ctx, md, NULL);
 		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
-		EVP_DigestFinal (&ctx, md_tmp, NULL);
+		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
 	}
-	memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher));
-	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+	EVP_MD_CTX_cleanup(&ctx);
+	OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
+	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+	OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
 						 EVP_CIPHER_iv_length(cipher));
-	EVP_CipherInit(cctx, cipher, key, iv, en_de);
-	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
-	memset(key, 0, EVP_MAX_KEY_LENGTH);
-	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
 	return 1;
 }
diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/openssl/crypto/evp/p5_crpt2.c
index 717fad6..1f94e1e 100644
--- a/crypto/openssl/crypto/evp/p5_crpt2.c
+++ b/crypto/openssl/crypto/evp/p5_crpt2.c
@@ -55,13 +55,13 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#if !defined(NO_HMAC) && !defined(NO_SHA)
+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
 #include <stdio.h>
 #include <stdlib.h>
+#include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#include "cryptlib.h"
 
 /* set this to print out info about the keygen algorithm */
 /* #define DEBUG_PKCS5V2 */
@@ -84,6 +84,8 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 	int cplen, j, k, tkeylen;
 	unsigned long i = 1;
 	HMAC_CTX hctx;
+
+	HMAC_CTX_init(&hctx);
 	p = out;
 	tkeylen = keylen;
 	if(!pass) passlen = 0;
@@ -98,7 +100,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 		itmp[1] = (unsigned char)((i >> 16) & 0xff);
 		itmp[2] = (unsigned char)((i >> 8) & 0xff);
 		itmp[3] = (unsigned char)(i & 0xff);
-		HMAC_Init(&hctx, pass, passlen, EVP_sha1());
+		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
 		HMAC_Update(&hctx, salt, saltlen);
 		HMAC_Update(&hctx, itmp, 4);
 		HMAC_Final(&hctx, digtmp, NULL);
@@ -112,7 +114,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 		i++;
 		p+= cplen;
 	}
-	HMAC_cleanup(&hctx);
+	HMAC_CTX_cleanup(&hctx);
 #ifdef DEBUG_PKCS5V2
 	fprintf(stderr, "Password:\n");
 	h__dump (pass, passlen);
@@ -143,7 +145,7 @@ main()
  */
 
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md,
+                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                          int en_de)
 {
 	unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
@@ -181,13 +183,14 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	}
 
 	/* Fixup cipher based on AlgorithmIdentifier */
-	EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
 	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
 		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
 					EVP_R_CIPHER_PARAMETER_ERROR);
 		goto err;
 	}
 	keylen = EVP_CIPHER_CTX_key_length(ctx);
+	OPENSSL_assert(keylen <= sizeof key);
 
 	/* Now decode key derivation function */
 
@@ -227,8 +230,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	saltlen = kdf->salt->value.octet_string->length;
 	iter = ASN1_INTEGER_get(kdf->iter);
 	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
-	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
-	memset(key, 0, keylen);
+	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+	OPENSSL_cleanse(key, keylen);
 	PBKDF2PARAM_free(kdf);
 	return 1;
 
diff --git a/crypto/openssl/crypto/evp/p_dec.c b/crypto/openssl/crypto/evp/p_dec.c
index 57b5daa..8af6204 100644
--- a/crypto/openssl/crypto/evp/p_dec.c
+++ b/crypto/openssl/crypto/evp/p_dec.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #include <openssl/evp.h>
@@ -71,12 +71,12 @@ int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
 	{
 	int ret= -1;
 	
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (priv->type != EVP_PKEY_RSA)
 		{
 #endif
 		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		goto err;
                 }
 
diff --git a/crypto/openssl/crypto/evp/p_enc.c b/crypto/openssl/crypto/evp/p_enc.c
index 4cf6aca..656883b 100644
--- a/crypto/openssl/crypto/evp/p_enc.c
+++ b/crypto/openssl/crypto/evp/p_enc.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #include <openssl/evp.h>
@@ -71,12 +71,12 @@ int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
 	{
 	int ret=0;
 	
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (pubk->type != EVP_PKEY_RSA)
 		{
 #endif
 		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		goto err;
 		}
 	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c
index 62398ed..215b942 100644
--- a/crypto/openssl/crypto/evp/p_lib.c
+++ b/crypto/openssl/crypto/evp/p_lib.c
@@ -64,14 +64,15 @@
 #include <openssl/x509.h>
 
 static void EVP_PKEY_free_it(EVP_PKEY *x);
+
 int EVP_PKEY_bits(EVP_PKEY *pkey)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (pkey->type == EVP_PKEY_RSA)
 		return(BN_num_bits(pkey->pkey.rsa->n));
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		return(BN_num_bits(pkey->pkey.dsa->p));
 #endif
@@ -82,12 +83,12 @@ int EVP_PKEY_size(EVP_PKEY *pkey)
 	{
 	if (pkey == NULL)
 		return(0);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (pkey->type == EVP_PKEY_RSA)
 		return(RSA_size(pkey->pkey.rsa));
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		return(DSA_size(pkey->pkey.dsa));
 #endif
@@ -96,10 +97,10 @@ int EVP_PKEY_size(EVP_PKEY *pkey)
 
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 	{
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (pkey->type == EVP_PKEY_DSA)
 		{
-		int ret=pkey->save_parameters=mode;
+		int ret=pkey->save_parameters;
 
 		if (mode >= 0)
 			pkey->save_parameters=mode;
@@ -122,7 +123,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
 		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
 		goto err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (to->type == EVP_PKEY_DSA)
 		{
 		BIGNUM *a;
@@ -147,7 +148,7 @@ err:
 
 int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
 	{
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (pkey->type == EVP_PKEY_DSA)
 		{
 		DSA *dsa;
@@ -162,7 +163,7 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
 
 int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
 	{
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
 		{
 		if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
@@ -205,11 +206,12 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
 	return(key != NULL);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {
 	int ret = EVP_PKEY_assign_RSA(pkey, key);
-	if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA);
+	if(ret)
+		RSA_up_ref(key);
 	return ret;
 }
 
@@ -219,16 +221,17 @@ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
 		EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
 		return NULL;
 	}
-	CRYPTO_add(&pkey->pkey.rsa->references, 1, CRYPTO_LOCK_RSA);
+	RSA_up_ref(pkey->pkey.rsa);
 	return pkey->pkey.rsa;
 }
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
 {
 	int ret = EVP_PKEY_assign_DSA(pkey, key);
-	if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA);
+	if(ret)
+		DSA_up_ref(key);
 	return ret;
 }
 
@@ -238,17 +241,18 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 		EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
 		return NULL;
 	}
-	CRYPTO_add(&pkey->pkey.dsa->references, 1, CRYPTO_LOCK_DSA);
+	DSA_up_ref(pkey->pkey.dsa);
 	return pkey->pkey.dsa;
 }
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 {
 	int ret = EVP_PKEY_assign_DH(pkey, key);
-	if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH);
+	if(ret)
+		DH_up_ref(key);
 	return ret;
 }
 
@@ -258,7 +262,7 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
 		return NULL;
 	}
-	CRYPTO_add(&pkey->pkey.dh->references, 1, CRYPTO_LOCK_DH);
+	DH_up_ref(pkey->pkey.dh);
 	return pkey->pkey.dh;
 }
 #endif
@@ -309,13 +313,13 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
 	{
 	switch (x->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
 	case EVP_PKEY_RSA2:
 		RSA_free(x->pkey.rsa);
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 	case EVP_PKEY_DSA2:
 	case EVP_PKEY_DSA3:
@@ -323,7 +327,7 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
 		DSA_free(x->pkey.dsa);
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case EVP_PKEY_DH:
 		DH_free(x->pkey.dh);
 		break;
diff --git a/crypto/openssl/crypto/evp/p_open.c b/crypto/openssl/crypto/evp/p_open.c
index 2760c00..5a933d1 100644
--- a/crypto/openssl/crypto/evp/p_open.c
+++ b/crypto/openssl/crypto/evp/p_open.c
@@ -56,14 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 	     int ekl, unsigned char *iv, EVP_PKEY *priv)
 	{
 	unsigned char *key=NULL;
@@ -71,7 +71,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
 
 	if(type) {	
 		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0;
+		if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
 	}
 
 	if(!priv) return 1;
@@ -97,11 +97,11 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
 		/* ERROR */
 		goto err;
 		}
-	if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err;
+	if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
 
 	ret=1;
 err:
-	if (key != NULL) memset(key,0,size);
+	if (key != NULL) OPENSSL_cleanse(key,size);
 	OPENSSL_free(key);
 	return(ret);
 	}
@@ -110,11 +110,11 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i;
 
-	i=EVP_DecryptFinal(ctx,out,outl);
-	EVP_DecryptInit(ctx,NULL,NULL,NULL);
+	i=EVP_DecryptFinal_ex(ctx,out,outl);
+	EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
 	return(i);
 	}
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # ifdef PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/crypto/evp/p_seal.c b/crypto/openssl/crypto/evp/p_seal.c
index 2fd1d7e..37e547f 100644
--- a/crypto/openssl/crypto/evp/p_seal.c
+++ b/crypto/openssl/crypto/evp/p_seal.c
@@ -59,14 +59,14 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
 	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
 	{
 	unsigned char key[EVP_MAX_KEY_LENGTH];
@@ -74,15 +74,16 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
 	
 	if(type) {
 		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0;
+		if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
 	}
-	if (npubk <= 0) return(0);
+	if ((npubk <= 0) || !pubk)
+		return 1;
 	if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
-		return(0);
+		return 0;
 	if (EVP_CIPHER_CTX_iv_length(ctx))
 		RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
 
-	if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0;
+	if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
 
 	for (i=0; i<npubk; i++)
 		{
@@ -105,8 +106,10 @@ int inl;
 	}
 */
 
-void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	EVP_EncryptFinal(ctx,out,outl);
-	EVP_EncryptInit(ctx,NULL,NULL,NULL);
+	int i;
+	i = EVP_EncryptFinal_ex(ctx,out,outl);
+	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+	return i;
 	}
diff --git a/crypto/openssl/crypto/evp/p_sign.c b/crypto/openssl/crypto/evp/p_sign.c
index 1fa32ac..e4ae590 100644
--- a/crypto/openssl/crypto/evp/p_sign.c
+++ b/crypto/openssl/crypto/evp/p_sign.c
@@ -65,7 +65,7 @@
 #ifdef undef
 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
-	EVP_DigestInit(ctx,type);
+	EVP_DigestInit_ex(ctx,type);
 	}
 
 void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
@@ -84,8 +84,10 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 	MS_STATIC EVP_MD_CTX tmp_ctx;
 
 	*siglen=0;
-	EVP_MD_CTX_copy(&tmp_ctx,ctx);   
-	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
+	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_cleanup(&tmp_ctx);
 	for (i=0; i<4; i++)
 		{
 		v=ctx->digest->required_pkey_type[i];
diff --git a/crypto/openssl/crypto/evp/p_verify.c b/crypto/openssl/crypto/evp/p_verify.c
index dcb54f3..d854d74 100644
--- a/crypto/openssl/crypto/evp/p_verify.c
+++ b/crypto/openssl/crypto/evp/p_verify.c
@@ -85,8 +85,10 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
 		return(-1);
 		}
-	EVP_MD_CTX_copy(&tmp_ctx,ctx);     
-	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_cleanup(&tmp_ctx);
         if (ctx->digest->verify == NULL)
                 {
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c
index 739e543..5b2e345 100644
--- a/crypto/openssl/crypto/ex_data.c
+++ b/crypto/openssl/crypto/ex_data.c
@@ -1,4 +1,33 @@
 /* crypto/ex_data.c */
+
+/*
+ * Overhaul notes;
+ *
+ * This code is now *mostly* thread-safe. It is now easier to understand in what
+ * ways it is safe and in what ways it is not, which is an improvement. Firstly,
+ * all per-class stacks and index-counters for ex_data are stored in the same
+ * global LHASH table (keyed by class). This hash table uses locking for all
+ * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
+ * called when no other threads can possibly race against it (even if it was
+ * locked, the race would mean it's possible the hash table might have been
+ * recreated after the cleanup). As classes can only be added to the hash table,
+ * and within each class, the stack of methods can only be incremented, the
+ * locking mechanics are simpler than they would otherwise be. For example, the
+ * new/dup/free ex_data functions will lock the hash table, copy the method
+ * pointers it needs from the relevant class, then unlock the hash table before
+ * actually applying those method pointers to the task of the new/dup/free
+ * operations. As they can't be removed from the method-stack, only
+ * supplemented, there's no race conditions associated with using them outside
+ * the lock. The get/set_ex_data functions are not locked because they do not
+ * involve this global state at all - they operate directly with a previously
+ * obtained per-class method index and a particular "ex_data" variable. These
+ * variables are usually instantiated per-context (eg. each RSA structure has
+ * one) so locking on read/write access to that variable can be locked locally
+ * if required (eg. using the "RSA" lock to synchronise access to a
+ * per-RSA-structure ex_data variable if required).
+ * [Geoff]
+ */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,6 +84,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -63,47 +145,455 @@
 #include <openssl/lhash.h>
 #include "cryptlib.h"
 
-int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
-	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+/* What an "implementation of ex_data functionality" looks like */
+struct st_CRYPTO_EX_DATA_IMPL
+	{
+	/*********************/
+	/* GLOBAL OPERATIONS */
+	/* Return a new class index */
+	int (*cb_new_class)(void);
+	/* Cleanup all state used by the implementation */
+	void (*cb_cleanup)(void);
+	/************************/
+	/* PER-CLASS OPERATIONS */
+	/* Get a new method index within a class */
+	int (*cb_get_new_index)(int class_index, long argl, void *argp,
+			CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+			CRYPTO_EX_free *free_func);
+	/* Initialise a new CRYPTO_EX_DATA of a given class */
+	int (*cb_new_ex_data)(int class_index, void *obj,
+			CRYPTO_EX_DATA *ad);
+	/* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
+	int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
+			CRYPTO_EX_DATA *from);
+	/* Cleanup a CRYPTO_EX_DATA of a given class */
+	void (*cb_free_ex_data)(int class_index, void *obj,
+			CRYPTO_EX_DATA *ad);
+	};
+
+/* The implementation we use at run-time */
+static const CRYPTO_EX_DATA_IMPL *impl = NULL;
+
+/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
+ * EX_IMPL(get_new_index)(...); */
+#define EX_IMPL(a) impl->cb_##a
+
+/* Predeclare the "default" ex_data implementation */
+static int int_new_class(void);
+static void int_cleanup(void);
+static int int_get_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+static int int_new_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad);
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+		CRYPTO_EX_DATA *from);
+static void int_free_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad);
+static CRYPTO_EX_DATA_IMPL impl_default =
+	{
+	int_new_class,
+	int_cleanup,
+	int_get_new_index,
+	int_new_ex_data,
+	int_dup_ex_data,
+	int_free_ex_data
+	};
+
+/* Internal function that checks whether "impl" is set and if not, sets it to
+ * the default. */
+static void impl_check(void)
 	{
-	int ret= -1;
-	CRYPTO_EX_DATA_FUNCS *a;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	if(!impl)
+		impl = &impl_default;
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	}
+/* A macro wrapper for impl_check that first uses a non-locked test before
+ * invoking the function (which checks again inside a lock). */
+#define IMPL_CHECK if(!impl) impl_check();
 
-	MemCheck_off();
-	if (*skp == NULL)
-		*skp=sk_CRYPTO_EX_DATA_FUNCS_new_null();
-	if (*skp == NULL)
+/* API functions to get/set the "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
+	{
+	IMPL_CHECK
+	return impl;
+	}
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
+	{
+	int toret = 0;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	if(!impl)
 		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-		goto err;
+		impl = i;
+		toret = 1;
 		}
-	a=(CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
-	if (a == NULL)
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
+	}
+
+/****************************************************************************/
+/* Interal (default) implementation of "ex_data" support. API functions are
+ * further down. */
+
+/* The type that represents what each "class" used to implement locally. A STACK
+ * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
+ * value representing the class that is used to distinguish these items. */
+typedef struct st_ex_class_item {
+	int class_index;
+	STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
+	int meth_num;
+} EX_CLASS_ITEM;
+
+/* When assigning new class indexes, this is our counter */
+static int ex_class = CRYPTO_EX_INDEX_USER;
+
+/* The global hash table of EX_CLASS_ITEM items */
+static LHASH *ex_data = NULL;
+
+/* The callbacks required in the "ex_data" hash table */
+static unsigned long ex_hash_cb(const void *a_void)
+	{
+	return ((const EX_CLASS_ITEM *)a_void)->class_index;
+	}
+static int ex_cmp_cb(const void *a_void, const void *b_void)
+	{
+	return (((const EX_CLASS_ITEM *)a_void)->class_index -
+		((const EX_CLASS_ITEM *)b_void)->class_index);
+	}
+
+/* Internal functions used by the "impl_default" implementation to access the
+ * state */
+
+static int ex_data_check(void)
+	{
+	int toret = 1;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+		toret = 0;
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
+	}
+/* This macros helps reduce the locking from repeated checks because the
+ * ex_data_check() function checks ex_data again inside a lock. */
+#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
+
+/* This "inner" callback is used by the callback function that follows it */
+static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
+	{
+	OPENSSL_free(funcs);
+	}
+
+/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
+ * any locking. */
+static void def_cleanup_cb(const void *a_void)
+	{
+	EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
+	sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
+	OPENSSL_free(item);
+	}
+
+/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
+ * given class. Handles locking. */
+static EX_CLASS_ITEM *def_get_class(int class_index)
+	{
+	EX_CLASS_ITEM d, *p, *gen;
+	EX_DATA_CHECK(return NULL;)
+	d.class_index = class_index;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	p = lh_retrieve(ex_data, &d);
+	if(!p)
 		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-		goto err;
+		gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
+		if(gen)
+			{
+			gen->class_index = class_index;
+			gen->meth_num = 0;
+			gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
+			if(!gen->meth)
+				OPENSSL_free(gen);
+			else
+				{
+				/* Because we're inside the ex_data lock, the
+				 * return value from the insert will be NULL */
+				lh_insert(ex_data, gen);
+				p = gen;
+				}
+			}
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	if(!p)
+		CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
+	return p;
+	}
+
+/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
+ * index (or -1 for error). Handles locking. */
+static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func)
+	{
+	int toret = -1;
+	CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
+					sizeof(CRYPTO_EX_DATA_FUNCS));
+	if(!a)
+		{
+		CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
+		return -1;
 		}
 	a->argl=argl;
 	a->argp=argp;
 	a->new_func=new_func;
 	a->dup_func=dup_func;
 	a->free_func=free_func;
-	while (sk_CRYPTO_EX_DATA_FUNCS_num(*skp) <= idx)
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
 		{
-		if (!sk_CRYPTO_EX_DATA_FUNCS_push(*skp,NULL))
+		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
 			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+			CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
 			OPENSSL_free(a);
 			goto err;
 			}
 		}
-	sk_CRYPTO_EX_DATA_FUNCS_set(*skp,idx, a);
-	ret=idx;
+	toret = item->meth_num++;
+	sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
 err:
-	MemCheck_on();
-	return(ret);
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
 	}
 
+/**************************************************************/
+/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
+
+static int int_new_class(void)
+	{
+	int toret;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	toret = ex_class++;
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
+	}
+
+static void int_cleanup(void)
+	{
+	EX_DATA_CHECK(return;)
+	lh_doall(ex_data, def_cleanup_cb);
+	lh_free(ex_data);
+	ex_data = NULL;
+	impl = NULL;
+	}
+
+static int int_get_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func)
+	{
+	EX_CLASS_ITEM *item = def_get_class(class_index);
+	if(!item)
+		return -1;
+	return def_add_index(item, argl, argp, new_func, dup_func, free_func);
+	}
+
+/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
+ * the lock, then using them outside the lock. NB: Thread-safety only applies to
+ * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
+ * itself. */
+static int int_new_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad)
+	{
+	int mx,i;
+	void *ptr;
+	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+	EX_CLASS_ITEM *item = def_get_class(class_index);
+	if(!item)
+		/* error is already set */
+		return 0;
+	ad->sk = NULL;
+	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+	if(mx > 0)
+		{
+		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+		if(!storage)
+			goto skip;
+		for(i = 0; i < mx; i++)
+			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+		}
+skip:
+	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+	if((mx > 0) && !storage)
+		{
+		CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	for(i = 0; i < mx; i++)
+		{
+		if(storage[i] && storage[i]->new_func)
+			{
+			ptr = CRYPTO_get_ex_data(ad, i);
+			storage[i]->new_func(obj,ptr,ad,i,
+				storage[i]->argl,storage[i]->argp);
+			}
+		}
+	if(storage)
+		OPENSSL_free(storage);
+	return 1;
+	}
+
+/* Same thread-safety notes as for "int_new_ex_data" */
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+		CRYPTO_EX_DATA *from)
+	{
+	int mx, j, i;
+	char *ptr;
+	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+	EX_CLASS_ITEM *item;
+	if(!from->sk)
+		/* 'to' should be "blank" which *is* just like 'from' */
+		return 1;
+	if((item = def_get_class(class_index)) == NULL)
+		return 0;
+	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+	j = sk_num(from->sk);
+	if(j < mx)
+		mx = j;
+	if(mx > 0)
+		{
+		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+		if(!storage)
+			goto skip;
+		for(i = 0; i < mx; i++)
+			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+		}
+skip:
+	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+	if((mx > 0) && !storage)
+		{
+		CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	for(i = 0; i < mx; i++)
+		{
+		ptr = CRYPTO_get_ex_data(from, i);
+		if(storage[i] && storage[i]->dup_func)
+			storage[i]->dup_func(to,from,&ptr,i,
+				storage[i]->argl,storage[i]->argp);
+		CRYPTO_set_ex_data(to,i,ptr);
+		}
+	if(storage)
+		OPENSSL_free(storage);
+	return 1;
+	}
+
+/* Same thread-safety notes as for "int_new_ex_data" */
+static void int_free_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad)
+	{
+	int mx,i;
+	EX_CLASS_ITEM *item;
+	void *ptr;
+	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+	if((item = def_get_class(class_index)) == NULL)
+		return;
+	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+	if(mx > 0)
+		{
+		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+		if(!storage)
+			goto skip;
+		for(i = 0; i < mx; i++)
+			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+		}
+skip:
+	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+	if((mx > 0) && !storage)
+		{
+		CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
+		return;
+		}
+	for(i = 0; i < mx; i++)
+		{
+		if(storage[i] && storage[i]->free_func)
+			{
+			ptr = CRYPTO_get_ex_data(ad,i);
+			storage[i]->free_func(obj,ptr,ad,i,
+				storage[i]->argl,storage[i]->argp);
+			}
+		}
+	if(storage)
+		OPENSSL_free(storage);
+	if(ad->sk)
+		{
+		sk_free(ad->sk);
+		ad->sk=NULL;
+		}
+	}
+
+/********************************************************************/
+/* API functions that defer all "state" operations to the "ex_data"
+ * implementation we have set. */
+
+/* Obtain an index for a new class (not the same as getting a new index within
+ * an existing class - this is actually getting a new *class*) */
+int CRYPTO_ex_data_new_class(void)
+	{
+	IMPL_CHECK
+	return EX_IMPL(new_class)();
+	}
+
+/* Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all). */
+void CRYPTO_cleanup_all_ex_data(void)
+	{
+	IMPL_CHECK
+	EX_IMPL(cleanup)();
+	}
+
+/* Inside an existing class, get/register a new index. */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func)
+	{
+	int ret = -1;
+
+	IMPL_CHECK
+	ret = EX_IMPL(get_new_index)(class_index,
+			argl, argp, new_func, dup_func, free_func);
+	return ret;
+	}
+
+/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+	{
+	IMPL_CHECK
+	return EX_IMPL(new_ex_data)(class_index, obj, ad);
+	}
+
+/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
+ * each index in the class used by this variable */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+	     CRYPTO_EX_DATA *from)
+	{
+	IMPL_CHECK
+	return EX_IMPL(dup_ex_data)(class_index, to, from);
+	}
+
+/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+	{
+	IMPL_CHECK
+	EX_IMPL(free_ex_data)(class_index, obj, ad);
+	}
+
+/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable */
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
 	{
 	int i;
@@ -131,7 +621,9 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
 	return(1);
 	}
 
-void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx)
+/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
 	{
 	if (ad->sk == NULL)
 		return(0);
@@ -141,83 +633,4 @@ void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx)
 		return(sk_value(ad->sk,idx));
 	}
 
-/* The callback is called with the 'object', which is the original data object
- * being duplicated, a pointer to the
- * 'new' object to be inserted, the index, and the argi/argp
- */
-int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to,
-	     CRYPTO_EX_DATA *from)
-	{
-	int i,j,m,r;
-	CRYPTO_EX_DATA_FUNCS *mm;
-	char *from_d;
-
-	if (meth == NULL) return(1);
-	if (from->sk == NULL) return(1);
-	m=sk_CRYPTO_EX_DATA_FUNCS_num(meth);
-	j=sk_num(from->sk);
-	for (i=0; i<j; i++)
-		{
-		from_d=CRYPTO_get_ex_data(from,i);
-		if (i < m)
-			{
-			mm=sk_CRYPTO_EX_DATA_FUNCS_value(meth,i);
-			if (mm->dup_func != NULL)
-				r=mm->dup_func(to,from,(char **)&from_d,i,
-					mm->argl,mm->argp);
-			}
-		CRYPTO_set_ex_data(to,i,from_d);
-		}
-	return(1);
-	}
-
-/* Call each free callback */
-void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad)
-	{
-	CRYPTO_EX_DATA_FUNCS *m;
-	void *ptr;
-	int i,max;
-
-	if (meth != NULL)
-		{
-		max=sk_CRYPTO_EX_DATA_FUNCS_num(meth);
-		for (i=0; i<max; i++)
-			{
-			m=sk_CRYPTO_EX_DATA_FUNCS_value(meth,i);
-			if ((m != NULL) && (m->free_func != NULL))
-				{
-				ptr=CRYPTO_get_ex_data(ad,i);
-				m->free_func(obj,ptr,ad,i,m->argl,m->argp);
-				}
-			}
-		}
-	if (ad->sk != NULL)
-		{
-		sk_free(ad->sk);
-		ad->sk=NULL;
-		}
-	}
-
-void CRYPTO_new_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad)
-	{
-	CRYPTO_EX_DATA_FUNCS *m;
-	void *ptr;
-	int i,max;
-
-	ad->sk=NULL;
-	if (meth != NULL)
-		{
-		max=sk_CRYPTO_EX_DATA_FUNCS_num(meth);
-		for (i=0; i<max; i++)
-			{
-			m=sk_CRYPTO_EX_DATA_FUNCS_value(meth,i);
-			if ((m != NULL) && (m->new_func != NULL))
-				{
-				ptr=CRYPTO_get_ex_data(ad,i);
-				m->new_func(obj,ptr,ad,i,m->argl,m->argp);
-				}
-			}
-		}
-	}
-
 IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/crypto/openssl/crypto/hmac/Makefile.ssl b/crypto/openssl/crypto/hmac/Makefile.ssl
index ed3c8c6..d48df05 100644
--- a/crypto/openssl/crypto/hmac/Makefile.ssl
+++ b/crypto/openssl/crypto/hmac/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,18 +79,23 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-hmac.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-hmac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
 hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c
index e1ec79e..4c91f91 100644
--- a/crypto/openssl/crypto/hmac/hmac.c
+++ b/crypto/openssl/crypto/hmac/hmac.c
@@ -59,9 +59,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/hmac.h>
+#include "cryptlib.h"
 
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-	       const EVP_MD *md)
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+		  const EVP_MD *md, ENGINE *impl)
 	{
 	int i,j,reset=0;
 	unsigned char pad[HMAC_MAX_MD_CBLOCK];
@@ -78,15 +79,17 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 		{
 		reset=1;
 		j=EVP_MD_block_size(md);
+		OPENSSL_assert(j <= sizeof ctx->key);
 		if (j < len)
 			{
-			EVP_DigestInit(&ctx->md_ctx,md);
+			EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
 			EVP_DigestUpdate(&ctx->md_ctx,key,len);
-			EVP_DigestFinal(&(ctx->md_ctx),ctx->key,
+			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
 				&ctx->key_length);
 			}
 		else
 			{
+			OPENSSL_assert(len <= sizeof ctx->key);
 			memcpy(ctx->key,key,len);
 			ctx->key_length=len;
 			}
@@ -99,21 +102,28 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 		{
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x36^ctx->key[i];
-		EVP_DigestInit(&ctx->i_ctx,md);
+		EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
 		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
 
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x5c^ctx->key[i];
-		EVP_DigestInit(&ctx->o_ctx,md);
+		EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
 		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
 		}
+	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+	}
 
-	memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx));
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md)
+	{
+	if(key && md)
+	    HMAC_CTX_init(ctx);
+	HMAC_Init_ex(ctx,key,len,md, NULL);
 	}
 
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
 	{
-	EVP_DigestUpdate(&(ctx->md_ctx),data,len);
+	EVP_DigestUpdate(&ctx->md_ctx,data,len);
 	}
 
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
@@ -124,15 +134,25 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 
 	j=EVP_MD_block_size(ctx->md);
 
-	EVP_DigestFinal(&(ctx->md_ctx),buf,&i);
-	memcpy(&(ctx->md_ctx),&(ctx->o_ctx),sizeof(ctx->o_ctx));
-	EVP_DigestUpdate(&(ctx->md_ctx),buf,i);
-	EVP_DigestFinal(&(ctx->md_ctx),md,len);
+	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+	EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+	EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+	}
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+	{
+	EVP_MD_CTX_init(&ctx->i_ctx);
+	EVP_MD_CTX_init(&ctx->o_ctx);
+	EVP_MD_CTX_init(&ctx->md_ctx);
 	}
 
-void HMAC_cleanup(HMAC_CTX *ctx)
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
 	{
-	memset(ctx,0,sizeof(HMAC_CTX));
+	EVP_MD_CTX_cleanup(&ctx->i_ctx);
+	EVP_MD_CTX_cleanup(&ctx->o_ctx);
+	EVP_MD_CTX_cleanup(&ctx->md_ctx);
+	memset(ctx,0,sizeof *ctx);
 	}
 
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
@@ -143,10 +163,11 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 	static unsigned char m[EVP_MAX_MD_SIZE];
 
 	if (md == NULL) md=m;
+	HMAC_CTX_init(&c);
 	HMAC_Init(&c,key,key_len,evp_md);
 	HMAC_Update(&c,d,n);
 	HMAC_Final(&c,md,md_len);
-	HMAC_cleanup(&c);
+	HMAC_CTX_cleanup(&c);
 	return(md);
 	}
 
diff --git a/crypto/openssl/crypto/hmac/hmac.h b/crypto/openssl/crypto/hmac/hmac.h
index 328bad2..0364a1f 100644
--- a/crypto/openssl/crypto/hmac/hmac.h
+++ b/crypto/openssl/crypto/hmac/hmac.h
@@ -58,7 +58,7 @@
 #ifndef HEADER_HMAC_H
 #define HEADER_HMAC_H
 
-#ifdef NO_HMAC
+#ifdef OPENSSL_NO_HMAC
 #error HMAC is disabled.
 #endif
 
@@ -83,11 +83,17 @@ typedef struct hmac_ctx_st
 #define HMAC_size(e)	(EVP_MD_size((e)->md))
 
 
+void HMAC_CTX_init(HMAC_CTX *ctx);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+
+#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
+
 void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-	       const EVP_MD *md);
+	       const EVP_MD *md); /* deprecated */
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+		  const EVP_MD *md, ENGINE *impl);
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-void HMAC_cleanup(HMAC_CTX *ctx);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 		    const unsigned char *d, int n, unsigned char *md,
 		    unsigned int *md_len);
diff --git a/crypto/openssl/crypto/hmac/hmactest.c b/crypto/openssl/crypto/hmac/hmactest.c
index 4b56b8e..1b906b8 100644
--- a/crypto/openssl/crypto/hmac/hmactest.c
+++ b/crypto/openssl/crypto/hmac/hmactest.c
@@ -60,7 +60,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_HMAC
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_HMAC
 int main(int argc, char *argv[])
 {
     printf("No HMAC support\n");
@@ -68,11 +70,15 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/hmac.h>
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
 #endif
 
+#ifndef OPENSSL_NO_MD5
 static struct test_st
 	{
 	unsigned char key[16];
@@ -112,13 +118,20 @@ static struct test_st
 		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
 	},
 	};
-
+#endif
 
 static char *pt(unsigned char *md);
 int main(int argc, char *argv[])
 	{
-	int i,err=0;
+#ifndef OPENSSL_NO_MD5
+	int i;
 	char *p;
+#endif
+	int err=0;
+
+#ifdef OPENSSL_NO_MD5
+	printf("test skipped: MD5 disabled\n");
+#else
 
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
@@ -143,10 +156,12 @@ int main(int argc, char *argv[])
 		else
 			printf("test %d ok\n",i);
 		}
-	exit(err);
+#endif /* OPENSSL_NO_MD5 */
+	EXIT(err);
 	return(0);
 	}
 
+#ifndef OPENSSL_NO_MD5
 static char *pt(unsigned char *md)
 	{
 	int i;
@@ -157,3 +172,4 @@ static char *pt(unsigned char *md)
 	return(buf);
 	}
 #endif
+#endif
diff --git a/crypto/openssl/crypto/idea/Makefile.ssl b/crypto/openssl/crypto/idea/Makefile.ssl
index d29bcd6..ca4b76f 100644
--- a/crypto/openssl/crypto/idea/Makefile.ssl
+++ b/crypto/openssl/crypto/idea/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -80,12 +80,12 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_cbc.o: idea_lcl.h
+i_cbc.o: i_cbc.c idea_lcl.h
 i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_cfb64.o: idea_lcl.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
 i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_ofb64.o: idea_lcl.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
 i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: idea_lcl.h
+i_skey.o: i_skey.c idea_lcl.h
diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/openssl/crypto/idea/idea.h
index f14adf8..6713241 100644
--- a/crypto/openssl/crypto/idea/idea.h
+++ b/crypto/openssl/crypto/idea/idea.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_IDEA_H
 #define HEADER_IDEA_H
 
-#ifdef NO_IDEA
+#ifdef OPENSSL_NO_IDEA
 #error IDEA is disabled.
 #endif
 
diff --git a/crypto/openssl/crypto/idea/idea_spd.c b/crypto/openssl/crypto/idea/idea_spd.c
index 301946b..48ffaff 100644
--- a/crypto/openssl/crypto/idea/idea_spd.c
+++ b/crypto/openssl/crypto/idea/idea_spd.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -289,7 +289,7 @@ int main(int argc, char **argv)
 	printf("IDEA raw ecb bytes   per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("IDEA cbc     bytes   per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/idea/ideatest.c b/crypto/openssl/crypto/idea/ideatest.c
index 64b9353..98f805d 100644
--- a/crypto/openssl/crypto/idea/ideatest.c
+++ b/crypto/openssl/crypto/idea/ideatest.c
@@ -60,7 +60,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_IDEA
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_IDEA
 int main(int argc, char *argv[])
 {
     printf("No IDEA support\n");
@@ -167,7 +169,7 @@ int main(int argc, char *argv[])
 	else
 		printf("ok\n");
 
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
 
diff --git a/crypto/openssl/crypto/krb5/Makefile.ssl b/crypto/openssl/crypto/krb5/Makefile.ssl
new file mode 100644
index 0000000..cc47c05
--- /dev/null
+++ b/crypto/openssl/crypto/krb5/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# OpenSSL/krb5/Makefile.ssl
+#
+
+DIR=	krb5
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+
+LIBOBJ= krb5_asn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= krb5_asn.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+krb5_asn.o: ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/crypto/openssl/crypto/krb5/krb5_asn.c b/crypto/openssl/crypto/krb5/krb5_asn.c
new file mode 100644
index 0000000..1fb741d
--- /dev/null
+++ b/crypto/openssl/crypto/krb5/krb5_asn.c
@@ -0,0 +1,167 @@
+/* krb5_asn.c */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/krb5_asn.h>
+
+
+ASN1_SEQUENCE(KRB5_ENCDATA) = {
+	ASN1_EXP(KRB5_ENCDATA, etype,		ASN1_INTEGER,	  0),
+	ASN1_EXP_OPT(KRB5_ENCDATA, kvno,	ASN1_INTEGER,	  1),
+	ASN1_EXP(KRB5_ENCDATA, cipher,		ASN1_OCTET_STRING,2)
+} ASN1_SEQUENCE_END(KRB5_ENCDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
+
+
+ASN1_SEQUENCE(KRB5_PRINCNAME) = {
+	ASN1_EXP(KRB5_PRINCNAME, nametype,	ASN1_INTEGER,	  0),
+	ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+
+
+/* [APPLICATION 1] = 0x61 */
+ASN1_SEQUENCE(KRB5_TKTBODY) = {
+	ASN1_EXP(KRB5_TKTBODY, tktvno,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_TKTBODY, realm, 		ASN1_GENERALSTRING, 1),
+	ASN1_EXP(KRB5_TKTBODY, sname,		KRB5_PRINCNAME,	  2),
+	ASN1_EXP(KRB5_TKTBODY, encdata,		KRB5_ENCDATA,	  3)
+} ASN1_SEQUENCE_END(KRB5_TKTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
+
+
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+			KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
+
+
+/* [APPLICATION 14] = 0x6e */
+ASN1_SEQUENCE(KRB5_APREQBODY) = {
+	ASN1_EXP(KRB5_APREQBODY, pvno,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_APREQBODY, msgtype,	ASN1_INTEGER,	  1),
+	ASN1_EXP(KRB5_APREQBODY, apoptions,	ASN1_BIT_STRING,  2),
+	ASN1_EXP(KRB5_APREQBODY, ticket, 	KRB5_TICKET,	  3),
+	ASN1_EXP(KRB5_APREQBODY, authenticator,	KRB5_ENCDATA,	  4),
+} ASN1_SEQUENCE_END(KRB5_APREQBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+			KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
+
+
+/*  Authenticator stuff 	*/
+
+ASN1_SEQUENCE(KRB5_CHECKSUM) = {
+	ASN1_EXP(KRB5_CHECKSUM, ctype,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_CHECKSUM, checksum,	ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+
+
+ASN1_SEQUENCE(KRB5_ENCKEY) = {
+	ASN1_EXP(KRB5_ENCKEY,	ktype,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_ENCKEY,	keyvalue,	ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_ENCKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
+
+
+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
+ASN1_SEQUENCE(KRB5_AUTHDATA) = {
+	ASN1_EXP(KRB5_AUTHDATA,	adtype,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_AUTHDATA,	addata, 	ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+
+
+/* [APPLICATION 2] = 0x62 */
+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
+	ASN1_EXP(KRB5_AUTHENTBODY,	avno,	ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_AUTHENTBODY,	crealm,	ASN1_GENERALSTRING, 1),
+	ASN1_EXP(KRB5_AUTHENTBODY,	cname,	KRB5_PRINCNAME,	  2),
+	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	cksum,	KRB5_CHECKSUM,	  3),
+	ASN1_EXP(KRB5_AUTHENTBODY,	cusec,	ASN1_INTEGER,	  4),
+	ASN1_EXP(KRB5_AUTHENTBODY,	ctime,	ASN1_GENERALIZEDTIME, 5),
+	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	subkey,	KRB5_ENCKEY,	  6),
+	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	seqnum,	ASN1_INTEGER,	  7),
+	ASN1_EXP_SEQUENCE_OF_OPT
+		    (KRB5_AUTHENTBODY,	authorization,	KRB5_AUTHDATA, 8),
+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+			KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
diff --git a/crypto/openssl/crypto/krb5/krb5_asn.h b/crypto/openssl/crypto/krb5/krb5_asn.h
new file mode 100644
index 0000000..3329477
--- /dev/null
+++ b/crypto/openssl/crypto/krb5/krb5_asn.h
@@ -0,0 +1,256 @@
+/* krb5_asn.h */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_KRB5_ASN_H
+#define HEADER_KRB5_ASN_H
+
+/*
+#include <krb5.h>
+*/
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/*	ASN.1 from Kerberos RFC 1510
+*/
+
+/*	EncryptedData ::=   SEQUENCE {
+**		etype[0]                      INTEGER, -- EncryptionType
+**		kvno[1]                       INTEGER OPTIONAL,
+**		cipher[2]                     OCTET STRING -- ciphertext
+**	}
+*/
+typedef	struct	krb5_encdata_st
+	{
+	ASN1_INTEGER			*etype;
+	ASN1_INTEGER			*kvno;
+	ASN1_OCTET_STRING		*cipher;
+	}	KRB5_ENCDATA;
+
+DECLARE_STACK_OF(KRB5_ENCDATA)
+
+/*	PrincipalName ::=   SEQUENCE {
+**		name-type[0]                  INTEGER,
+**		name-string[1]                SEQUENCE OF GeneralString
+**	}
+*/
+typedef	struct	krb5_princname_st
+	{
+	ASN1_INTEGER			*nametype;
+	STACK_OF(ASN1_GENERALSTRING)	*namestring;
+	}	KRB5_PRINCNAME;
+
+DECLARE_STACK_OF(KRB5_PRINCNAME)
+
+
+/*	Ticket ::=	[APPLICATION 1] SEQUENCE {
+**		tkt-vno[0]                    INTEGER,
+**		realm[1]                      Realm,
+**		sname[2]                      PrincipalName,
+**		enc-part[3]                   EncryptedData
+**	}
+*/
+typedef	struct	krb5_tktbody_st
+	{
+	ASN1_INTEGER			*tktvno;
+	ASN1_GENERALSTRING		*realm;
+	KRB5_PRINCNAME			*sname;
+	KRB5_ENCDATA			*encdata;
+	}	KRB5_TKTBODY;
+
+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
+DECLARE_STACK_OF(KRB5_TKTBODY)
+
+
+/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {
+**		pvno[0]                       INTEGER,
+**		msg-type[1]                   INTEGER,
+**		ap-options[2]                 APOptions,
+**		ticket[3]                     Ticket,
+**		authenticator[4]              EncryptedData
+**	}
+**
+**	APOptions ::=   BIT STRING {
+**		reserved(0), use-session-key(1), mutual-required(2) }
+*/
+typedef	struct	krb5_ap_req_st
+	{
+	ASN1_INTEGER			*pvno;
+	ASN1_INTEGER			*msgtype;
+	ASN1_BIT_STRING			*apoptions;
+	KRB5_TICKET			*ticket;
+	KRB5_ENCDATA			*authenticator;
+	}	KRB5_APREQBODY;
+
+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
+DECLARE_STACK_OF(KRB5_APREQBODY)
+
+
+/*	Authenticator Stuff	*/
+
+
+/*	Checksum ::=   SEQUENCE {
+**		cksumtype[0]                  INTEGER,
+**		checksum[1]                   OCTET STRING
+**	}
+*/
+typedef	struct	krb5_checksum_st
+	{
+	ASN1_INTEGER			*ctype;
+	ASN1_OCTET_STRING		*checksum;
+	}	KRB5_CHECKSUM;
+
+DECLARE_STACK_OF(KRB5_CHECKSUM)
+
+
+/*	EncryptionKey ::=   SEQUENCE {
+**		keytype[0]                    INTEGER,
+**		keyvalue[1]                   OCTET STRING
+**	}
+*/
+typedef struct  krb5_encryptionkey_st
+	{
+	ASN1_INTEGER			*ktype;
+	ASN1_OCTET_STRING		*keyvalue;
+	}	KRB5_ENCKEY;
+
+DECLARE_STACK_OF(KRB5_ENCKEY)
+
+
+/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {
+**		ad-type[0]                    INTEGER,
+**              ad-data[1]                    OCTET STRING
+**	}
+*/
+typedef struct	krb5_authorization_st
+	{
+	ASN1_INTEGER			*adtype;
+	ASN1_OCTET_STRING		*addata;
+	}	KRB5_AUTHDATA;
+
+DECLARE_STACK_OF(KRB5_AUTHDATA)
+
+			
+/*	-- Unencrypted authenticator
+**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {
+**		authenticator-vno[0]          INTEGER,
+**		crealm[1]                     Realm,
+**		cname[2]                      PrincipalName,
+**		cksum[3]                      Checksum OPTIONAL,
+**		cusec[4]                      INTEGER,
+**		ctime[5]                      KerberosTime,
+**		subkey[6]                     EncryptionKey OPTIONAL,
+**		seq-number[7]                 INTEGER OPTIONAL,
+**		authorization-data[8]         AuthorizationData OPTIONAL
+**	}
+*/
+typedef struct	krb5_authenticator_st
+	{
+	ASN1_INTEGER			*avno;
+	ASN1_GENERALSTRING		*crealm;
+	KRB5_PRINCNAME			*cname;
+	KRB5_CHECKSUM			*cksum;
+	ASN1_INTEGER			*cusec;
+	ASN1_GENERALIZEDTIME		*ctime;
+	KRB5_ENCKEY			*subkey;
+	ASN1_INTEGER			*seqnum;
+	KRB5_AUTHDATA			*authorization;
+	}	KRB5_AUTHENTBODY;
+
+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
+DECLARE_STACK_OF(KRB5_AUTHENTBODY)
+
+
+/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+**	type *name##_new(void);
+**	void name##_free(type *a);
+**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+**	  type *d2i_##name(type **a, unsigned char **in, long len);
+**	  int i2d_##name(type *a, unsigned char **out);
+**	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+*/
+
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
+
+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/lhash/Makefile.ssl b/crypto/openssl/crypto/lhash/Makefile.ssl
index 60bb6b1..1902e4a 100644
--- a/crypto/openssl/crypto/lhash/Makefile.ssl
+++ b/crypto/openssl/crypto/lhash/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,14 +79,15 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-lh_stats.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-lh_stats.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-lh_stats.o: ../cryptlib.h
+lh_stats.o: ../cryptlib.h lh_stats.c
 lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-lhash.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-lhash.o: ../../include/openssl/symhacks.h
+lhash.o: ../../include/openssl/symhacks.h lhash.c
diff --git a/crypto/openssl/crypto/lhash/lh_stats.c b/crypto/openssl/crypto/lhash/lh_stats.c
index ee06000..5aa7766 100644
--- a/crypto/openssl/crypto/lhash/lh_stats.c
+++ b/crypto/openssl/crypto/lhash/lh_stats.c
@@ -63,12 +63,12 @@
  * and things should work as expected */
 #include "cryptlib.h"
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/lhash.h>
 
-#ifdef NO_BIO
+#ifdef OPENSSL_NO_BIO
 
 void lh_stats(LHASH *lh, FILE *out)
 	{
@@ -88,7 +88,7 @@ void lh_stats(LHASH *lh, FILE *out)
 	fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
 	fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
 	fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#ifdef DEBUG
+#if 0
 	fprintf(out,"p                     = %u\n",lh->p);
 	fprintf(out,"pmax                  = %u\n",lh->pmax);
 	fprintf(out,"up_load               = %lu\n",lh->up_load);
@@ -138,8 +138,8 @@ void lh_node_usage_stats(LHASH *lh, FILE *out)
 
 #else
 
-#ifndef NO_FP_API
-void lh_stats(LHASH *lh, FILE *fp)
+#ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -151,7 +151,7 @@ void lh_stats(LHASH *lh, FILE *fp)
 end:;
 	}
 
-void lh_node_stats(LHASH *lh, FILE *fp)
+void lh_node_stats(const LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -163,7 +163,7 @@ void lh_node_stats(LHASH *lh, FILE *fp)
 end:;
 	}
 
-void lh_node_usage_stats(LHASH *lh, FILE *fp)
+void lh_node_usage_stats(const LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -177,76 +177,53 @@ end:;
 
 #endif
 
-void lh_stats_bio(LHASH *lh, BIO *out)
+void lh_stats_bio(const LHASH *lh, BIO *out)
 	{
-	char buf[128];
-
-	sprintf(buf,"num_items             = %lu\n",lh->num_items);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_nodes             = %u\n",lh->num_nodes);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_expands           = %lu\n",lh->num_expands);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_contracts         = %lu\n",lh->num_contracts);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_insert            = %lu\n",lh->num_insert);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_replace           = %lu\n",lh->num_replace);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_delete            = %lu\n",lh->num_delete);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_no_delete         = %lu\n",lh->num_no_delete);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_retrieve          = %lu\n",lh->num_retrieve);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-	BIO_puts(out,buf);
-#ifdef DEBUG
-	sprintf(buf,"p                     = %u\n",lh->p);
-	BIO_puts(out,buf);
-	sprintf(buf,"pmax                  = %u\n",lh->pmax);
-	BIO_puts(out,buf);
-	sprintf(buf,"up_load               = %lu\n",lh->up_load);
-	BIO_puts(out,buf);
-	sprintf(buf,"down_load             = %lu\n",lh->down_load);
-	BIO_puts(out,buf);
+	BIO_printf(out,"num_items             = %lu\n",lh->num_items);
+	BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
+	BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+	BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);
+	BIO_printf(out,"num_expand_reallocs   = %lu\n",
+		   lh->num_expand_reallocs);
+	BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);
+	BIO_printf(out,"num_contract_reallocs = %lu\n",
+		   lh->num_contract_reallocs);
+	BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+	BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+	BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);
+	BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);
+	BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);
+	BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
+	BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
+	BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+	BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+#if 0
+	BIO_printf(out,"p                     = %u\n",lh->p);
+	BIO_printf(out,"pmax                  = %u\n",lh->pmax);
+	BIO_printf(out,"up_load               = %lu\n",lh->up_load);
+	BIO_printf(out,"down_load             = %lu\n",lh->down_load);
 #endif
 	}
 
-void lh_node_stats_bio(LHASH *lh, BIO *out)
+void lh_node_stats_bio(const LHASH *lh, BIO *out)
 	{
 	LHASH_NODE *n;
 	unsigned int i,num;
-	char buf[128];
 
 	for (i=0; i<lh->num_nodes; i++)
 		{
 		for (n=lh->b[i],num=0; n != NULL; n=n->next)
 			num++;
-		sprintf(buf,"node %6u -> %3u\n",i,num);
-		BIO_puts(out,buf);
+		BIO_printf(out,"node %6u -> %3u\n",i,num);
 		}
 	}
 
-void lh_node_usage_stats_bio(LHASH *lh, BIO *out)
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
 	{
 	LHASH_NODE *n;
 	unsigned long num;
 	unsigned int i;
 	unsigned long total=0,n_used=0;
-	char buf[128];
 
 	for (i=0; i<lh->num_nodes; i++)
 		{
@@ -258,17 +235,14 @@ void lh_node_usage_stats_bio(LHASH *lh, BIO *out)
 			total+=num;
 			}
 		}
-	sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-	BIO_puts(out,buf);
-	sprintf(buf,"%lu items\n",total);
-	BIO_puts(out,buf);
+	BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+	BIO_printf(out,"%lu items\n",total);
 	if (n_used == 0) return;
-	sprintf(buf,"load %d.%02d  actual load %d.%02d\n",
-		(int)(total/lh->num_nodes),
-		(int)((total%lh->num_nodes)*100/lh->num_nodes),
-		(int)(total/n_used),
-		(int)((total%n_used)*100/n_used));
-	BIO_puts(out,buf);
+	BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",
+		   (int)(total/lh->num_nodes),
+		   (int)((total%lh->num_nodes)*100/lh->num_nodes),
+		   (int)(total/n_used),
+		   (int)((total%n_used)*100/n_used));
 	}
 
 #endif
diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c
index 7da1462..0a16fcf 100644
--- a/crypto/openssl/crypto/lhash/lhash.c
+++ b/crypto/openssl/crypto/lhash/lhash.c
@@ -109,9 +109,9 @@ const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
 
 static void expand(LHASH *lh);
 static void contract(LHASH *lh);
-static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash);
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
 
-LHASH *lh_new(unsigned long (*h)(), int (*c)())
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
 	{
 	LHASH *ret;
 	int i;
@@ -122,8 +122,8 @@ LHASH *lh_new(unsigned long (*h)(), int (*c)())
 		goto err1;
 	for (i=0; i<MIN_NODES; i++)
 		ret->b[i]=NULL;
-	ret->comp=((c == NULL)?(int (*)())strcmp:c);
-	ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h);
+	ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
+	ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
 	ret->num_nodes=MIN_NODES/2;
 	ret->num_alloc_nodes=MIN_NODES;
 	ret->p=0;
@@ -176,11 +176,11 @@ void lh_free(LHASH *lh)
 	OPENSSL_free(lh);
 	}
 
-void *lh_insert(LHASH *lh, void *data)
+void *lh_insert(LHASH *lh, const void *data)
 	{
 	unsigned long hash;
 	LHASH_NODE *nn,**rn;
-	void *ret;
+	const void *ret;
 
 	lh->error=0;
 	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
@@ -197,7 +197,7 @@ void *lh_insert(LHASH *lh, void *data)
 			}
 		nn->data=data;
 		nn->next=NULL;
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 		nn->hash=hash;
 #endif
 		*rn=nn;
@@ -211,14 +211,14 @@ void *lh_insert(LHASH *lh, void *data)
 		(*rn)->data=data;
 		lh->num_replace++;
 		}
-	return(ret);
+	return((void *)ret);
 	}
 
-void *lh_delete(LHASH *lh, void *data)
+void *lh_delete(LHASH *lh, const void *data)
 	{
 	unsigned long hash;
 	LHASH_NODE *nn,**rn;
-	void *ret;
+	const void *ret;
 
 	lh->error=0;
 	rn=getrn(lh,data,&hash);
@@ -242,14 +242,14 @@ void *lh_delete(LHASH *lh, void *data)
 		(lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
 		contract(lh);
 
-	return(ret);
+	return((void *)ret);
 	}
 
-void *lh_retrieve(LHASH *lh, void *data)
+void *lh_retrieve(LHASH *lh, const void *data)
 	{
 	unsigned long hash;
 	LHASH_NODE **rn;
-	void *ret;
+	const void *ret;
 
 	lh->error=0;
 	rn=getrn(lh,data,&hash);
@@ -264,15 +264,11 @@ void *lh_retrieve(LHASH *lh, void *data)
 		ret= (*rn)->data;
 		lh->num_retrieve++;
 		}
-	return(ret);
-	}
-
-void lh_doall(LHASH *lh, void (*func)())
-	{
-	lh_doall_arg(lh,func,NULL);
+	return((void *)ret);
 	}
 
-void lh_doall_arg(LHASH *lh, void (*func)(), void *arg)
+static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+			  LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
 	{
 	int i;
 	LHASH_NODE *a,*n;
@@ -287,12 +283,25 @@ void lh_doall_arg(LHASH *lh, void (*func)(), void *arg)
 			/* 28/05/91 - eay - n added so items can be deleted
 			 * via lh_doall */
 			n=a->next;
-			func(a->data,arg);
+			if(use_arg)
+				func_arg(a->data,arg);
+			else
+				func(a->data);
 			a=n;
 			}
 		}
 	}
 
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
+	{
+	doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+	}
+
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+	{
+	doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+	}
+
 static void expand(LHASH *lh)
 	{
 	LHASH_NODE **n,**n1,**n2,*np;
@@ -309,10 +318,10 @@ static void expand(LHASH *lh)
 	
 	for (np= *n1; np != NULL; )
 		{
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 		hash=np->hash;
 #else
-		hash=(*(lh->hash))(np->data);
+		hash=lh->hash(np->data);
 		lh->num_hash_calls++;
 #endif
 		if ((hash%nni) != p)
@@ -388,7 +397,7 @@ static void contract(LHASH *lh)
 		}
 	}
 
-static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash)
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
 	{
 	LHASH_NODE **ret,*n1;
 	unsigned long hash,nn;
@@ -406,7 +415,7 @@ static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash)
 	ret= &(lh->b[(int)nn]);
 	for (n1= *ret; n1 != NULL; n1=n1->next)
 		{
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 		lh->num_hash_comps++;
 		if (n1->hash != hash)
 			{
@@ -415,7 +424,7 @@ static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash)
 			}
 #endif
 		lh->num_comp_calls++;
-		if ((*cf)(n1->data,data) == 0)
+		if(cf(n1->data,data) == 0)
 			break;
 		ret= &(n1->next);
 		}
@@ -455,7 +464,7 @@ unsigned long lh_strhash(const char *c)
 	return((ret>>16)^ret);
 	}
 
-unsigned long lh_num_items(LHASH *lh)
+unsigned long lh_num_items(const LHASH *lh)
 	{
 	return lh ? lh->num_items : 0;
 	}
diff --git a/crypto/openssl/crypto/lhash/lhash.h b/crypto/openssl/crypto/lhash/lhash.h
index b8ff021..dee8207 100644
--- a/crypto/openssl/crypto/lhash/lhash.h
+++ b/crypto/openssl/crypto/lhash/lhash.h
@@ -63,11 +63,11 @@
 #ifndef HEADER_LHASH_H
 #define HEADER_LHASH_H
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 
@@ -77,18 +77,68 @@ extern "C" {
 
 typedef struct lhash_node_st
 	{
-	void *data;
+	const void *data;
 	struct lhash_node_st *next;
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 	unsigned long hash;
 #endif
 	} LHASH_NODE;
 
+typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
+typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
+typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *);
+
+/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
+ * This way, callbacks can be provided to LHASH structures without function
+ * pointer casting and the macro-defined callbacks provide per-variable casting
+ * before deferring to the underlying type-specific callbacks. NB: It is
+ * possible to place a "static" in front of both the DECLARE and IMPLEMENT
+ * macros if the functions are strictly internal. */
+
+/* First: "hash" functions */
+#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+	unsigned long f_name##_LHASH_HASH(const void *);
+#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+	unsigned long f_name##_LHASH_HASH(const void *arg) { \
+		o_type a = (o_type)arg; \
+		return f_name(a); }
+#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+
+/* Second: "compare" functions */
+#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+	int f_name##_LHASH_COMP(const void *, const void *);
+#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+	int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+		o_type a = (o_type)arg1; \
+		o_type b = (o_type)arg2; \
+		return f_name(a,b); }
+#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+
+/* Third: "doall" functions */
+#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+	void f_name##_LHASH_DOALL(const void *);
+#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+	void f_name##_LHASH_DOALL(const void *arg) { \
+		o_type a = (o_type)arg; \
+		f_name(a); }
+#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+
+/* Fourth: "doall_arg" functions */
+#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+	void f_name##_LHASH_DOALL_ARG(const void *, void *);
+#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+	void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \
+		o_type a = (o_type)arg1; \
+		a_type b = (a_type)arg2; \
+		f_name(a,b); }
+#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+
 typedef struct lhash_st
 	{
 	LHASH_NODE **b;
-	int (*comp)();
-	unsigned long (*hash)();
+	LHASH_COMP_FN_TYPE comp;
+	LHASH_HASH_FN_TYPE hash;
 	unsigned int num_nodes;
 	unsigned int num_alloc_nodes;
 	unsigned int p;
@@ -120,26 +170,26 @@ typedef struct lhash_st
  * in lh_insert(). */
 #define lh_error(lh)	((lh)->error)
 
-LHASH *lh_new(unsigned long (*h)(/* void *a */), int (*c)(/* void *a,void *b */));
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
 void lh_free(LHASH *lh);
-void *lh_insert(LHASH *lh, void *data);
-void *lh_delete(LHASH *lh, void *data);
-void *lh_retrieve(LHASH *lh, void *data);
-    void lh_doall(LHASH *lh, void (*func)(/*void *b*/));
-void lh_doall_arg(LHASH *lh, void (*func)(/*void *a,void *b*/),void *arg);
+void *lh_insert(LHASH *lh, const void *data);
+void *lh_delete(LHASH *lh, const void *data);
+void *lh_retrieve(LHASH *lh, const void *data);
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
 unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(LHASH *lh);
+unsigned long lh_num_items(const LHASH *lh);
 
-#ifndef NO_FP_API
-void lh_stats(LHASH *lh, FILE *out);
-void lh_node_stats(LHASH *lh, FILE *out);
-void lh_node_usage_stats(LHASH *lh, FILE *out);
+#ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const LHASH *lh, FILE *out);
 #endif
 
-#ifndef NO_BIO
-void lh_stats_bio(LHASH *lh, BIO *out);
-void lh_node_stats_bio(LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(LHASH *lh, BIO *out);
+#ifndef OPENSSL_NO_BIO
+void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
 #endif
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/md2/Makefile.ssl b/crypto/openssl/crypto/md2/Makefile.ssl
index cda8385..e5b3265 100644
--- a/crypto/openssl/crypto/md2/Makefile.ssl
+++ b/crypto/openssl/crypto/md2/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,12 +79,15 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
-md2_dgst.o: ../../include/openssl/opensslv.h
-md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_dgst.o: md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h
+md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c
diff --git a/crypto/openssl/crypto/md2/md2.h b/crypto/openssl/crypto/md2/md2.h
index a00bd16..ad92414 100644
--- a/crypto/openssl/crypto/md2/md2.h
+++ b/crypto/openssl/crypto/md2/md2.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_MD2_H
 #define HEADER_MD2_H
 
-#ifdef NO_MD2
+#ifdef OPENSSL_NO_MD2
 #error MD2 is disabled.
 #endif
 
@@ -80,9 +80,9 @@ typedef struct MD2state_st
 	} MD2_CTX;
 
 const char *MD2_options(void);
-void MD2_Init(MD2_CTX *c);
-void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
-void MD2_Final(unsigned char *md, MD2_CTX *c);
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
 unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md);
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/md2/md2_dgst.c b/crypto/openssl/crypto/md2/md2_dgst.c
index 608baef..ecb64f0 100644
--- a/crypto/openssl/crypto/md2/md2_dgst.c
+++ b/crypto/openssl/crypto/md2/md2_dgst.c
@@ -61,6 +61,7 @@
 #include <string.h>
 #include <openssl/md2.h>
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 
 const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
 
@@ -115,19 +116,20 @@ const char *MD2_options(void)
 		return("md2(int)");
 	}
 
-void MD2_Init(MD2_CTX *c)
+int MD2_Init(MD2_CTX *c)
 	{
 	c->num=0;
-	memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
-	memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
-	memset(c->data,0,MD2_BLOCK);
+	memset(c->state,0,sizeof c->state);
+	memset(c->cksm,0,sizeof c->cksm);
+	memset(c->data,0,sizeof c->data);
+	return 1;
 	}
 
-void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
 	{
 	register UCHAR *p;
 
-	if (len == 0) return;
+	if (len == 0) return 1;
 
 	p=c->data;
 	if (c->num != 0)
@@ -146,7 +148,7 @@ void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
 			memcpy(&(p[c->num]),data,(int)len);
 			/* data+=len; */
 			c->num+=(int)len;
-			return;
+			return 1;
 			}
 		}
 	/* we now can process the input data in blocks of MD2_BLOCK
@@ -159,6 +161,7 @@ void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
 		}
 	memcpy(p,data,(int)len);
 	c->num=(int)len;
+	return 1;
 	}
 
 static void md2_block(MD2_CTX *c, const unsigned char *d)
@@ -194,10 +197,10 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
 		t=(t+i)&0xff;
 		}
 	memcpy(sp1,state,16*sizeof(MD2_INT));
-	memset(state,0,48*sizeof(MD2_INT));
+	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
 	}
 
-void MD2_Final(unsigned char *md, MD2_CTX *c)
+int MD2_Final(unsigned char *md, MD2_CTX *c)
 	{
 	int i,v;
 	register UCHAR *cp;
@@ -219,5 +222,6 @@ void MD2_Final(unsigned char *md, MD2_CTX *c)
 	for (i=0; i<16; i++)
 		md[i]=(UCHAR)(p1[i]&0xff);
 	memset((char *)&c,0,sizeof(c));
+	return 1;
 	}
 
diff --git a/crypto/openssl/crypto/md2/md2_one.c b/crypto/openssl/crypto/md2/md2_one.c
index b12c37c..835160e 100644
--- a/crypto/openssl/crypto/md2/md2_one.c
+++ b/crypto/openssl/crypto/md2/md2_one.c
@@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD2_Final(md,&c);
-	memset(&c,0,sizeof(c));	/* Security consideration */
+	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
 	return(md);
 	}
diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c
index e3f4fb4..d2f6dce 100644
--- a/crypto/openssl/crypto/md2/md2test.c
+++ b/crypto/openssl/crypto/md2/md2test.c
@@ -59,15 +59,18 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/md2.h>
+
+#include "../e_os.h"
 
-#ifdef NO_MD2
+#ifdef OPENSSL_NO_MD2
 int main(int argc, char *argv[])
 {
     printf("No MD2 support\n");
     return(0);
 }
 #else
-#include <openssl/md2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -100,13 +103,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	char **P,**R;
 	char *p;
+	unsigned char md[MD2_DIGEST_LENGTH];
 
 	P=test;
 	R=ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+		EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL);
+		p=pt(md);
 		if (strcmp(p,*R) != 0)
 			{
 			printf("error calculating MD2 on '%s'\n",*P);
@@ -119,7 +124,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/openssl/crypto/md32_common.h
index ad7c419..573850b 100644
--- a/crypto/openssl/crypto/md32_common.h
+++ b/crypto/openssl/crypto/md32_common.h
@@ -1,6 +1,6 @@
 /* crypto/md32_common.h */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -179,7 +179,7 @@
  */
 #undef ROTATE
 #ifndef PEDANTIC
-# if defined(_MSC_VER)
+# if 0 /* defined(_MSC_VER) */
 #  define ROTATE(a,n)	_lrotl(a,n)
 # elif defined(__MWERKS__)
 #  if defined(__POWERPC__)
@@ -190,7 +190,7 @@
 #  else
 #   define ROTATE(a,n)	__rol(a,n)
 #  endif
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
   /*
    * Some GNU C inline assembler templates. Note that these are
    * rotates by *constant* number of bits! But that's exactly
@@ -198,7 +198,7 @@
    *
    * 					<appro@fy.chalmers.se>
    */
-#  if defined(__i386) || defined(__i386__)
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
 #   define ROTATE(a,n)	({ register unsigned int ret;	\
 				asm (			\
 				"roll %1,%0"		\
@@ -222,9 +222,9 @@
  * Engage compiler specific "fetch in reverse byte order"
  * intrinsic function if available.
  */
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
   /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
-#  if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+#  if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
 #   define BE_FETCH32(a)	({ register unsigned int l=(a);\
 				asm (			\
 				"bswapl %0"		\
@@ -240,7 +240,7 @@
 			   l;				\
 			})
 
-#  elif defined(__sparc) && defined(ULTRASPARC)
+#  elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
 #  define LE_FETCH32(a)	({ register unsigned int l;		\
 				asm (				\
 				"lda [%1]#ASI_PRIMARY_LITTLE,%0"\
@@ -410,14 +410,14 @@
  * Time for some action:-)
  */
 
-void HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
+int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
 	{
 	const unsigned char *data=data_;
 	register HASH_LONG * p;
 	register unsigned long l;
 	int sw,sc,ew,ec;
 
-	if (len==0) return;
+	if (len==0) return 1;
 
 	l=(c->Nl+(len<<3))&0xffffffffL;
 	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
@@ -456,7 +456,10 @@ void HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
 				{
 				ew=(c->num>>2);
 				ec=(c->num&0x03);
-				l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+				if (sc)
+					l=p[sw];
+				HOST_p_c2l(data,l,sc);
+				p[sw++]=l;
 				for (; sw < ew; sw++)
 					{
 					HOST_c2l(data,l); p[sw]=l;
@@ -466,7 +469,7 @@ void HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
 					HOST_c2l_p(data,l,ec); p[sw]=l;
 					}
 				}
-			return;
+			return 1;
 			}
 		}
 
@@ -520,6 +523,7 @@ void HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
 		HOST_c2l_p(data,l,ec);
 		*p=l;
 		}
+	return 1;
 	}
 
 
@@ -543,7 +547,7 @@ void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
 	}
 
 
-void HASH_FINAL (unsigned char *md, HASH_CTX *c)
+int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	{
 	register HASH_LONG *p;
 	register unsigned long l;
@@ -602,6 +606,32 @@ void HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	c->num=0;
 	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
 	 * but I'm not worried :-)
-	memset((void *)c,0,sizeof(HASH_CTX));
+	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
 	 */
+	return 1;
 	}
+
+#ifndef MD32_REG_T
+#define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents* 
+ * performance degradation.
+ *				<appro@fy.chalmers.se>
+ * Apparently there're LP64 compilers that generate better
+ * code if A-D are declared int. Most notably GCC-x86_64
+ * generates better code.
+ *				<appro@fy.chalmers.se>
+ */
+#endif
diff --git a/crypto/openssl/crypto/md4/Makefile.ssl b/crypto/openssl/crypto/md4/Makefile.ssl
index bc38bad..4d2d736 100644
--- a/crypto/openssl/crypto/md4/Makefile.ssl
+++ b/crypto/openssl/crypto/md4/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -40,8 +41,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -69,7 +69,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -80,6 +80,12 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
-md4_one.o: ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md4_one.o: md4_one.c
diff --git a/crypto/openssl/crypto/md4/md4.c b/crypto/openssl/crypto/md4/md4.c
index e4b0aac..2ac2d91 100644
--- a/crypto/openssl/crypto/md4/md4.c
+++ b/crypto/openssl/crypto/md4/md4.c
@@ -108,7 +108,7 @@ void do_fp(FILE *f)
 	MD4_Init(&c);
 	for (;;)
 		{
-		i=read(fd,buf,BUFSIZE);
+		i=read(fd,buf,sizeof buf);
 		if (i <= 0) break;
 		MD4_Update(&c,buf,(unsigned long)i);
 		}
diff --git a/crypto/openssl/crypto/md4/md4.h b/crypto/openssl/crypto/md4/md4.h
index c794e18..7a7b236 100644
--- a/crypto/openssl/crypto/md4/md4.h
+++ b/crypto/openssl/crypto/md4/md4.h
@@ -59,11 +59,13 @@
 #ifndef HEADER_MD4_H
 #define HEADER_MD4_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef NO_MD4
+#ifdef OPENSSL_NO_MD4
 #error MD4 is disabled.
 #endif
 
@@ -74,9 +76,9 @@ extern "C" {
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
 
-#if defined(WIN16) || defined(__LP32__)
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
 #define MD4_LONG unsigned long
-#elif defined(_CRAY) || defined(__ILP64__)
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define MD4_LONG unsigned long
 #define MD4_LONG_LOG2 3
 /*
@@ -102,9 +104,9 @@ typedef struct MD4state_st
 	int num;
 	} MD4_CTX;
 
-void MD4_Init(MD4_CTX *c);
-void MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
-void MD4_Final(unsigned char *md, MD4_CTX *c);
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
 unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
 void MD4_Transform(MD4_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
diff --git a/crypto/openssl/crypto/md4/md4_dgst.c b/crypto/openssl/crypto/md4/md4_dgst.c
index 81488ae..7afb718 100644
--- a/crypto/openssl/crypto/md4/md4_dgst.c
+++ b/crypto/openssl/crypto/md4/md4_dgst.c
@@ -70,7 +70,7 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-void MD4_Init(MD4_CTX *c)
+int MD4_Init(MD4_CTX *c)
 	{
 	c->A=INIT_DATA_A;
 	c->B=INIT_DATA_B;
@@ -79,27 +79,14 @@ void MD4_Init(MD4_CTX *c)
 	c->Nl=0;
 	c->Nh=0;
 	c->num=0;
+	return 1;
 	}
 
 #ifndef md4_block_host_order
 void md4_block_host_order (MD4_CTX *c, const void *data, int num)
 	{
 	const MD4_LONG *X=data;
-	register unsigned long A,B,C,D;
-	/*
-	 * In case you wonder why A-D are declared as long and not
-	 * as MD4_LONG. Doing so results in slight performance
-	 * boost on LP64 architectures. The catch is we don't
-	 * really care if 32 MSBs of a 64-bit register get polluted
-	 * with eventual overflows as we *save* only 32 LSBs in
-	 * *either* case. Now declaring 'em long excuses the compiler
-	 * from keeping 32 MSBs zeroed resulting in 13% performance
-	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
-	 * Well, to be honest it should say that this *prevents* 
-	 * performance degradation.
-	 *
-	 *				<appro@fy.chalmers.se>
-	 */
+	register unsigned MD32_REG_T A,B,C,D;
 
 	A=c->A;
 	B=c->B;
@@ -175,25 +162,11 @@ void md4_block_host_order (MD4_CTX *c, const void *data, int num)
 void md4_block_data_order (MD4_CTX *c, const void *data_, int num)
 	{
 	const unsigned char *data=data_;
-	register unsigned long A,B,C,D,l;
-	/*
-	 * In case you wonder why A-D are declared as long and not
-	 * as MD4_LONG. Doing so results in slight performance
-	 * boost on LP64 architectures. The catch is we don't
-	 * really care if 32 MSBs of a 64-bit register get polluted
-	 * with eventual overflows as we *save* only 32 LSBs in
-	 * *either* case. Now declaring 'em long excuses the compiler
-	 * from keeping 32 MSBs zeroed resulting in 13% performance
-	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
-	 * Well, to be honest it should say that this *prevents* 
-	 * performance degradation.
-	 *
-	 *				<appro@fy.chalmers.se>
-	 */
+	register unsigned MD32_REG_T A,B,C,D,l;
 #ifndef MD32_XARRAY
 	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
 # define X(i)	XX##i
 #else
 	MD4_LONG XX[MD4_LBLOCK];
diff --git a/crypto/openssl/crypto/md4/md4_one.c b/crypto/openssl/crypto/md4/md4_one.c
index 87a995d..0056550 100644
--- a/crypto/openssl/crypto/md4/md4_one.c
+++ b/crypto/openssl/crypto/md4/md4_one.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/md4.h>
+#include <openssl/crypto.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -89,7 +90,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD4_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/openssl/crypto/md4/md4test.c b/crypto/openssl/crypto/md4/md4test.c
index 97e6e21..21a77d9 100644
--- a/crypto/openssl/crypto/md4/md4test.c
+++ b/crypto/openssl/crypto/md4/md4test.c
@@ -60,13 +60,16 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_MD4
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD4
 int main(int argc, char *argv[])
 {
     printf("No MD4 support\n");
     return(0);
 }
 #else
+#include <openssl/evp.h>
 #include <openssl/md4.h>
 
 static char *test[]={
@@ -96,13 +99,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD4_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD4 on '%s'\n",*P);
@@ -115,7 +120,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl
index e5ec4a2..e28bb92 100644
--- a/crypto/openssl/crypto/md5/Makefile.ssl
+++ b/crypto/openssl/crypto/md5/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -50,8 +51,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -118,7 +118,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -129,6 +129,12 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
-md5_one.o: ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md5_one.o: md5_one.c
diff --git a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S b/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
index ca4257f..a599ed5 100644
--- a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
+++ b/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
@@ -24,12 +24,12 @@
  *
  * To compile with SC4.x/SC5.x:
  *
- *	cc -xarch=v[9|8plus] -DULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *	cc -xarch=v[9|8plus] -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \
  *		-c md5-sparcv9.S
  *
  * and with gcc:
  *
- *	gcc -mcpu=ultrasparc -DULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *	gcc -mcpu=ultrasparc -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \
  *		-c md5-sparcv9.S
  *
  * or if above fails (it does if you have gas):
@@ -72,7 +72,7 @@
 #define Dval	R8
 
 #if defined(MD5_BLOCK_DATA_ORDER)
-# if defined(ULTRASPARC)
+# if defined(OPENSSL_SYSNAME_ULTRASPARC)
 #  define	LOAD			lda
 #  define	X(i)			[%i1+i*4]%asi
 #  define	md5_block		md5_block_asm_data_order_aligned
@@ -1012,7 +1012,7 @@ md5_block:
 	st	B,[Bptr]
 	nop				!=
 
-#ifdef	ULTRASPARC
+#ifdef	OPENSSL_SYSNAME_ULTRASPARC
 	bg,a,pt	%icc,.Lmd5_block_loop
 #else
 	bg,a	.Lmd5_block_loop
diff --git a/crypto/openssl/crypto/md5/md5.h b/crypto/openssl/crypto/md5/md5.h
index d10bc83..cfdbf03 100644
--- a/crypto/openssl/crypto/md5/md5.h
+++ b/crypto/openssl/crypto/md5/md5.h
@@ -59,11 +59,13 @@
 #ifndef HEADER_MD5_H
 #define HEADER_MD5_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef NO_MD5
+#ifdef OPENSSL_NO_MD5
 #error MD5 is disabled.
 #endif
 
@@ -74,9 +76,9 @@ extern "C" {
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
 
-#if defined(WIN16) || defined(__LP32__)
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
 #define MD5_LONG unsigned long
-#elif defined(_CRAY) || defined(__ILP64__)
+#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__)
 #define MD5_LONG unsigned long
 #define MD5_LONG_LOG2 3
 /*
@@ -102,9 +104,9 @@ typedef struct MD5state_st
 	int num;
 	} MD5_CTX;
 
-void MD5_Init(MD5_CTX *c);
-void MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
-void MD5_Final(unsigned char *md, MD5_CTX *c);
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
 unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
diff --git a/crypto/openssl/crypto/md5/md5_dgst.c b/crypto/openssl/crypto/md5/md5_dgst.c
index 23d196b..9c7abc3 100644
--- a/crypto/openssl/crypto/md5/md5_dgst.c
+++ b/crypto/openssl/crypto/md5/md5_dgst.c
@@ -70,7 +70,7 @@ const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-void MD5_Init(MD5_CTX *c)
+int MD5_Init(MD5_CTX *c)
 	{
 	c->A=INIT_DATA_A;
 	c->B=INIT_DATA_B;
@@ -79,27 +79,14 @@ void MD5_Init(MD5_CTX *c)
 	c->Nl=0;
 	c->Nh=0;
 	c->num=0;
+	return 1;
 	}
 
 #ifndef md5_block_host_order
 void md5_block_host_order (MD5_CTX *c, const void *data, int num)
 	{
 	const MD5_LONG *X=data;
-	register unsigned long A,B,C,D;
-	/*
-	 * In case you wonder why A-D are declared as long and not
-	 * as MD5_LONG. Doing so results in slight performance
-	 * boost on LP64 architectures. The catch is we don't
-	 * really care if 32 MSBs of a 64-bit register get polluted
-	 * with eventual overflows as we *save* only 32 LSBs in
-	 * *either* case. Now declaring 'em long excuses the compiler
-	 * from keeping 32 MSBs zeroed resulting in 13% performance
-	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
-	 * Well, to be honest it should say that this *prevents* 
-	 * performance degradation.
-	 *
-	 *				<appro@fy.chalmers.se>
-	 */
+	register unsigned MD32_REG_T A,B,C,D;
 
 	A=c->A;
 	B=c->B;
@@ -192,25 +179,11 @@ void md5_block_host_order (MD5_CTX *c, const void *data, int num)
 void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
 	{
 	const unsigned char *data=data_;
-	register unsigned long A,B,C,D,l;
-	/*
-	 * In case you wonder why A-D are declared as long and not
-	 * as MD5_LONG. Doing so results in slight performance
-	 * boost on LP64 architectures. The catch is we don't
-	 * really care if 32 MSBs of a 64-bit register get polluted
-	 * with eventual overflows as we *save* only 32 LSBs in
-	 * *either* case. Now declaring 'em long excuses the compiler
-	 * from keeping 32 MSBs zeroed resulting in 13% performance
-	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
-	 * Well, to be honest it should say that this *prevents* 
-	 * performance degradation.
-	 *
-	 *				<appro@fy.chalmers.se>
-	 */
+	register unsigned MD32_REG_T A,B,C,D,l;
 #ifndef MD32_XARRAY
 	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
 # define X(i)	XX##i
 #else
 	MD5_LONG XX[MD5_LBLOCK];
diff --git a/crypto/openssl/crypto/md5/md5_locl.h b/crypto/openssl/crypto/md5/md5_locl.h
index f35d6f1..9e360da 100644
--- a/crypto/openssl/crypto/md5/md5_locl.h
+++ b/crypto/openssl/crypto/md5/md5_locl.h
@@ -58,7 +58,7 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include <openssl/opensslconf.h>
+#include <openssl/e_os2.h>
 #include <openssl/md5.h>
 
 #ifndef MD5_LONG_LOG2
@@ -68,7 +68,7 @@
 #ifdef MD5_ASM
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
 #  define md5_block_host_order md5_block_asm_host_order
-# elif defined(__sparc) && defined(ULTRASPARC)
+# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
    void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
 #  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
 # endif
diff --git a/crypto/openssl/crypto/md5/md5_one.c b/crypto/openssl/crypto/md5/md5_one.c
index b89dec8..c5dd2d8 100644
--- a/crypto/openssl/crypto/md5/md5_one.c
+++ b/crypto/openssl/crypto/md5/md5_one.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/md5.h>
+#include <openssl/crypto.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -89,7 +90,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD5_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/openssl/crypto/md5/md5test.c b/crypto/openssl/crypto/md5/md5test.c
index 6bd8656..bfd6262 100644
--- a/crypto/openssl/crypto/md5/md5test.c
+++ b/crypto/openssl/crypto/md5/md5test.c
@@ -60,13 +60,16 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_MD5
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD5
 int main(int argc, char *argv[])
 {
     printf("No MD5 support\n");
     return(0);
 }
 #else
+#include <openssl/evp.h>
 #include <openssl/md5.h>
 
 static char *test[]={
@@ -96,13 +99,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD5_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD5 on '%s'\n",*P);
@@ -115,7 +120,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
diff --git a/crypto/openssl/crypto/mdc2/Makefile.ssl b/crypto/openssl/crypto/mdc2/Makefile.ssl
index 4b1b3e3..387d7f8 100644
--- a/crypto/openssl/crypto/mdc2/Makefile.ssl
+++ b/crypto/openssl/crypto/mdc2/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,13 +79,20 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-mdc2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-mdc2_one.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-mdc2_one.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-mdc2_one.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
 mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-mdc2_one.o: ../cryptlib.h
-mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2dgst.o: mdc2dgst.c
diff --git a/crypto/openssl/crypto/mdc2/mdc2.h b/crypto/openssl/crypto/mdc2/mdc2.h
index 5da8da7..793a8a0 100644
--- a/crypto/openssl/crypto/mdc2/mdc2.h
+++ b/crypto/openssl/crypto/mdc2/mdc2.h
@@ -65,7 +65,7 @@
 extern "C" {
 #endif
 
-#ifdef NO_MDC2
+#ifdef OPENSSL_NO_MDC2
 #error MDC2 is disabled.
 #endif
 
@@ -76,14 +76,14 @@ typedef struct mdc2_ctx_st
 	{
 	int num;
 	unsigned char data[MDC2_BLOCK];
-	des_cblock h,hh;
+	DES_cblock h,hh;
 	int pad_type; /* either 1 or 2, default 1 */
 	} MDC2_CTX;
 
 
-void MDC2_Init(MDC2_CTX *c);
-void MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len);
-void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
 unsigned char *MDC2(const unsigned char *d, unsigned long n,
 	unsigned char *md);
 
diff --git a/crypto/openssl/crypto/mdc2/mdc2_one.c b/crypto/openssl/crypto/mdc2/mdc2_one.c
index 6cd141b..37f06c8 100644
--- a/crypto/openssl/crypto/mdc2/mdc2_one.c
+++ b/crypto/openssl/crypto/mdc2/mdc2_one.c
@@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
 	MDC2_Init(&c);
 	MDC2_Update(&c,d,n);
         MDC2_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/openssl/crypto/mdc2/mdc2dgst.c b/crypto/openssl/crypto/mdc2/mdc2dgst.c
index 84c6c45..32daa9b 100644
--- a/crypto/openssl/crypto/mdc2/mdc2dgst.c
+++ b/crypto/openssl/crypto/mdc2/mdc2dgst.c
@@ -75,15 +75,16 @@
 			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
 
 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len);
-void MDC2_Init(MDC2_CTX *c)
+int MDC2_Init(MDC2_CTX *c)
 	{
 	c->num=0;
 	c->pad_type=1;
 	memset(&(c->h[0]),0x52,MDC2_BLOCK);
 	memset(&(c->hh[0]),0x25,MDC2_BLOCK);
+	return 1;
 	}
 
-void MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len)
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len)
 	{
 	int i,j;
 
@@ -95,7 +96,7 @@ void MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len)
 			/* partial block */
 			memcpy(&(c->data[i]),in,(int)len);
 			c->num+=(int)len;
-			return;
+			return 1;
 			}
 		else
 			{
@@ -116,6 +117,7 @@ void MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len)
 		memcpy(&(c->data[0]),&(in[i]),j);
 		c->num=j;
 		}
+	return 1;
 	}
 
 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len)
@@ -123,7 +125,7 @@ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len)
 	register DES_LONG tin0,tin1;
 	register DES_LONG ttin0,ttin1;
 	DES_LONG d[2],dd[2];
-	des_key_schedule k;
+	DES_key_schedule k;
 	unsigned char *p;
 	unsigned int i;
 
@@ -134,13 +136,13 @@ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len)
 		c->h[0]=(c->h[0]&0x9f)|0x40;
 		c->hh[0]=(c->hh[0]&0x9f)|0x20;
 
-		des_set_odd_parity(&c->h);
-		des_set_key_unchecked(&c->h,k);
-		des_encrypt1(d,k,1);
+		DES_set_odd_parity(&c->h);
+		DES_set_key_unchecked(&c->h,&k);
+		DES_encrypt1(d,&k,1);
 
-		des_set_odd_parity(&c->hh);
-		des_set_key_unchecked(&c->hh,k);
-		des_encrypt1(dd,k,1);
+		DES_set_odd_parity(&c->hh);
+		DES_set_key_unchecked(&c->hh,&k);
+		DES_encrypt1(dd,&k,1);
 
 		ttin0=tin0^dd[0];
 		ttin1=tin1^dd[1];
@@ -156,7 +158,7 @@ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len)
 		}
 	}
 
-void MDC2_Final(unsigned char *md, MDC2_CTX *c)
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
 	{
 	int i,j;
 
@@ -171,6 +173,7 @@ void MDC2_Final(unsigned char *md, MDC2_CTX *c)
 		}
 	memcpy(md,(char *)c->h,MDC2_BLOCK);
 	memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
+	return 1;
 	}
 
 #undef TEST
diff --git a/crypto/openssl/crypto/mdc2/mdc2test.c b/crypto/openssl/crypto/mdc2/mdc2test.c
index 46c25ae..c9abe99 100644
--- a/crypto/openssl/crypto/mdc2/mdc2test.c
+++ b/crypto/openssl/crypto/mdc2/mdc2test.c
@@ -60,17 +60,20 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(NO_DES) && !defined(NO_MDC2)
-#define NO_MDC2
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
+#define OPENSSL_NO_MDC2
 #endif
 
-#ifdef NO_MDC2
+#ifdef OPENSSL_NO_MDC2
 int main(int argc, char *argv[])
 {
     printf("No MDC2 support\n");
     return(0);
 }
 #else
+#include <openssl/evp.h>
 #include <openssl/mdc2.h>
 
 #ifdef CHARSET_EBCDIC
@@ -92,16 +95,17 @@ int main(int argc, char *argv[])
 	int ret=0;
 	unsigned char md[MDC2_DIGEST_LENGTH];
 	int i;
-	MDC2_CTX c;
+	EVP_MD_CTX c;
 	static char *text="Now is the time for all ";
 
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(text,text,strlen(text));
 #endif
 
-	MDC2_Init(&c);
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_MD_CTX_init(&c);
+	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -116,10 +120,11 @@ int main(int argc, char *argv[])
 	else
 		printf("pad1 - ok\n");
 
-	MDC2_Init(&c);
-	c.pad_type=2;
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+	/* FIXME: use a ctl function? */
+	((MDC2_CTX *)c.md_data)->pad_type=2;
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -134,7 +139,8 @@ int main(int argc, char *argv[])
 	else
 		printf("pad2 - ok\n");
 
-	exit(ret);
+	EVP_MD_CTX_cleanup(&c);
+	EXIT(ret);
 	return(ret);
 	}
 #endif
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index 9df2a36..d7d3cda 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -70,14 +70,36 @@ static int allow_customize_debug = 1;/* exchanging memory-related functions at
                                       * problems when malloc/free pairs
                                       * don't match etc. */
 
-/* may be changed as long as `allow_customize' is set */
-static void *(*malloc_locked_func)(size_t)  = malloc;
-static void (*free_locked_func)(void *)     = free;
+
+
+/* the following pointers may be changed as long as 'allow_customize' is set */
+
 static void *(*malloc_func)(size_t)         = malloc;
+static void *default_malloc_ex(size_t num, const char *file, int line)
+	{ return malloc_func(num); }
+static void *(*malloc_ex_func)(size_t, const char *file, int line)
+        = default_malloc_ex;
+
 static void *(*realloc_func)(void *, size_t)= realloc;
+static void *default_realloc_ex(void *str, size_t num,
+        const char *file, int line)
+	{ return realloc_func(str,num); }
+static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
+        = default_realloc_ex;
+
 static void (*free_func)(void *)            = free;
 
-/* may be changed as long as `allow_customize_debug' is set */
+static void *(*malloc_locked_func)(size_t)  = malloc;
+static void *default_malloc_locked_ex(size_t num, const char *file, int line)
+	{ return malloc_locked_func(num); }
+static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
+        = default_malloc_locked_ex;
+
+static void (*free_locked_func)(void *)     = free;
+
+
+
+/* may be changed as long as 'allow_customize_debug' is set */
 /* XXX use correct function pointer types */
 #ifdef CRYPTO_MDEBUG
 /* use default functions from mem_dbg.c */
@@ -105,12 +127,29 @@ int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
 	{
 	if (!allow_customize)
 		return 0;
-	if ((m == NULL) || (r == NULL) || (f == NULL))
+	if ((m == 0) || (r == 0) || (f == 0))
+		return 0;
+	malloc_func=m; malloc_ex_func=default_malloc_ex;
+	realloc_func=r; realloc_ex_func=default_realloc_ex;
+	free_func=f;
+	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
+	free_locked_func=f;
+	return 1;
+	}
+
+int CRYPTO_set_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void *(*r)(void *, size_t,const char *,int),
+	void (*f)(void *))
+	{
+	if (!allow_customize)
+		return 0;
+	if ((m == 0) || (r == 0) || (f == 0))
 		return 0;
-	malloc_func=m;
-	realloc_func=r;
+	malloc_func=0; malloc_ex_func=m;
+	realloc_func=0; realloc_ex_func=r;
 	free_func=f;
-	malloc_locked_func=m;
+	malloc_locked_func=0; malloc_locked_ex_func=m;
 	free_locked_func=f;
 	return 1;
 	}
@@ -121,11 +160,24 @@ int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
 		return 0;
 	if ((m == NULL) || (f == NULL))
 		return 0;
-	malloc_locked_func=m;
+	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
 	free_locked_func=f;
 	return 1;
 	}
 
+int CRYPTO_set_locked_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void (*f)(void *))
+	{
+	if (!allow_customize)
+		return 0;
+	if ((m == NULL) || (f == NULL))
+		return 0;
+	malloc_locked_func=0; malloc_locked_ex_func=m;
+	free_func=f;
+	return 1;
+	}
+
 int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
 				   void (*r)(void *,void *,int,const char *,int,int),
 				   void (*f)(void *,int),
@@ -142,17 +194,42 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
 	return 1;
 	}
 
+
 void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
 	void (**f)(void *))
 	{
-	if (m != NULL) *m=malloc_func;
-	if (r != NULL) *r=realloc_func;
+	if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? 
+	                     malloc_func : 0;
+	if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? 
+	                     realloc_func : 0;
+	if (f != NULL) *f=free_func;
+	}
+
+void CRYPTO_get_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void *(**r)(void *, size_t,const char *,int),
+	void (**f)(void *))
+	{
+	if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
+	                    malloc_ex_func : 0;
+	if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
+	                    realloc_ex_func : 0;
 	if (f != NULL) *f=free_func;
 	}
 
 void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
 	{
-	if (m != NULL) *m=malloc_locked_func;
+	if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? 
+	                     malloc_locked_func : 0;
+	if (f != NULL) *f=free_locked_func;
+	}
+
+void CRYPTO_get_locked_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void (**f)(void *))
+	{
+	if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
+	                    malloc_locked_ex_func : 0;
 	if (f != NULL) *f=free_locked_func;
 	}
 
@@ -173,6 +250,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	{
 	void *ret = NULL;
+	extern unsigned char cleanse_ctr;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -180,13 +258,19 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
 		allow_customize_debug = 0;
 		malloc_debug_func(NULL, num, file, line, 0);
 		}
-	ret = malloc_locked_func(num);
-#ifdef LEVITTE_DEBUG
-	fprintf(stderr, "LEVITTE_DEBUG:         > 0x%p (%d)\n", ret, num);
+	ret = malloc_locked_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
 #endif
 	if (malloc_debug_func != NULL)
 		malloc_debug_func(ret, num, file, line, 1);
 
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+		((unsigned char *)ret)[0] = cleanse_ctr;
+
 	return ret;
 	}
 
@@ -194,8 +278,8 @@ void CRYPTO_free_locked(void *str)
 	{
 	if (free_debug_func != NULL)
 		free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG
-	fprintf(stderr, "LEVITTE_DEBUG:         < 0x%p\n", str);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
 #endif
 	free_locked_func(str);
 	if (free_debug_func != NULL)
@@ -205,6 +289,7 @@ void CRYPTO_free_locked(void *str)
 void *CRYPTO_malloc(int num, const char *file, int line)
 	{
 	void *ret = NULL;
+	extern unsigned char cleanse_ctr;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -212,13 +297,19 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 		allow_customize_debug = 0;
 		malloc_debug_func(NULL, num, file, line, 0);
 		}
-	ret = malloc_func(num);
-#ifdef LEVITTE_DEBUG
-	fprintf(stderr, "LEVITTE_DEBUG:         > 0x%p (%d)\n", ret, num);
+	ret = malloc_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
 #endif
 	if (malloc_debug_func != NULL)
 		malloc_debug_func(ret, num, file, line, 1);
 
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+
 	return ret;
 	}
 
@@ -228,12 +319,34 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
 
 	if (str == NULL)
 		return CRYPTO_malloc(num, file, line);
+	if (realloc_debug_func != NULL)
+		realloc_debug_func(str, NULL, num, file, line, 0);
+	ret = realloc_ex_func(str,num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+#endif
+	if (realloc_debug_func != NULL)
+		realloc_debug_func(str, ret, num, file, line, 1);
+
+	return ret;
+	}
 
+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
+			   int line)
+	{
+	void *ret = NULL;
+
+	if (str == NULL)
+		return CRYPTO_malloc(num, file, line);
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);
-	ret = realloc_func(str,num);
-#ifdef LEVITTE_DEBUG
-	fprintf(stderr, "LEVITTE_DEBUG:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+	ret=malloc_ex_func(num,file,line);
+	if(ret)
+		memcpy(ret,str,old_len);
+	OPENSSL_cleanse(str,old_len);
+	free_func(str);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
 #endif
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, ret, num, file, line, 1);
@@ -245,8 +358,8 @@ void CRYPTO_free(void *str)
 	{
 	if (free_debug_func != NULL)
 		free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG
-	fprintf(stderr, "LEVITTE_DEBUG:         < 0x%p\n", str);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
 #endif
 	free_func(str);
 	if (free_debug_func != NULL)
@@ -260,7 +373,6 @@ void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
 	return(a);
 	}
 
-
 void CRYPTO_set_mem_debug_options(long bits)
 	{
 	if (set_debug_options_func != NULL)
diff --git a/crypto/openssl/crypto/mem_clr.c b/crypto/openssl/crypto/mem_clr.c
new file mode 100644
index 0000000..e4b7f54
--- /dev/null
+++ b/crypto/openssl/crypto/mem_clr.c
@@ -0,0 +1,75 @@
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+	{
+	unsigned char *p = ptr;
+	size_t loop = len;
+	while(loop--)
+		{
+		*(p++) = cleanse_ctr;
+		cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
+		}
+	if(memchr(ptr, cleanse_ctr, len))
+		cleanse_ctr += 63;
+	}
diff --git a/crypto/openssl/crypto/mem_dbg.c b/crypto/openssl/crypto/mem_dbg.c
index ef19d8f..57bd08f 100644
--- a/crypto/openssl/crypto/mem_dbg.c
+++ b/crypto/openssl/crypto/mem_dbg.c
@@ -102,6 +102,8 @@ typedef struct app_mem_info_st
 	int references;
 	} APP_INFO;
 
+static void app_info_free(APP_INFO *);
+
 static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
                           * that are at the top of their thread's stack
                           * (with `thread' as key);
@@ -140,6 +142,18 @@ static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
                                             * thread named in disabling_thread).
                                             */
 
+static void app_info_free(APP_INFO *inf)
+	{
+	if (--(inf->references) <= 0)
+		{
+		if (inf->next != NULL)
+			{
+			app_info_free(inf->next);
+			}
+		OPENSSL_free(inf);
+		}
+	}
+
 int CRYPTO_mem_ctrl(int mode)
 	{
 	int ret=mh_mode;
@@ -235,37 +249,43 @@ long CRYPTO_dbg_get_options(void)
 	return options;
 	}
 
-static int mem_cmp(MEM *a, MEM *b)
+/* static int mem_cmp(MEM *a, MEM *b) */
+static int mem_cmp(const void *a_void, const void *b_void)
 	{
-	return((char *)a->addr - (char *)b->addr);
+	return((const char *)((const MEM *)a_void)->addr
+		- (const char *)((const MEM *)b_void)->addr);
 	}
 
-static unsigned long mem_hash(MEM *a)
+/* static unsigned long mem_hash(MEM *a) */
+static unsigned long mem_hash(const void *a_void)
 	{
 	unsigned long ret;
 
-	ret=(unsigned long)a->addr;
+	ret=(unsigned long)((const MEM *)a_void)->addr;
 
 	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
 	return(ret);
 	}
 
-static int app_info_cmp(APP_INFO *a, APP_INFO *b)
+/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
+static int app_info_cmp(const void *a_void, const void *b_void)
 	{
-	return(a->thread != b->thread);
+	return(((const APP_INFO *)a_void)->thread
+		!= ((const APP_INFO *)b_void)->thread);
 	}
 
-static unsigned long app_info_hash(APP_INFO *a)
+/* static unsigned long app_info_hash(APP_INFO *a) */
+static unsigned long app_info_hash(const void *a_void)
 	{
 	unsigned long ret;
 
-	ret=(unsigned long)a->thread;
+	ret=(unsigned long)((const APP_INFO *)a_void)->thread;
 
 	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
 	return(ret);
 	}
 
-static APP_INFO *pop_info()
+static APP_INFO *pop_info(void)
 	{
 	APP_INFO tmp;
 	APP_INFO *ret = NULL;
@@ -282,7 +302,7 @@ static APP_INFO *pop_info()
 				next->references++;
 				lh_insert(amih,(char *)next);
 				}
-#ifdef LEVITTE_DEBUG
+#ifdef LEVITTE_DEBUG_MEM
 			if (ret->thread != tmp.thread)
 				{
 				fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
@@ -318,7 +338,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
 			}
 		if (amih == NULL)
 			{
-			if ((amih=lh_new(app_info_hash,app_info_cmp)) == NULL)
+			if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
 				{
 				OPENSSL_free(ami);
 				ret=0;
@@ -335,7 +355,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
 
 		if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
 			{
-#ifdef LEVITTE_DEBUG
+#ifdef LEVITTE_DEBUG_MEM
 			if (ami->thread != amim->thread)
 				{
 				fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
@@ -411,7 +431,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
 				}
 			if (mh == NULL)
 				{
-				if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
+				if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
 					{
 					OPENSSL_free(addr);
 					OPENSSL_free(m);
@@ -435,8 +455,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
 				m->order=order;
 				}
 			m->order=order++;
-#ifdef LEVITTE_DEBUG
-			fprintf(stderr, "LEVITTE_DEBUG: [%5d] %c 0x%p (%d)\n",
+#ifdef LEVITTE_DEBUG_MEM
+			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
 				m->order,
 				(before_p & 128) ? '*' : '+',
 				m->addr, m->num);
@@ -491,14 +511,12 @@ void CRYPTO_dbg_free(void *addr, int before_p)
 			mp=(MEM *)lh_delete(mh,(char *)&m);
 			if (mp != NULL)
 				{
-#ifdef LEVITTE_DEBUG
-			fprintf(stderr, "LEVITTE_DEBUG: [%5d] - 0x%p (%d)\n",
+#ifdef LEVITTE_DEBUG_MEM
+			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
 				mp->order, mp->addr, mp->num);
 #endif
 				if (mp->app_info != NULL)
-					{
-					mp->app_info->references--;
-					}
+					app_info_free(mp->app_info);
 				OPENSSL_free(mp);
 				}
 
@@ -516,8 +534,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
 	{
 	MEM m,*mp;
 
-#ifdef LEVITTE_DEBUG
-	fprintf(stderr, "LEVITTE_DEBUG: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
 		addr1, addr2, num, file, line, before_p);
 #endif
 
@@ -543,8 +561,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
 			mp=(MEM *)lh_delete(mh,(char *)&m);
 			if (mp != NULL)
 				{
-#ifdef LEVITTE_DEBUG
-				fprintf(stderr, "LEVITTE_DEBUG: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+#ifdef LEVITTE_DEBUG_MEM
+				fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
 					mp->order,
 					mp->addr, mp->num,
 					addr2, num);
@@ -570,7 +588,7 @@ typedef struct mem_leak_st
 	long bytes;
 	} MEM_LEAK;
 
-static void print_leak(MEM *m, MEM_LEAK *l)
+static void print_leak(const MEM *m, MEM_LEAK *l)
 	{
 	char buf[1024];
 	char *bufp = buf;
@@ -646,7 +664,7 @@ static void print_leak(MEM *m, MEM_LEAK *l)
 		}
 	while(amip && amip->thread == ti);
 		
-#ifdef LEVITTE_DEBUG
+#ifdef LEVITTE_DEBUG_MEM
 	if (amip)
 		{
 		fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
@@ -655,10 +673,11 @@ static void print_leak(MEM *m, MEM_LEAK *l)
 #endif
 	}
 
+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
+
 void CRYPTO_mem_leaks(BIO *b)
 	{
 	MEM_LEAK ml;
-	char buf[80];
 
 	if (mh == NULL && amih == NULL)
 		return;
@@ -669,12 +688,12 @@ void CRYPTO_mem_leaks(BIO *b)
 	ml.bytes=0;
 	ml.chunks=0;
 	if (mh != NULL)
-		lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
+		lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
+				(char *)&ml);
 	if (ml.chunks != 0)
 		{
-		sprintf(buf,"%ld bytes leaked in %d chunks\n",
-			ml.bytes,ml.chunks);
-		BIO_puts(b,buf);
+		BIO_printf(b,"%ld bytes leaked in %d chunks\n",
+			   ml.bytes,ml.chunks);
 		}
 	else
 		{
@@ -722,14 +741,19 @@ void CRYPTO_mem_leaks(BIO *b)
 	MemCheck_on(); /* release MALLOC2 lock */
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *fp)
 	{
 	BIO *b;
 
 	if (mh == NULL) return;
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		return;
+	/* Need to turn off memory checking when allocated BIOs ... especially
+	 * as we're creating them at a time when we're trying to check we've not
+	 * left anything un-free()'d!! */
+	MemCheck_off();
+	b = BIO_new(BIO_s_file());
+	MemCheck_on();
+	if(!b) return;
 	BIO_set_fp(b,fp,BIO_NOCLOSE);
 	CRYPTO_mem_leaks(b);
 	BIO_free(b);
@@ -741,16 +765,20 @@ void CRYPTO_mem_leaks_fp(FILE *fp)
 /* FIXME: We really don't allow much to the callback.  For example, it has
    no chance of reaching the info stack for the item it processes.  Should
    it really be this way?  -- Richard Levitte */
-static void cb_leak(MEM *m,
-		    void (**cb)(unsigned long, const char *, int, int, void *))
+/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
+ * If this code is restructured, remove the callback type if it is no longer
+ * needed. -- Geoff Thorpe */
+static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
 	{
 	(**cb)(m->order,m->file,m->line,m->num,m->addr);
 	}
 
-void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *))
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
+
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
 	{
 	if (mh == NULL) return;
 	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-	lh_doall_arg(mh,(void (*)())cb_leak,(void *)&cb);
+	lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
 	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
 	}
diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c
new file mode 100644
index 0000000..1bc0297
--- /dev/null
+++ b/crypto/openssl/crypto/o_time.c
@@ -0,0 +1,203 @@
+/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include "o_time.h"
+
+#ifdef OPENSSL_SYS_VMS
+# include <libdtdef.h>
+# include <lib$routines.h>
+# include <lnmdef.h>
+# include <starlet.h>
+# include <descrip.h>
+# include <stdlib.h>
+#endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+	{
+	struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
+	/* should return &data, but doesn't on some systems,
+	   so we don't even look at the return value */
+	gmtime_r(timer,result);
+	ts = result;
+#elif !defined(OPENSSL_SYS_VMS)
+	ts = gmtime(timer);
+	memcpy(result, ts, sizeof(struct tm));
+	ts = result;
+#endif
+#ifdef OPENSSL_SYS_VMS
+	if (ts == NULL)
+		{
+		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
+		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
+		char logvalue[256];
+		unsigned int reslen = 0;
+		struct {
+			short buflen;
+			short code;
+			void *bufaddr;
+			unsigned int *reslen;
+		} itemlist[] = {
+			{ 0, LNM$_STRING, 0, 0 },
+			{ 0, 0, 0, 0 },
+		};
+		int status;
+		time_t t;
+
+		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+		itemlist[0].buflen = sizeof(logvalue);
+		itemlist[0].bufaddr = logvalue;
+		itemlist[0].reslen = &reslen;
+		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+		if (!(status & 1))
+			return NULL;
+		logvalue[reslen] = '\0';
+
+		/* Get the numerical value of the equivalence string */
+		status = atoi(logvalue);
+
+		/* and use it to move time to GMT */
+		t = *timer - status;
+
+		/* then convert the result to the time structure */
+#ifndef OPENSSL_THREADS
+		ts=(struct tm *)localtime(&t);
+#else
+		/* Since there was no gmtime_r() to do this stuff for us,
+		   we have to do it the hard way. */
+		{
+		/* The VMS epoch is the astronomical Smithsonian date,
+		   if I remember correctly, which is November 17, 1858.
+		   Furthermore, time is measure in thenths of microseconds
+		   and stored in quadwords (64 bit integers).  unix_epoch
+		   below is January 1st 1970 expressed as a VMS time.  The
+		   following code was used to get this number:
+
+		   #include <stdio.h>
+		   #include <stdlib.h>
+		   #include <lib$routines.h>
+		   #include <starlet.h>
+
+		   main()
+		   {
+		     unsigned long systime[2];
+		     unsigned short epoch_values[7] =
+		       { 1970, 1, 1, 0, 0, 0, 0 };
+
+		     lib$cvt_vectim(epoch_values, systime);
+
+		     printf("%u %u", systime[0], systime[1]);
+		   }
+		*/
+		unsigned long unix_epoch[2] = { 1273708544, 8164711 };
+		unsigned long deltatime[2];
+		unsigned long systime[2];
+		struct vms_vectime
+			{
+			short year, month, day, hour, minute, second,
+				centi_second;
+			} time_values;
+		long operation;
+
+		/* Turn the number of seconds since January 1st 1970 to
+		   an internal delta time.
+		   Note that lib$cvt_to_internal_time() will assume
+		   that t is signed, and will therefore break on 32-bit
+		   systems some time in 2038.
+		*/
+		operation = LIB$K_DELTA_SECONDS;
+		status = lib$cvt_to_internal_time(&operation,
+			&t, deltatime);
+
+		/* Add the delta time with the Unix epoch and we have
+		   the current UTC time in internal format */
+		status = lib$add_times(unix_epoch, deltatime, systime);
+
+		/* Turn the internal time into a time vector */
+		status = sys$numtim(&time_values, systime);
+
+		/* Fill in the struct tm with the result */
+		result->tm_sec = time_values.second;
+		result->tm_min = time_values.minute;
+		result->tm_hour = time_values.hour;
+		result->tm_mday = time_values.day;
+		result->tm_mon = time_values.month - 1;
+		result->tm_year = time_values.year - 1900;
+
+		operation = LIB$K_DAY_OF_WEEK;
+		status = lib$cvt_from_internal_time(&operation,
+			&result->tm_wday, systime);
+		result->tm_wday %= 7;
+
+		operation = LIB$K_DAY_OF_YEAR;
+		status = lib$cvt_from_internal_time(&operation,
+			&result->tm_yday, systime);
+		result->tm_yday--;
+
+		result->tm_isdst = 0; /* There's no way to know... */
+
+		ts = result;
+#endif
+		}
+		}
+#endif
+	return ts;
+	}	
diff --git a/crypto/openssl/crypto/o_time.h b/crypto/openssl/crypto/o_time.h
new file mode 100644
index 0000000..e660446
--- /dev/null
+++ b/crypto/openssl/crypto/o_time.h
@@ -0,0 +1,66 @@
+/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_TIME_H
+#define HEADER_O_TIME_H
+
+#include <time.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+
+#endif
diff --git a/crypto/openssl/crypto/objects/Makefile.ssl b/crypto/openssl/crypto/objects/Makefile.ssl
index 7b1c51c..1f5d213 100644
--- a/crypto/openssl/crypto/objects/Makefile.ssl
+++ b/crypto/openssl/crypto/objects/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	objects
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 PERL=		perl
@@ -40,8 +41,7 @@ all:	obj_dat.h lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 obj_dat.h: obj_dat.pl obj_mac.h
@@ -76,7 +76,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -89,32 +89,35 @@ clean:
 
 o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-o_names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-o_names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-o_names.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-obj_dat.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-obj_dat.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-obj_dat.o: ../cryptlib.h obj_dat.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
 obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-obj_err.o: ../../include/openssl/symhacks.h
-obj_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-obj_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+obj_err.o: ../../include/openssl/symhacks.h obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-obj_lib.o: ../cryptlib.h
+obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c
diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/openssl/crypto/objects/o_names.c
index 5eaf95b..b4453b4 100644
--- a/crypto/openssl/crypto/objects/o_names.c
+++ b/crypto/openssl/crypto/objects/o_names.c
@@ -5,6 +5,18 @@
 #include <openssl/lhash.h>
 #include <openssl/objects.h>
 #include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+
+/* Later versions of DEC C has started to add lnkage information to certain
+ * functions, which makes it tricky to use them as values to regular function
+ * pointers.  One way is to define a macro that takes care of casting them
+ * correctly.
+ */
+#ifdef OPENSSL_SYS_VMS_DECC
+# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
+#else
+# define OPENSSL_strcmp strcmp
+#endif
 
 /* I use the ex_data stuff to manage the identifiers for the obj_name_types
  * that applications may define.  I only really use the free function field.
@@ -14,9 +26,9 @@ static int names_type_num=OBJ_NAME_TYPE_NUM;
 
 typedef struct name_funcs_st
 	{
-	unsigned long (*hash_func)();
-	int (*cmp_func)();
-	void (*free_func)();
+	unsigned long (*hash_func)(const char *name);
+	int (*cmp_func)(const char *a,const char *b);
+	void (*free_func)(const char *, int, const char *);
 	} NAME_FUNCS;
 
 DECLARE_STACK_OF(NAME_FUNCS)
@@ -24,20 +36,26 @@ IMPLEMENT_STACK_OF(NAME_FUNCS)
 
 static STACK_OF(NAME_FUNCS) *name_funcs_stack;
 
-static unsigned long obj_name_hash(OBJ_NAME *a);
-static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b);
+/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
+ * casting in the functions. This prevents function pointer casting without the
+ * need for macro-generated wrapper functions. */
+
+/* static unsigned long obj_name_hash(OBJ_NAME *a); */
+static unsigned long obj_name_hash(const void *a_void);
+/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
+static int obj_name_cmp(const void *a_void,const void *b_void);
 
 int OBJ_NAME_init(void)
 	{
 	if (names_lh != NULL) return(1);
 	MemCheck_off();
-	names_lh=lh_new(obj_name_hash,obj_name_cmp);
+	names_lh=lh_new(obj_name_hash, obj_name_cmp);
 	MemCheck_on();
 	return(names_lh != NULL);
 	}
 
 int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-	int (*cmp_func)(const void *, const void *),
+	int (*cmp_func)(const char *, const char *),
 	void (*free_func)(const char *, int, const char *))
 	{
 	int ret;
@@ -64,12 +82,12 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 		MemCheck_on();
 		if (!name_funcs) return(0);
 		name_funcs->hash_func = lh_strhash;
-		name_funcs->cmp_func = (int (*)())strcmp;
+		name_funcs->cmp_func = OPENSSL_strcmp;
 		name_funcs->free_func = 0; /* NULL is often declared to
-					    * ((void *)0), which according
-					    * to Compaq C is not really
-					    * compatible with a function
-					    * pointer.  -- Richard Levitte*/
+						* ((void *)0), which according
+						* to Compaq C is not really
+						* compatible with a function
+						* pointer.	-- Richard Levitte*/
 		MemCheck_off();
 		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
 		MemCheck_on();
@@ -84,9 +102,12 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 	return(ret);
 	}
 
-static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b)
+/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
+static int obj_name_cmp(const void *a_void, const void *b_void)
 	{
 	int ret;
+	OBJ_NAME *a = (OBJ_NAME *)a_void;
+	OBJ_NAME *b = (OBJ_NAME *)b_void;
 
 	ret=a->type-b->type;
 	if (ret == 0)
@@ -94,8 +115,8 @@ static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b)
 		if ((name_funcs_stack != NULL)
 			&& (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
 			{
-			ret=sk_NAME_FUNCS_value(name_funcs_stack,a->type)
-				->cmp_func(a->name,b->name);
+			ret=sk_NAME_FUNCS_value(name_funcs_stack,
+				a->type)->cmp_func(a->name,b->name);
 			}
 		else
 			ret=strcmp(a->name,b->name);
@@ -103,14 +124,16 @@ static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b)
 	return(ret);
 	}
 
-static unsigned long obj_name_hash(OBJ_NAME *a)
+/* static unsigned long obj_name_hash(OBJ_NAME *a) */
+static unsigned long obj_name_hash(const void *a_void)
 	{
 	unsigned long ret;
+	OBJ_NAME *a = (OBJ_NAME *)a_void;
 
 	if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
 		{
-		ret=sk_NAME_FUNCS_value(name_funcs_stack,a->type)
-			->hash_func(a->name);
+		ret=sk_NAME_FUNCS_value(name_funcs_stack,
+			a->type)->hash_func(a->name);
 		}
 	else
 		{
@@ -135,7 +158,7 @@ const char *OBJ_NAME_get(const char *name, int type)
 	on.type=type;
 
 	for (;;)
-		{
+	{
 		ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
 		if (ret == NULL) return(NULL);
 		if ((ret->alias) && !alias)
@@ -182,8 +205,8 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
 			 * function should get three arguments...
 			 * -- Richard Levitte
 			 */
-			sk_NAME_FUNCS_value(name_funcs_stack,ret->type)
-				->free_func(ret->name,ret->type,ret->data);
+			sk_NAME_FUNCS_value(name_funcs_stack,
+				ret->type)->free_func(ret->name,ret->type,ret->data);
 			}
 		OPENSSL_free(ret);
 		}
@@ -217,8 +240,8 @@ int OBJ_NAME_remove(const char *name, int type)
 			 * function should get three arguments...
 			 * -- Richard Levitte
 			 */
-			sk_NAME_FUNCS_value(name_funcs_stack,ret->type)
-				->free_func(ret->name,ret->type,ret->data);
+			sk_NAME_FUNCS_value(name_funcs_stack,
+				ret->type)->free_func(ret->name,ret->type,ret->data);
 			}
 		OPENSSL_free(ret);
 		return(1);
@@ -227,12 +250,82 @@ int OBJ_NAME_remove(const char *name, int type)
 		return(0);
 	}
 
+struct doall
+	{
+	int type;
+	void (*fn)(const OBJ_NAME *,void *arg);
+	void *arg;
+	};
+
+static void do_all_fn(const OBJ_NAME *name,struct doall *d)
+	{
+	if(name->type == d->type)
+		d->fn(name,d->arg);
+	}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
+
+void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
+	{
+	struct doall d;
+
+	d.type=type;
+	d.fn=fn;
+	d.arg=arg;
+
+	lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
+	}
+
+struct doall_sorted
+	{
+	int type;
+	int n;
+	const OBJ_NAME **names;
+	};
+
+static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
+	{
+	struct doall_sorted *d=d_;
+
+	if(name->type != d->type)
+		return;
+
+	d->names[d->n++]=name;
+	}
+
+static int do_all_sorted_cmp(const void *n1_,const void *n2_)
+	{
+	const OBJ_NAME * const *n1=n1_;
+	const OBJ_NAME * const *n2=n2_;
+
+	return strcmp((*n1)->name,(*n2)->name);
+	}
+
+void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+				void *arg)
+	{
+	struct doall_sorted d;
+	int n;
+
+	d.type=type;
+	d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
+	d.n=0;
+	OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
+
+	qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
+
+	for(n=0 ; n < d.n ; ++n)
+		fn(d.names[n],arg);
+
+	OPENSSL_free((void *)d.names);
+	}
+
 static int free_type;
 
-static void names_lh_free(OBJ_NAME *onp, int type)
+static void names_lh_free(OBJ_NAME *onp)
 {
 	if(onp == NULL)
-	    return;
+		return;
 
 	if ((free_type < 0) || (free_type == onp->type))
 		{
@@ -240,6 +333,8 @@ static void names_lh_free(OBJ_NAME *onp, int type)
 		}
 	}
 
+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
+
 static void name_funcs_free(NAME_FUNCS *ptr)
 	{
 	OPENSSL_free(ptr);
@@ -255,7 +350,7 @@ void OBJ_NAME_cleanup(int type)
 	down_load=names_lh->down_load;
 	names_lh->down_load=0;
 
-	lh_doall(names_lh,names_lh_free);
+	lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
 	if (type < 0)
 		{
 		lh_free(names_lh);
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c
index 41fdf6e..5d983e3 100644
--- a/crypto/openssl/crypto/objects/obj_dat.c
+++ b/crypto/openssl/crypto/objects/obj_dat.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef NO_OBJECT
+#ifndef OPENSSL_NO_OBJECT
 #include "obj_dat.h"
 #else
 /* You will have to load all the objects needed manually in the application */
@@ -108,12 +108,14 @@ static int ln_cmp(const void *a, const void *b)
 	return(strcmp((*ap)->ln,(*bp)->ln));
 	}
 
-static unsigned long add_hash(ADDED_OBJ *ca)
+/* static unsigned long add_hash(ADDED_OBJ *ca) */
+static unsigned long add_hash(const void *ca_void)
 	{
-	ASN1_OBJECT *a;
+	const ASN1_OBJECT *a;
 	int i;
 	unsigned long ret=0;
 	unsigned char *p;
+	ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
 
 	a=ca->obj;
 	switch (ca->type)
@@ -142,10 +144,13 @@ static unsigned long add_hash(ADDED_OBJ *ca)
 	return(ret);
 	}
 
-static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb)
+/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
+static int add_cmp(const void *ca_void, const void *cb_void)
 	{
 	ASN1_OBJECT *a,*b;
 	int i;
+	ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
+	ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;
 
 	i=ca->type-cb->type;
 	if (i) return(i);
@@ -171,7 +176,6 @@ static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb)
 		/* abort(); */
 		return 0;
 		}
-	return(1); /* should not get here */
 	}
 
 static int init_added(void)
@@ -199,13 +203,17 @@ static void cleanup3(ADDED_OBJ *a)
 	OPENSSL_free(a);
 	}
 
+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+
 void OBJ_cleanup(void)
 	{
 	if (added == NULL) return;
 	added->down_load=0;
-	lh_doall(added,cleanup1); /* zero counters */
-	lh_doall(added,cleanup2); /* set counters */
-	lh_doall(added,cleanup3); /* free objects */
+	lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
+	lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
+	lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
 	lh_free(added);
 	added=NULL;
 	}
@@ -219,7 +227,7 @@ int OBJ_new_nid(int num)
 	return(i);
 	}
 
-int OBJ_add_object(ASN1_OBJECT *obj)
+int OBJ_add_object(const ASN1_OBJECT *obj)
 	{
 	ASN1_OBJECT *o;
 	ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
@@ -355,7 +363,7 @@ const char *OBJ_nid2ln(int n)
 		}
 	}
 
-int OBJ_obj2nid(ASN1_OBJECT *a)
+int OBJ_obj2nid(const ASN1_OBJECT *a)
 	{
 	ASN1_OBJECT **op;
 	ADDED_OBJ ad,*adp;
@@ -368,7 +376,7 @@ int OBJ_obj2nid(ASN1_OBJECT *a)
 	if (added != NULL)
 		{
 		ad.type=ADDED_DATA;
-		ad.obj=a;
+		ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
 		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
@@ -417,12 +425,12 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
 	a2d_ASN1_OBJECT(p,i,s,-1);
 	
 	p=buf;
-	op=d2i_ASN1_OBJECT(NULL,&p,i);
+	op=d2i_ASN1_OBJECT(NULL,&p,j);
 	OPENSSL_free(buf);
 	return op;
 	}
 
-int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
 	int i,idx=0,n=0,len,nid;
 	unsigned long l;
@@ -456,7 +464,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 
 		sprintf(tbuf,"%d.%lu",i,l);
 		i=strlen(tbuf);
-		strncpy(buf,tbuf,buf_len);
+		BUF_strlcpy(buf,tbuf,buf_len);
 		buf_len-=i;
 		buf+=i;
 		n+=i;
@@ -468,7 +476,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 				sprintf(tbuf,".%lu",l);
 				i=strlen(tbuf);
 				if (buf_len > 0)
-					strncpy(buf,tbuf,buf_len);
+					BUF_strlcpy(buf,tbuf,buf_len);
 				buf_len-=i;
 				buf+=i;
 				n+=i;
@@ -480,14 +488,13 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 		s=OBJ_nid2ln(nid);
 		if (s == NULL)
 			s=OBJ_nid2sn(nid);
-		strncpy(buf,s,buf_len);
+		BUF_strlcpy(buf,s,buf_len);
 		n=strlen(s);
 	}
-	buf[buf_len-1]='\0';
 	return(n);
 }
 
-int OBJ_txt2nid(char *s)
+int OBJ_txt2nid(const char *s)
 {
 	ASN1_OBJECT *obj;
 	int nid;
@@ -546,10 +553,11 @@ static int obj_cmp(const void *ap, const void *bp)
 	return(memcmp(a->data,b->data,a->length));
         }
 
-char *OBJ_bsearch(char *key, char *base, int num, int size, int (*cmp)(const void *, const void *))
+const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
+	int (*cmp)(const void *, const void *))
 	{
 	int l,h,i,c;
-	char *p;
+	const char *p;
 
 	if (num == 0) return(NULL);
 	l=0;
@@ -628,7 +636,7 @@ int OBJ_create_objects(BIO *in)
 	/* return(num); */
 	}
 
-int OBJ_create(char *oid, char *sn, char *ln)
+int OBJ_create(const char *oid, const char *sn, const char *ln)
 	{
 	int ok=0;
 	ASN1_OBJECT *op=NULL;
diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h
index 63e11f7..511c7b4 100644
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/openssl/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
 
 /* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
  * following command:
- * perl obj_dat.pl objects.h obj_dat.h
+ * perl obj_dat.pl obj_mac.h obj_dat.h
  */
 
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 404
-#define NUM_SN 402
-#define NUM_LN 402
-#define NUM_OBJ 376
+#define NUM_NID 650
+#define NUM_SN 643
+#define NUM_LN 643
+#define NUM_OBJ 617
 
-static unsigned char lvalues[2951]={
+static unsigned char lvalues[4455]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -100,7 +100,7 @@ static unsigned char lvalues[2951]={
 0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
 0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
 0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
 0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
@@ -152,298 +152,539 @@ static unsigned char lvalues[2951]={
 0x55,0x04,0x2A,                              /* [535] OBJ_givenName */
 0x55,0x04,0x04,                              /* [538] OBJ_surname */
 0x55,0x04,0x2B,                              /* [541] OBJ_initials */
-0x55,0x04,0x2D,                              /* [544] OBJ_uniqueIdentifier */
-0x55,0x1D,0x1F,                              /* [547] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [550] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [555] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [558] OBJ_title */
-0x55,0x04,0x0D,                              /* [561] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [564] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [573] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [582] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [589] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [594] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [601] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [606] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [612] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [620] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A,0x02,               /* [626] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [632] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [635] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [641] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [648] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [656] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [664] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [672] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [680] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [688] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [698] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [708] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [718] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [728] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [738] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [747] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [750] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [753] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [756] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [761] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [771] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [781] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [791] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [801] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [811] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [821] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [832] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [843] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [854] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [865] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [876] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [887] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [896] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [905] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [915] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [925] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [935] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [944] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [953] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [961] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [969] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [977] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [986] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [995] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1004] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1013] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1023] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1032] OBJ_name */
-0x55,0x04,0x2E,                              /* [1035] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1038] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1045] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1052] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1060] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1068] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1076] OBJ_OCSP_sign */
-0x28,                                        /* [1084] OBJ_iso */
-0x2A,                                        /* [1085] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1086] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1089] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1094] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1100] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1108] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1866] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1874] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1881] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1888] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1895] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1902] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1909] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1916] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1923] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1930] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1937] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1944] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1951] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1959] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1967] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1975] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1983] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1991] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1999] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2007] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2015] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2023] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2031] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2039] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2047] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2055] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2063] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2071] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2079] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2087] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2095] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2103] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2111] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2119] OBJ_sbqp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2127] OBJ_sbqp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2135] OBJ_sbqp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2143] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2151] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2159] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2167] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2175] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2183] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2191] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2199] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2207] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2215] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2223] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2231] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2239] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2247] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2255] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2263] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2271] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2279] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2287] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2295] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2303] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2311] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2391] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2399] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2415] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2423] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2431] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2439] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2447] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2455] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2463] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2471] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2479] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2487] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2495] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2503] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2511] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2519] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2527] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2535] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2543] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2551] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2559] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2567] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2575] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
-0x2B,                                        /* [2829] OBJ_org */
-0x2B,0x06,                                   /* [2830] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
-0x50,                                        /* [2897] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05,                              /* [2898] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2901] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2905] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2914] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2922] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2930] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2938] OBJ_role */
-0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
+0x55,0x1D,0x1F,                              /* [544] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [547] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [552] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [555] OBJ_title */
+0x55,0x04,0x0D,                              /* [558] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [579] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [586] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [591] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [598] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */
+0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */
+0x29,0x01,0x01,0x85,0x1A,0x02,               /* [623] OBJ_zlib_compression */
+0x55,0x1D,0x25,                              /* [629] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07,               /* [632] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [638] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [645] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [653] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [661] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [669] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [677] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [744] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [747] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [750] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [753] OBJ_sxnet */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [950] OBJ_hmacWithSHA1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [958] OBJ_id_qt_cps */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [966] OBJ_id_qt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */
+0x55,0x04,0x29,                              /* [1029] OBJ_name */
+0x55,0x04,0x2E,                              /* [1032] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1035] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1042] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1049] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1057] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1065] OBJ_ad_ca_issuers */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1073] OBJ_OCSP_sign */
+0x28,                                        /* [1081] OBJ_iso */
+0x2A,                                        /* [1082] OBJ_member_body */
+0x2A,0x86,0x48,                              /* [1083] OBJ_ISO_US */
+0x2A,0x86,0x48,0xCE,0x38,                    /* [1086] OBJ_X9_57 */
+0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1091] OBJ_X9cm */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1097] OBJ_pkcs1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1105] OBJ_pkcs5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1863] OBJ_md4 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1871] OBJ_id_pkix_mod */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1878] OBJ_id_qt */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1885] OBJ_id_it */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1892] OBJ_id_pkip */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1899] OBJ_id_alg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1906] OBJ_id_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1913] OBJ_id_on */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1920] OBJ_id_pda */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1927] OBJ_id_aca */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1934] OBJ_id_qcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1941] OBJ_id_cct */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1948] OBJ_id_pkix1_explicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1956] OBJ_id_pkix1_implicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1964] OBJ_id_pkix1_explicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1972] OBJ_id_pkix1_implicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1980] OBJ_id_mod_crmf */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1988] OBJ_id_mod_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1996] OBJ_id_mod_kea_profile_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2004] OBJ_id_mod_kea_profile_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2012] OBJ_id_mod_cmp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2020] OBJ_id_mod_qualified_cert_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2028] OBJ_id_mod_qualified_cert_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2036] OBJ_id_mod_attribute_cert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2044] OBJ_id_mod_timestamp_protocol */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2052] OBJ_id_mod_ocsp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2060] OBJ_id_mod_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2068] OBJ_id_mod_cmp2000 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2076] OBJ_biometricInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2084] OBJ_qcStatements */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbqp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbqp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2164] OBJ_ipsecUser */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2172] OBJ_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2180] OBJ_id_it_caProtEncCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2188] OBJ_id_it_signKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2196] OBJ_id_it_encKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2204] OBJ_id_it_preferredSymmAlg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2212] OBJ_id_it_caKeyUpdateInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2220] OBJ_id_it_currentCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2228] OBJ_id_it_unsupportedOIDs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2236] OBJ_id_it_subscriptionRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2244] OBJ_id_it_subscriptionResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2252] OBJ_id_it_keyPairParamReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2260] OBJ_id_it_keyPairParamRep */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2268] OBJ_id_it_revPassphrase */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2276] OBJ_id_it_implicitConfirm */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2284] OBJ_id_it_confirmWaitTime */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2292] OBJ_id_it_origPKIMessage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2300] OBJ_id_regCtrl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2308] OBJ_id_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2388] OBJ_id_alg_des40 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2396] OBJ_id_alg_noSignature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2412] OBJ_id_alg_dh_pop */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2420] OBJ_id_cmc_statusInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2428] OBJ_id_cmc_identification */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2436] OBJ_id_cmc_identityProof */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2444] OBJ_id_cmc_dataReturn */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2452] OBJ_id_cmc_transactionId */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2460] OBJ_id_cmc_senderNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2468] OBJ_id_cmc_recipientNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2476] OBJ_id_cmc_addExtensions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2484] OBJ_id_cmc_encryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2492] OBJ_id_cmc_decryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2500] OBJ_id_cmc_lraPOPWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2508] OBJ_id_cmc_getCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2516] OBJ_id_cmc_getCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2524] OBJ_id_cmc_revokeRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2532] OBJ_id_cmc_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2540] OBJ_id_cmc_responseInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2548] OBJ_id_cmc_queryPending */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2556] OBJ_id_cmc_popLinkRandom */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2564] OBJ_id_cmc_popLinkWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2572] OBJ_id_cmc_confirmCertAcceptance */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2580] OBJ_id_on_personalData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2588] OBJ_id_pda_dateOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2596] OBJ_id_pda_placeOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2604] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2612] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2620] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2628] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2636] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2644] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2652] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2660] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2676] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2684] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2692] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2700] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2708] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02,                         /* [2815] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B,                    /* [2819] OBJ_rsaSignature */
+0x55,0x08,                                   /* [2824] OBJ_X500algorithms */
+0x2B,                                        /* [2826] OBJ_org */
+0x2B,0x06,                                   /* [2827] OBJ_dod */
+0x2B,0x06,0x01,                              /* [2829] OBJ_iana */
+0x2B,0x06,0x01,0x01,                         /* [2832] OBJ_Directory */
+0x2B,0x06,0x01,0x02,                         /* [2836] OBJ_Management */
+0x2B,0x06,0x01,0x03,                         /* [2840] OBJ_Experimental */
+0x2B,0x06,0x01,0x04,                         /* [2844] OBJ_Private */
+0x2B,0x06,0x01,0x05,                         /* [2848] OBJ_Security */
+0x2B,0x06,0x01,0x06,                         /* [2852] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07,                         /* [2856] OBJ_Mail */
+0x2B,0x06,0x01,0x04,0x01,                    /* [2860] OBJ_Enterprises */
+0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */
+0x50,                                        /* [2894] OBJ_joint_iso_ccitt */
+0x55,0x01,0x05,                              /* [2895] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37,                         /* [2898] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2911] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2919] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2927] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48,                              /* [2935] OBJ_role */
+0x55,0x1D,0x24,                              /* [2938] OBJ_policy_constraints */
+0x55,0x1D,0x37,                              /* [2941] OBJ_target_information */
+0x55,0x1D,0x38,                              /* [2944] OBJ_no_rev_avail */
+0x00,                                        /* [2947] OBJ_ccitt */
+0x2A,0x86,0x48,0xCE,0x3D,                    /* [2948] OBJ_ansi_X9_62 */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2953] OBJ_X9_62_prime_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2960] OBJ_X9_62_characteristic_two_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2967] OBJ_X9_62_id_ecPublicKey */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2974] OBJ_X9_62_prime192v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2982] OBJ_X9_62_prime192v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2990] OBJ_X9_62_prime192v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2998] OBJ_X9_62_prime239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3006] OBJ_X9_62_prime239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3014] OBJ_X9_62_prime239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3022] OBJ_X9_62_prime256v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3030] OBJ_ecdsa_with_SHA1 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */
+0x55,0x1D,0x17,                              /* [3154] OBJ_hold_instruction_code */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3157] OBJ_hold_instruction_none */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3164] OBJ_hold_instruction_call_issuer */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3171] OBJ_hold_instruction_reject */
+0x09,                                        /* [3178] OBJ_data */
+0x09,0x92,0x26,                              /* [3179] OBJ_pss */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3182] OBJ_ucl */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3189] OBJ_pilot */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */
+0x55,0x04,0x2D,                              /* [3843] OBJ_x500UniqueIdentifier */
+0x2B,0x06,0x01,0x07,0x01,                    /* [3846] OBJ_mime_mhs */
+0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3851] OBJ_mime_mhs_headings */
+0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3857] OBJ_mime_mhs_bodies */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3863] OBJ_id_hex_partial_message */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3870] OBJ_id_hex_multipart_message */
+0x55,0x04,0x2C,                              /* [3877] OBJ_generationQualifier */
+0x55,0x04,0x41,                              /* [3880] OBJ_pseudonym */
+0x67,0x2A,                                   /* [3883] OBJ_id_set */
+0x67,0x2A,0x00,                              /* [3885] OBJ_set_ctype */
+0x67,0x2A,0x01,                              /* [3888] OBJ_set_msgExt */
+0x67,0x2A,0x03,                              /* [3891] OBJ_set_attr */
+0x67,0x2A,0x05,                              /* [3894] OBJ_set_policy */
+0x67,0x2A,0x07,                              /* [3897] OBJ_set_certExt */
+0x67,0x2A,0x08,                              /* [3900] OBJ_set_brand */
+0x67,0x2A,0x00,0x00,                         /* [3903] OBJ_setct_PANData */
+0x67,0x2A,0x00,0x01,                         /* [3907] OBJ_setct_PANToken */
+0x67,0x2A,0x00,0x02,                         /* [3911] OBJ_setct_PANOnly */
+0x67,0x2A,0x00,0x03,                         /* [3915] OBJ_setct_OIData */
+0x67,0x2A,0x00,0x04,                         /* [3919] OBJ_setct_PI */
+0x67,0x2A,0x00,0x05,                         /* [3923] OBJ_setct_PIData */
+0x67,0x2A,0x00,0x06,                         /* [3927] OBJ_setct_PIDataUnsigned */
+0x67,0x2A,0x00,0x07,                         /* [3931] OBJ_setct_HODInput */
+0x67,0x2A,0x00,0x08,                         /* [3935] OBJ_setct_AuthResBaggage */
+0x67,0x2A,0x00,0x09,                         /* [3939] OBJ_setct_AuthRevReqBaggage */
+0x67,0x2A,0x00,0x0A,                         /* [3943] OBJ_setct_AuthRevResBaggage */
+0x67,0x2A,0x00,0x0B,                         /* [3947] OBJ_setct_CapTokenSeq */
+0x67,0x2A,0x00,0x0C,                         /* [3951] OBJ_setct_PInitResData */
+0x67,0x2A,0x00,0x0D,                         /* [3955] OBJ_setct_PI_TBS */
+0x67,0x2A,0x00,0x0E,                         /* [3959] OBJ_setct_PResData */
+0x67,0x2A,0x00,0x10,                         /* [3963] OBJ_setct_AuthReqTBS */
+0x67,0x2A,0x00,0x11,                         /* [3967] OBJ_setct_AuthResTBS */
+0x67,0x2A,0x00,0x12,                         /* [3971] OBJ_setct_AuthResTBSX */
+0x67,0x2A,0x00,0x13,                         /* [3975] OBJ_setct_AuthTokenTBS */
+0x67,0x2A,0x00,0x14,                         /* [3979] OBJ_setct_CapTokenData */
+0x67,0x2A,0x00,0x15,                         /* [3983] OBJ_setct_CapTokenTBS */
+0x67,0x2A,0x00,0x16,                         /* [3987] OBJ_setct_AcqCardCodeMsg */
+0x67,0x2A,0x00,0x17,                         /* [3991] OBJ_setct_AuthRevReqTBS */
+0x67,0x2A,0x00,0x18,                         /* [3995] OBJ_setct_AuthRevResData */
+0x67,0x2A,0x00,0x19,                         /* [3999] OBJ_setct_AuthRevResTBS */
+0x67,0x2A,0x00,0x1A,                         /* [4003] OBJ_setct_CapReqTBS */
+0x67,0x2A,0x00,0x1B,                         /* [4007] OBJ_setct_CapReqTBSX */
+0x67,0x2A,0x00,0x1C,                         /* [4011] OBJ_setct_CapResData */
+0x67,0x2A,0x00,0x1D,                         /* [4015] OBJ_setct_CapRevReqTBS */
+0x67,0x2A,0x00,0x1E,                         /* [4019] OBJ_setct_CapRevReqTBSX */
+0x67,0x2A,0x00,0x1F,                         /* [4023] OBJ_setct_CapRevResData */
+0x67,0x2A,0x00,0x20,                         /* [4027] OBJ_setct_CredReqTBS */
+0x67,0x2A,0x00,0x21,                         /* [4031] OBJ_setct_CredReqTBSX */
+0x67,0x2A,0x00,0x22,                         /* [4035] OBJ_setct_CredResData */
+0x67,0x2A,0x00,0x23,                         /* [4039] OBJ_setct_CredRevReqTBS */
+0x67,0x2A,0x00,0x24,                         /* [4043] OBJ_setct_CredRevReqTBSX */
+0x67,0x2A,0x00,0x25,                         /* [4047] OBJ_setct_CredRevResData */
+0x67,0x2A,0x00,0x26,                         /* [4051] OBJ_setct_PCertReqData */
+0x67,0x2A,0x00,0x27,                         /* [4055] OBJ_setct_PCertResTBS */
+0x67,0x2A,0x00,0x28,                         /* [4059] OBJ_setct_BatchAdminReqData */
+0x67,0x2A,0x00,0x29,                         /* [4063] OBJ_setct_BatchAdminResData */
+0x67,0x2A,0x00,0x2A,                         /* [4067] OBJ_setct_CardCInitResTBS */
+0x67,0x2A,0x00,0x2B,                         /* [4071] OBJ_setct_MeAqCInitResTBS */
+0x67,0x2A,0x00,0x2C,                         /* [4075] OBJ_setct_RegFormResTBS */
+0x67,0x2A,0x00,0x2D,                         /* [4079] OBJ_setct_CertReqData */
+0x67,0x2A,0x00,0x2E,                         /* [4083] OBJ_setct_CertReqTBS */
+0x67,0x2A,0x00,0x2F,                         /* [4087] OBJ_setct_CertResData */
+0x67,0x2A,0x00,0x30,                         /* [4091] OBJ_setct_CertInqReqTBS */
+0x67,0x2A,0x00,0x31,                         /* [4095] OBJ_setct_ErrorTBS */
+0x67,0x2A,0x00,0x32,                         /* [4099] OBJ_setct_PIDualSignedTBE */
+0x67,0x2A,0x00,0x33,                         /* [4103] OBJ_setct_PIUnsignedTBE */
+0x67,0x2A,0x00,0x34,                         /* [4107] OBJ_setct_AuthReqTBE */
+0x67,0x2A,0x00,0x35,                         /* [4111] OBJ_setct_AuthResTBE */
+0x67,0x2A,0x00,0x36,                         /* [4115] OBJ_setct_AuthResTBEX */
+0x67,0x2A,0x00,0x37,                         /* [4119] OBJ_setct_AuthTokenTBE */
+0x67,0x2A,0x00,0x38,                         /* [4123] OBJ_setct_CapTokenTBE */
+0x67,0x2A,0x00,0x39,                         /* [4127] OBJ_setct_CapTokenTBEX */
+0x67,0x2A,0x00,0x3A,                         /* [4131] OBJ_setct_AcqCardCodeMsgTBE */
+0x67,0x2A,0x00,0x3B,                         /* [4135] OBJ_setct_AuthRevReqTBE */
+0x67,0x2A,0x00,0x3C,                         /* [4139] OBJ_setct_AuthRevResTBE */
+0x67,0x2A,0x00,0x3D,                         /* [4143] OBJ_setct_AuthRevResTBEB */
+0x67,0x2A,0x00,0x3E,                         /* [4147] OBJ_setct_CapReqTBE */
+0x67,0x2A,0x00,0x3F,                         /* [4151] OBJ_setct_CapReqTBEX */
+0x67,0x2A,0x00,0x40,                         /* [4155] OBJ_setct_CapResTBE */
+0x67,0x2A,0x00,0x41,                         /* [4159] OBJ_setct_CapRevReqTBE */
+0x67,0x2A,0x00,0x42,                         /* [4163] OBJ_setct_CapRevReqTBEX */
+0x67,0x2A,0x00,0x43,                         /* [4167] OBJ_setct_CapRevResTBE */
+0x67,0x2A,0x00,0x44,                         /* [4171] OBJ_setct_CredReqTBE */
+0x67,0x2A,0x00,0x45,                         /* [4175] OBJ_setct_CredReqTBEX */
+0x67,0x2A,0x00,0x46,                         /* [4179] OBJ_setct_CredResTBE */
+0x67,0x2A,0x00,0x47,                         /* [4183] OBJ_setct_CredRevReqTBE */
+0x67,0x2A,0x00,0x48,                         /* [4187] OBJ_setct_CredRevReqTBEX */
+0x67,0x2A,0x00,0x49,                         /* [4191] OBJ_setct_CredRevResTBE */
+0x67,0x2A,0x00,0x4A,                         /* [4195] OBJ_setct_BatchAdminReqTBE */
+0x67,0x2A,0x00,0x4B,                         /* [4199] OBJ_setct_BatchAdminResTBE */
+0x67,0x2A,0x00,0x4C,                         /* [4203] OBJ_setct_RegFormReqTBE */
+0x67,0x2A,0x00,0x4D,                         /* [4207] OBJ_setct_CertReqTBE */
+0x67,0x2A,0x00,0x4E,                         /* [4211] OBJ_setct_CertReqTBEX */
+0x67,0x2A,0x00,0x4F,                         /* [4215] OBJ_setct_CertResTBE */
+0x67,0x2A,0x00,0x50,                         /* [4219] OBJ_setct_CRLNotificationTBS */
+0x67,0x2A,0x00,0x51,                         /* [4223] OBJ_setct_CRLNotificationResTBS */
+0x67,0x2A,0x00,0x52,                         /* [4227] OBJ_setct_BCIDistributionTBS */
+0x67,0x2A,0x01,0x01,                         /* [4231] OBJ_setext_genCrypt */
+0x67,0x2A,0x01,0x03,                         /* [4235] OBJ_setext_miAuth */
+0x67,0x2A,0x01,0x04,                         /* [4239] OBJ_setext_pinSecure */
+0x67,0x2A,0x01,0x05,                         /* [4243] OBJ_setext_pinAny */
+0x67,0x2A,0x01,0x07,                         /* [4247] OBJ_setext_track2 */
+0x67,0x2A,0x01,0x08,                         /* [4251] OBJ_setext_cv */
+0x67,0x2A,0x05,0x00,                         /* [4255] OBJ_set_policy_root */
+0x67,0x2A,0x07,0x00,                         /* [4259] OBJ_setCext_hashedRoot */
+0x67,0x2A,0x07,0x01,                         /* [4263] OBJ_setCext_certType */
+0x67,0x2A,0x07,0x02,                         /* [4267] OBJ_setCext_merchData */
+0x67,0x2A,0x07,0x03,                         /* [4271] OBJ_setCext_cCertRequired */
+0x67,0x2A,0x07,0x04,                         /* [4275] OBJ_setCext_tunneling */
+0x67,0x2A,0x07,0x05,                         /* [4279] OBJ_setCext_setExt */
+0x67,0x2A,0x07,0x06,                         /* [4283] OBJ_setCext_setQualf */
+0x67,0x2A,0x07,0x07,                         /* [4287] OBJ_setCext_PGWYcapabilities */
+0x67,0x2A,0x07,0x08,                         /* [4291] OBJ_setCext_TokenIdentifier */
+0x67,0x2A,0x07,0x09,                         /* [4295] OBJ_setCext_Track2Data */
+0x67,0x2A,0x07,0x0A,                         /* [4299] OBJ_setCext_TokenType */
+0x67,0x2A,0x07,0x0B,                         /* [4303] OBJ_setCext_IssuerCapabilities */
+0x67,0x2A,0x03,0x00,                         /* [4307] OBJ_setAttr_Cert */
+0x67,0x2A,0x03,0x01,                         /* [4311] OBJ_setAttr_PGWYcap */
+0x67,0x2A,0x03,0x02,                         /* [4315] OBJ_setAttr_TokenType */
+0x67,0x2A,0x03,0x03,                         /* [4319] OBJ_setAttr_IssCap */
+0x67,0x2A,0x03,0x00,0x00,                    /* [4323] OBJ_set_rootKeyThumb */
+0x67,0x2A,0x03,0x00,0x01,                    /* [4328] OBJ_set_addPolicy */
+0x67,0x2A,0x03,0x02,0x01,                    /* [4333] OBJ_setAttr_Token_EMV */
+0x67,0x2A,0x03,0x02,0x02,                    /* [4338] OBJ_setAttr_Token_B0Prime */
+0x67,0x2A,0x03,0x03,0x03,                    /* [4343] OBJ_setAttr_IssCap_CVM */
+0x67,0x2A,0x03,0x03,0x04,                    /* [4348] OBJ_setAttr_IssCap_T2 */
+0x67,0x2A,0x03,0x03,0x05,                    /* [4353] OBJ_setAttr_IssCap_Sig */
+0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4358] OBJ_setAttr_GenCryptgrm */
+0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4364] OBJ_setAttr_T2Enc */
+0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4370] OBJ_setAttr_T2cleartxt */
+0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4376] OBJ_setAttr_TokICCsig */
+0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4382] OBJ_setAttr_SecDevSig */
+0x67,0x2A,0x08,0x01,                         /* [4388] OBJ_set_brand_IATA_ATA */
+0x67,0x2A,0x08,0x1E,                         /* [4392] OBJ_set_brand_Diners */
+0x67,0x2A,0x08,0x22,                         /* [4396] OBJ_set_brand_AmericanExpress */
+0x67,0x2A,0x08,0x23,                         /* [4400] OBJ_set_brand_JCB */
+0x67,0x2A,0x08,0x04,                         /* [4404] OBJ_set_brand_Visa */
+0x67,0x2A,0x08,0x05,                         /* [4408] OBJ_set_brand_MasterCard */
+0x67,0x2A,0x08,0xAE,0x7B,                    /* [4412] OBJ_set_brand_Novus */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4417] OBJ_des_cdmf */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4434] OBJ_ms_smartcard_login */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4444] OBJ_ms_upn */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -490,8 +731,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
 {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
 {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
+{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
 {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
 {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
 {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
@@ -507,7 +748,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
 {"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
 {"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
-{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[257]),0},
+{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
+	&(lvalues[257]),0},
 {"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
 	&(lvalues[266]),0},
 {"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},
@@ -584,501 +826,924 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
 {"RC4-40","rc4-40",NID_rc4_40,0,NULL},
 {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
-{"G","givenName",NID_givenName,3,&(lvalues[535]),0},
-{"S","surname",NID_surname,3,&(lvalues[538]),0},
-{"I","initials",NID_initials,3,&(lvalues[541]),0},
-{"uniqueIdentifier","uniqueIdentifier",NID_uniqueIdentifier,3,
-	&(lvalues[544]),0},
+{"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
+{"SN","surName",NID_surname,3,&(lvalues[538]),0},
+{"initials","initials",NID_initials,3,&(lvalues[541]),0},
+{NULL,NULL,NID_undef,0,NULL},
 {"crlDistributionPoints","X509v3 CRL Distribution Points",
-	NID_crl_distribution_points,3,&(lvalues[547]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0},
-{"SN","serialNumber",NID_serialNumber,3,&(lvalues[555]),0},
-{"T","title",NID_title,3,&(lvalues[558]),0},
-{"D","description",NID_description,3,&(lvalues[561]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[564]),0},
+	NID_crl_distribution_points,3,&(lvalues[544]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},
+{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0},
+{"title","title",NID_title,3,&(lvalues[555]),0},
+{"description","description",NID_description,3,&(lvalues[558]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},
 {"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
 {"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
 {"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
 {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[573]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[582]),0},
+	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},
 {"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[589]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[594]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[601]),0},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},
 {NULL,NULL,NID_undef,0,NULL},
 {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-	&(lvalues[606]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[612]),0},
+	&(lvalues[603]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},
 {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
 {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
 {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[620]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[626]),0},
+{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
 {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-	&(lvalues[632]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[635]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[641]),0},
+	&(lvalues[629]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},
 {"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-	&(lvalues[648]),0},
+	&(lvalues[645]),0},
 {"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-	&(lvalues[656]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[664]),0},
+	&(lvalues[653]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},
 {"emailProtection","E-mail Protection",NID_email_protect,8,
-	&(lvalues[672]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[680]),0},
+	&(lvalues[669]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},
 {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-	&(lvalues[688]),0},
+	&(lvalues[685]),0},
 {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-	&(lvalues[698]),0},
+	&(lvalues[695]),0},
 {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-	&(lvalues[708]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[718]),0},
+	&(lvalues[705]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},
 {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-	&(lvalues[728]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[738]),0},
+	&(lvalues[725]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},
 {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-	&(lvalues[747]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[750]),0},
+	&(lvalues[744]),0},
+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},
 {"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-	&(lvalues[753]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[756]),0},
+	&(lvalues[750]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},
 {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[761]),0},
+	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},
 {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[771]),0},
+	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},
 {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[781]),0},
+	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},
 {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[791]),0},
+	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},
 {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[801]),0},
+	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},
 {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[811]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[821]),0},
+	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},
+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},
 {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-	11,&(lvalues[832]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[843]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[854]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[865]),0},
+	11,&(lvalues[829]),0},
+{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},
+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},
+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},
 {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-	&(lvalues[876]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[887]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[896]),0},
+	&(lvalues[873]),0},
+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},
+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},
 {"x509Certificate","x509Certificate",NID_x509Certificate,10,
-	&(lvalues[905]),0},
+	&(lvalues[902]),0},
 {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-	&(lvalues[915]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[925]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[935]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[944]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[953]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[961]),0},
+	&(lvalues[912]),0},
+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},
+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-	&(lvalues[969]),0},
+	&(lvalues[966]),0},
 {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
 {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-	&(lvalues[977]),0},
+	&(lvalues[974]),0},
 {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-	&(lvalues[986]),0},
+	&(lvalues[983]),0},
 {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-	&(lvalues[995]),0},
+	&(lvalues[992]),0},
 {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-	&(lvalues[1004]),0},
+	&(lvalues[1001]),0},
 {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-	&(lvalues[1013]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1023]),0},
-{"name","name",NID_name,3,&(lvalues[1032]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1035]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1038]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1045]),0},
+	&(lvalues[1010]),0},
+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},
+{"name","name",NID_name,3,&(lvalues[1029]),0},
+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},
 {"authorityInfoAccess","Authority Information Access",NID_info_access,
-	8,&(lvalues[1052]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1060]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1068]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1076]),0},
-{"ISO","iso",NID_iso,1,&(lvalues[1084]),0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0},
+	8,&(lvalues[1049]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},
+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},
+{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},
+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},
+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},
+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},
+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},
+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},
+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},
+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},
+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},
+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},
+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},
+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},
+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},
+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},
+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},
 {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-	&(lvalues[1195]),0},
+	&(lvalues[1192]),0},
 {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-	&(lvalues[1206]),0},
+	&(lvalues[1203]),0},
 {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-	&(lvalues[1217]),0},
+	&(lvalues[1214]),0},
 {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-	11,&(lvalues[1228]),0},
+	11,&(lvalues[1225]),0},
 {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0},
+	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},
 {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0},
+	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},
 {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0},
+	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},
 {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0},
+	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},
 {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-	11,&(lvalues[1283]),0},
+	11,&(lvalues[1280]),0},
 {"id-smime-ct-authData","id-smime-ct-authData",
-	NID_id_smime_ct_authData,11,&(lvalues[1294]),0},
+	NID_id_smime_ct_authData,11,&(lvalues[1291]),0},
 {"id-smime-ct-publishCert","id-smime-ct-publishCert",
-	NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0},
+	NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},
 {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-	11,&(lvalues[1316]),0},
+	11,&(lvalues[1313]),0},
 {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-	11,&(lvalues[1327]),0},
+	11,&(lvalues[1324]),0},
 {"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-	NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0},
+	NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},
 {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0},
+	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},
 {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0},
+	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},
 {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-	NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0},
+	NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},
 {"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-	NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0},
+	NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},
 {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0},
+	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},
 {"id-smime-aa-contentHint","id-smime-aa-contentHint",
-	NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0},
+	NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},
 {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0},
+	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},
 {"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-	NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0},
+	NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},
 {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0},
+	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},
 {"id-smime-aa-macValue","id-smime-aa-macValue",
-	NID_id_smime_aa_macValue,11,&(lvalues[1448]),0},
+	NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},
 {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0},
+	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},
 {"id-smime-aa-contentReference","id-smime-aa-contentReference",
-	NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0},
+	NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},
 {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0},
+	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},
 {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-	NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0},
+	NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},
 {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0},
+	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},
 {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-	NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0},
+	NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},
 {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0},
+	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},
 {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0},
+	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},
 {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0},
+	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},
 {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0},
+	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},
 {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0},
+	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},
 {"id-smime-aa-ets-contentTimestamp",
 	"id-smime-aa-ets-contentTimestamp",
-	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0},
+	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},
 {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0},
+	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},
 {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0},
+	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},
 {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-	NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0},
+	NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},
 {"id-smime-aa-ets-revocationValues",
 	"id-smime-aa-ets-revocationValues",
-	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0},
+	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},
 {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0},
+	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},
 {"id-smime-aa-ets-certCRLTimestamp",
 	"id-smime-aa-ets-certCRLTimestamp",
-	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0},
+	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},
 {"id-smime-aa-ets-archiveTimeStamp",
 	"id-smime-aa-ets-archiveTimeStamp",
-	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0},
+	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},
 {"id-smime-aa-signatureType","id-smime-aa-signatureType",
-	NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0},
+	NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},
 {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0},
+	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},
 {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0},
+	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},
 {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0},
+	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},
 {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-	NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0},
+	NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},
 {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-	NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0},
+	NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},
 {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-	&(lvalues[1734]),0},
+	&(lvalues[1731]),0},
 {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0},
+	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},
 {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0},
+	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},
 {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-	&(lvalues[1767]),0},
+	&(lvalues[1764]),0},
 {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0},
+	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},
 {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0},
+	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},
 {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0},
+	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},
 {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0},
+	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},
 {"id-smime-cti-ets-proofOfDelivery",
 	"id-smime-cti-ets-proofOfDelivery",
-	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0},
+	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},
 {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0},
+	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},
 {"id-smime-cti-ets-proofOfApproval",
 	"id-smime-cti-ets-proofOfApproval",
-	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0},
+	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},
 {"id-smime-cti-ets-proofOfCreation",
 	"id-smime-cti-ets-proofOfCreation",
-	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1866]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0},
+	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},
+{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},
+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},
+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},
+{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},
+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},
+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},
+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},
+{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},
+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},
+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},
+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},
+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},
 {"id-pkix1-explicit-88","id-pkix1-explicit-88",
-	NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0},
+	NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},
 {"id-pkix1-implicit-88","id-pkix1-implicit-88",
-	NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0},
+	NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},
 {"id-pkix1-explicit-93","id-pkix1-explicit-93",
-	NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0},
+	NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},
 {"id-pkix1-implicit-93","id-pkix1-implicit-93",
-	NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0},
+	NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},
+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},
+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},
 {"id-mod-kea-profile-88","id-mod-kea-profile-88",
-	NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0},
+	NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},
 {"id-mod-kea-profile-93","id-mod-kea-profile-93",
-	NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0},
+	NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},
+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},
 {"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-	NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0},
+	NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},
 {"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-	NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0},
+	NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},
 {"id-mod-attribute-cert","id-mod-attribute-cert",
-	NID_id_mod_attribute_cert,8,&(lvalues[2039]),0},
+	NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},
 {"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-	NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0},
+	NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},
+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},
+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},
 {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-	&(lvalues[2071]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0},
+	&(lvalues[2068]),0},
+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},
+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},
 {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-	&(lvalues[2095]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0},
+	&(lvalues[2092]),0},
+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
 {"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
-	&(lvalues[2119]),0},
+	&(lvalues[2116]),0},
 {"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
-	NID_sbqp_autonomousSysNum,8,&(lvalues[2127]),0},
+	NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
 {"sbqp-routerIdentifier","sbqp-routerIdentifier",
-	NID_sbqp_routerIdentifier,8,&(lvalues[2135]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0},
+	NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
 {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-	&(lvalues[2151]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0},
+	&(lvalues[2148]),0},
+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},
+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},
+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},
 {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-	8,&(lvalues[2183]),0},
+	8,&(lvalues[2180]),0},
 {"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-	NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0},
+	NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},
 {"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-	NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0},
+	NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},
 {"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-	NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0},
+	NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},
 {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0},
+	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},
 {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-	&(lvalues[2223]),0},
+	&(lvalues[2220]),0},
 {"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-	NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0},
+	NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},
 {"id-it-subscriptionRequest","id-it-subscriptionRequest",
-	NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0},
+	NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},
 {"id-it-subscriptionResponse","id-it-subscriptionResponse",
-	NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0},
+	NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},
 {"id-it-keyPairParamReq","id-it-keyPairParamReq",
-	NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0},
+	NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},
 {"id-it-keyPairParamRep","id-it-keyPairParamRep",
-	NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0},
+	NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},
 {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-	8,&(lvalues[2271]),0},
+	8,&(lvalues[2268]),0},
 {"id-it-implicitConfirm","id-it-implicitConfirm",
-	NID_id_it_implicitConfirm,8,&(lvalues[2279]),0},
+	NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},
 {"id-it-confirmWaitTime","id-it-confirmWaitTime",
-	NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0},
+	NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},
 {"id-it-origPKIMessage","id-it-origPKIMessage",
-	NID_id_it_origPKIMessage,8,&(lvalues[2295]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0},
+	NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},
+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},
+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},
 {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-	9,&(lvalues[2319]),0},
+	9,&(lvalues[2316]),0},
 {"id-regCtrl-authenticator","id-regCtrl-authenticator",
-	NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0},
+	NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},
 {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0},
+	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},
 {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0},
+	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},
 {"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-	NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0},
+	NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},
 {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0},
+	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},
 {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-	NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0},
+	NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},
 {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-	&(lvalues[2382]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0},
+	&(lvalues[2379]),0},
+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},
 {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-	&(lvalues[2399]),0},
+	&(lvalues[2396]),0},
 {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0},
+	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},
+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},
 {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-	&(lvalues[2423]),0},
+	&(lvalues[2420]),0},
 {"id-cmc-identification","id-cmc-identification",
-	NID_id_cmc_identification,8,&(lvalues[2431]),0},
+	NID_id_cmc_identification,8,&(lvalues[2428]),0},
 {"id-cmc-identityProof","id-cmc-identityProof",
-	NID_id_cmc_identityProof,8,&(lvalues[2439]),0},
+	NID_id_cmc_identityProof,8,&(lvalues[2436]),0},
 {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-	&(lvalues[2447]),0},
+	&(lvalues[2444]),0},
 {"id-cmc-transactionId","id-cmc-transactionId",
-	NID_id_cmc_transactionId,8,&(lvalues[2455]),0},
+	NID_id_cmc_transactionId,8,&(lvalues[2452]),0},
 {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-	&(lvalues[2463]),0},
+	&(lvalues[2460]),0},
 {"id-cmc-recipientNonce","id-cmc-recipientNonce",
-	NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0},
+	NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},
 {"id-cmc-addExtensions","id-cmc-addExtensions",
-	NID_id_cmc_addExtensions,8,&(lvalues[2479]),0},
+	NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},
 {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-	8,&(lvalues[2487]),0},
+	8,&(lvalues[2484]),0},
 {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-	8,&(lvalues[2495]),0},
+	8,&(lvalues[2492]),0},
 {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-	NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0},
+	NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},
 {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-	&(lvalues[2511]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0},
+	&(lvalues[2508]),0},
+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},
 {"id-cmc-revokeRequest","id-cmc-revokeRequest",
-	NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0},
+	NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},
 {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-	&(lvalues[2535]),0},
+	&(lvalues[2532]),0},
 {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-	8,&(lvalues[2543]),0},
+	8,&(lvalues[2540]),0},
 {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-	8,&(lvalues[2551]),0},
+	8,&(lvalues[2548]),0},
 {"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-	NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0},
+	NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},
 {"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-	NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0},
+	NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},
 {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0},
+	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},
 {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-	&(lvalues[2583]),0},
+	&(lvalues[2580]),0},
 {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-	&(lvalues[2591]),0},
+	&(lvalues[2588]),0},
 {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-	8,&(lvalues[2599]),0},
+	8,&(lvalues[2596]),0},
 {NULL,NULL,NID_undef,0,NULL},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
 {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
+	NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
 {"id-pda-countryOfResidence","id-pda-countryOfResidence",
-	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
+	NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},
 {"id-aca-authenticationInfo","id-aca-authenticationInfo",
-	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
+	NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},
 {"id-aca-accessIdentity","id-aca-accessIdentity",
-	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
+	NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},
 {"id-aca-chargingIdentity","id-aca-chargingIdentity",
-	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
+	NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},
 {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
+	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},
 {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-	&(lvalues[2687]),0},
+	&(lvalues[2684]),0},
 {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-	&(lvalues[2695]),0},
+	&(lvalues[2692]),0},
 {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-	&(lvalues[2703]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
+	&(lvalues[2700]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},
 {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-	&(lvalues[2719]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
+	&(lvalues[2716]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},
 {"acceptableResponses","Acceptable OCSP Responses",
-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
-{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
+	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},
+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},
 {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-	9,&(lvalues[2764]),0},
+	9,&(lvalues[2761]),0},
 {"serviceLocator","OCSP Service Locator",
-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
+	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},
 {"extendedStatus","Extended OCSP Status",
-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
+	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},
 {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-	&(lvalues[2809]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
+	&(lvalues[2806]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},
 {"X500algorithms","directory services - algorithms",
-	NID_X500algorithms,2,&(lvalues[2827]),0},
-{"ORG","org",NID_org,1,&(lvalues[2829]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
-{"private","Private",NID_Private,4,&(lvalues[2847]),0},
-{"security","Security",NID_Security,4,&(lvalues[2851]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
-{"mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
+	NID_X500algorithms,2,&(lvalues[2824]),0},
+{"ORG","org",NID_org,1,&(lvalues[2826]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},
+{"private","Private",NID_Private,4,&(lvalues[2844]),0},
+{"security","Security",NID_Security,4,&(lvalues[2848]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},
+{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},
+{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},
+{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},
 {"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
-	&(lvalues[2897]),0},
+	&(lvalues[2894]),0},
 {"selected-attribute-types","Selected Attribute Types",
-	NID_selected_attribute_types,3,&(lvalues[2898]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2901]),0},
+	NID_selected_attribute_types,3,&(lvalues[2895]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},
 {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-	&(lvalues[2905]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2914]),0},
+	&(lvalues[2902]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},
 {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-	&(lvalues[2922]),0},
+	&(lvalues[2919]),0},
 {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-	&(lvalues[2930]),0},
-{"role","role",NID_role,3,&(lvalues[2938]),0},
+	&(lvalues[2927]),0},
+{"role","role",NID_role,3,&(lvalues[2935]),0},
 {"policyConstraints","X509v3 Policy Constraints",
-	NID_policy_constraints,3,&(lvalues[2941]),0},
+	NID_policy_constraints,3,&(lvalues[2938]),0},
 {"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-	&(lvalues[2944]),0},
+	&(lvalues[2941]),0},
 {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-	&(lvalues[2947]),0},
+	&(lvalues[2944]),0},
+{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0},
+{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},
+{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},
+{"characteristic-two-field","characteristic-two-field",
+	NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},
+{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
+	&(lvalues[2967]),0},
+{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},
+{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},
+{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},
+{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},
+{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},
+{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},
+{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},
+{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
+	&(lvalues[3030]),0},
+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},
+{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},
+{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},
+{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},
+{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},
+{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},
+{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},
+{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},
+{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},
+{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},
+{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},
+{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},
+{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},
+{"holdInstructionCode","Hold Instruction Code",
+	NID_hold_instruction_code,3,&(lvalues[3154]),0},
+{"holdInstructionNone","Hold Instruction None",
+	NID_hold_instruction_none,7,&(lvalues[3157]),0},
+{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
+	NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},
+{"holdInstructionReject","Hold Instruction Reject",
+	NID_hold_instruction_reject,7,&(lvalues[3171]),0},
+{"data","data",NID_data,1,&(lvalues[3178]),0},
+{"pss","pss",NID_pss,3,&(lvalues[3179]),0},
+{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},
+{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},
+{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
+	&(lvalues[3197]),0},
+{"pilotAttributeSyntax","pilotAttributeSyntax",
+	NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},
+{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
+	&(lvalues[3215]),0},
+{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},
+{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
+	&(lvalues[3233]),0},
+{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
+	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},
+{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},
+{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},
+{"account","account",NID_account,10,&(lvalues[3273]),0},
+{"document","document",NID_document,10,&(lvalues[3283]),0},
+{"room","room",NID_room,10,&(lvalues[3293]),0},
+{"documentSeries","documentSeries",NID_documentSeries,10,
+	&(lvalues[3303]),0},
+{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
+	&(lvalues[3313]),0},
+{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},
+{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
+	10,&(lvalues[3333]),0},
+{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
+	&(lvalues[3343]),0},
+{"simpleSecurityObject","simpleSecurityObject",
+	NID_simpleSecurityObject,10,&(lvalues[3353]),0},
+{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
+	&(lvalues[3363]),0},
+{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},
+{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
+	10,&(lvalues[3383]),0},
+{"UID","userId",NID_userId,10,&(lvalues[3393]),0},
+{"textEncodedORAddress","textEncodedORAddress",
+	NID_textEncodedORAddress,10,&(lvalues[3403]),0},
+{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},
+{"info","info",NID_info,10,&(lvalues[3423]),0},
+{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
+	&(lvalues[3433]),0},
+{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},
+{"photo","photo",NID_photo,10,&(lvalues[3453]),0},
+{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},
+{"host","host",NID_host,10,&(lvalues[3473]),0},
+{"manager","manager",NID_manager,10,&(lvalues[3483]),0},
+{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
+	&(lvalues[3493]),0},
+{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},
+{"documentVersion","documentVersion",NID_documentVersion,10,
+	&(lvalues[3513]),0},
+{"documentAuthor","documentAuthor",NID_documentAuthor,10,
+	&(lvalues[3523]),0},
+{"documentLocation","documentLocation",NID_documentLocation,10,
+	&(lvalues[3533]),0},
+{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
+	10,&(lvalues[3543]),0},
+{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},
+{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},
+{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
+	&(lvalues[3573]),0},
+{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
+	&(lvalues[3583]),0},
+{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},
+{"pilotAttributeType27","pilotAttributeType27",
+	NID_pilotAttributeType27,10,&(lvalues[3603]),0},
+{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},
+{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},
+{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},
+{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},
+{"associatedDomain","associatedDomain",NID_associatedDomain,10,
+	&(lvalues[3653]),0},
+{"associatedName","associatedName",NID_associatedName,10,
+	&(lvalues[3663]),0},
+{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
+	&(lvalues[3673]),0},
+{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},
+{"mobileTelephoneNumber","mobileTelephoneNumber",
+	NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},
+{"pagerTelephoneNumber","pagerTelephoneNumber",
+	NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},
+{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
+	10,&(lvalues[3713]),0},
+{"organizationalStatus","organizationalStatus",
+	NID_organizationalStatus,10,&(lvalues[3723]),0},
+{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},
+{"mailPreferenceOption","mailPreferenceOption",
+	NID_mailPreferenceOption,10,&(lvalues[3743]),0},
+{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},
+{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},
+{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
+	&(lvalues[3773]),0},
+{"subtreeMinimumQuality","subtreeMinimumQuality",
+	NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},
+{"subtreeMaximumQuality","subtreeMaximumQuality",
+	NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},
+{"personalSignature","personalSignature",NID_personalSignature,10,
+	&(lvalues[3803]),0},
+{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},
+{"audio","audio",NID_audio,10,&(lvalues[3823]),0},
+{"documentPublisher","documentPublisher",NID_documentPublisher,10,
+	&(lvalues[3833]),0},
+{"x500UniqueIdentifier","x500UniqueIdentifier",
+	NID_x500UniqueIdentifier,3,&(lvalues[3843]),0},
+{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0},
+{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
+	&(lvalues[3851]),0},
+{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
+	&(lvalues[3857]),0},
+{"id-hex-partial-message","id-hex-partial-message",
+	NID_id_hex_partial_message,7,&(lvalues[3863]),0},
+{"id-hex-multipart-message","id-hex-multipart-message",
+	NID_id_hex_multipart_message,7,&(lvalues[3870]),0},
+{"generationQualifier","generationQualifier",NID_generationQualifier,
+	3,&(lvalues[3877]),0},
+{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"id-set","Secure Electronic Transactions",NID_id_set,2,
+	&(lvalues[3883]),0},
+{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},
+{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0},
+{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0},
+{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0},
+{"set-certExt","certificate extensions",NID_set_certExt,3,
+	&(lvalues[3897]),0},
+{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0},
+{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0},
+{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
+	&(lvalues[3907]),0},
+{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0},
+{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0},
+{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0},
+{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0},
+{"setct-PIDataUnsigned","setct-PIDataUnsigned",
+	NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0},
+{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
+	&(lvalues[3931]),0},
+{"setct-AuthResBaggage","setct-AuthResBaggage",
+	NID_setct_AuthResBaggage,4,&(lvalues[3935]),0},
+{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
+	NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0},
+{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
+	NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0},
+{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
+	&(lvalues[3947]),0},
+{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
+	&(lvalues[3951]),0},
+{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0},
+{"setct-PResData","setct-PResData",NID_setct_PResData,4,
+	&(lvalues[3959]),0},
+{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
+	&(lvalues[3963]),0},
+{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
+	&(lvalues[3967]),0},
+{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
+	&(lvalues[3971]),0},
+{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
+	&(lvalues[3975]),0},
+{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
+	&(lvalues[3979]),0},
+{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
+	&(lvalues[3983]),0},
+{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
+	NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0},
+{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
+	4,&(lvalues[3991]),0},
+{"setct-AuthRevResData","setct-AuthRevResData",
+	NID_setct_AuthRevResData,4,&(lvalues[3995]),0},
+{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
+	4,&(lvalues[3999]),0},
+{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
+	&(lvalues[4003]),0},
+{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
+	&(lvalues[4007]),0},
+{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
+	&(lvalues[4011]),0},
+{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
+	&(lvalues[4015]),0},
+{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
+	4,&(lvalues[4019]),0},
+{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
+	4,&(lvalues[4023]),0},
+{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
+	&(lvalues[4027]),0},
+{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
+	&(lvalues[4031]),0},
+{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
+	&(lvalues[4035]),0},
+{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
+	4,&(lvalues[4039]),0},
+{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
+	NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0},
+{"setct-CredRevResData","setct-CredRevResData",
+	NID_setct_CredRevResData,4,&(lvalues[4047]),0},
+{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
+	&(lvalues[4051]),0},
+{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
+	&(lvalues[4055]),0},
+{"setct-BatchAdminReqData","setct-BatchAdminReqData",
+	NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0},
+{"setct-BatchAdminResData","setct-BatchAdminResData",
+	NID_setct_BatchAdminResData,4,&(lvalues[4063]),0},
+{"setct-CardCInitResTBS","setct-CardCInitResTBS",
+	NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0},
+{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
+	NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0},
+{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
+	4,&(lvalues[4075]),0},
+{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
+	&(lvalues[4079]),0},
+{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
+	&(lvalues[4083]),0},
+{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
+	&(lvalues[4087]),0},
+{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
+	4,&(lvalues[4091]),0},
+{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
+	&(lvalues[4095]),0},
+{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
+	NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0},
+{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
+	4,&(lvalues[4103]),0},
+{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
+	&(lvalues[4107]),0},
+{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
+	&(lvalues[4111]),0},
+{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
+	&(lvalues[4115]),0},
+{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
+	&(lvalues[4119]),0},
+{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
+	&(lvalues[4123]),0},
+{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
+	&(lvalues[4127]),0},
+{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
+	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0},
+{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
+	4,&(lvalues[4135]),0},
+{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
+	4,&(lvalues[4139]),0},
+{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
+	NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0},
+{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
+	&(lvalues[4147]),0},
+{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
+	&(lvalues[4151]),0},
+{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
+	&(lvalues[4155]),0},
+{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
+	&(lvalues[4159]),0},
+{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
+	4,&(lvalues[4163]),0},
+{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
+	&(lvalues[4167]),0},
+{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
+	&(lvalues[4171]),0},
+{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
+	&(lvalues[4175]),0},
+{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
+	&(lvalues[4179]),0},
+{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
+	4,&(lvalues[4183]),0},
+{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
+	NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0},
+{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
+	4,&(lvalues[4191]),0},
+{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
+	NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0},
+{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
+	NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0},
+{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
+	4,&(lvalues[4203]),0},
+{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
+	&(lvalues[4207]),0},
+{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
+	&(lvalues[4211]),0},
+{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
+	&(lvalues[4215]),0},
+{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
+	NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0},
+{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
+	NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0},
+{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
+	NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0},
+{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
+	&(lvalues[4231]),0},
+{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
+	&(lvalues[4235]),0},
+{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
+	&(lvalues[4239]),0},
+{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0},
+{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0},
+{"setext-cv","additional verification",NID_setext_cv,4,
+	&(lvalues[4251]),0},
+{"set-policy-root","set-policy-root",NID_set_policy_root,4,
+	&(lvalues[4255]),0},
+{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
+	&(lvalues[4259]),0},
+{"setCext-certType","setCext-certType",NID_setCext_certType,4,
+	&(lvalues[4263]),0},
+{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
+	&(lvalues[4267]),0},
+{"setCext-cCertRequired","setCext-cCertRequired",
+	NID_setCext_cCertRequired,4,&(lvalues[4271]),0},
+{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
+	&(lvalues[4275]),0},
+{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
+	&(lvalues[4279]),0},
+{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
+	&(lvalues[4283]),0},
+{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
+	NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0},
+{"setCext-TokenIdentifier","setCext-TokenIdentifier",
+	NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0},
+{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
+	&(lvalues[4295]),0},
+{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
+	&(lvalues[4299]),0},
+{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
+	NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0},
+{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0},
+{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
+	4,&(lvalues[4311]),0},
+{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
+	&(lvalues[4315]),0},
+{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
+	&(lvalues[4319]),0},
+{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
+	&(lvalues[4323]),0},
+{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0},
+{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
+	&(lvalues[4333]),0},
+{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
+	NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0},
+{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
+	&(lvalues[4343]),0},
+{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
+	&(lvalues[4348]),0},
+{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
+	&(lvalues[4353]),0},
+{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
+	6,&(lvalues[4358]),0},
+{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
+	&(lvalues[4364]),0},
+{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
+	&(lvalues[4370]),0},
+{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
+	&(lvalues[4376]),0},
+{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
+	6,&(lvalues[4382]),0},
+{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
+	&(lvalues[4388]),0},
+{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
+	&(lvalues[4392]),0},
+{"set-brand-AmericanExpress","set-brand-AmericanExpress",
+	NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0},
+{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0},
+{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
+	&(lvalues[4404]),0},
+{"set-brand-MasterCard","set-brand-MasterCard",
+	NID_set_brand_MasterCard,4,&(lvalues[4408]),0},
+{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
+	&(lvalues[4412]),0},
+{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0},
+{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
+	NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
+	10,&(lvalues[4434]),0},
+{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
+	&(lvalues[4444]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[364]),/* "AD_DVCS" */
+&(nid_objs[419]),/* "AES-128-CBC" */
+&(nid_objs[421]),/* "AES-128-CFB" */
+&(nid_objs[418]),/* "AES-128-ECB" */
+&(nid_objs[420]),/* "AES-128-OFB" */
+&(nid_objs[423]),/* "AES-192-CBC" */
+&(nid_objs[425]),/* "AES-192-CFB" */
+&(nid_objs[422]),/* "AES-192-ECB" */
+&(nid_objs[424]),/* "AES-192-OFB" */
+&(nid_objs[427]),/* "AES-256-CBC" */
+&(nid_objs[429]),/* "AES-256-CFB" */
+&(nid_objs[426]),/* "AES-256-ECB" */
+&(nid_objs[428]),/* "AES-256-OFB" */
 &(nid_objs[91]),/* "BF-CBC" */
 &(nid_objs[93]),/* "BF-CFB" */
 &(nid_objs[92]),/* "BF-ECB" */
@@ -1088,12 +1753,14 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[110]),/* "CAST5-CFB" */
 &(nid_objs[109]),/* "CAST5-ECB" */
 &(nid_objs[111]),/* "CAST5-OFB" */
+&(nid_objs[404]),/* "CCITT" */
 &(nid_objs[13]),/* "CN" */
 &(nid_objs[141]),/* "CRLReason" */
+&(nid_objs[417]),/* "CSPName" */
 &(nid_objs[367]),/* "CrlID" */
-&(nid_objs[107]),/* "D" */
 &(nid_objs[391]),/* "DC" */
 &(nid_objs[31]),/* "DES-CBC" */
+&(nid_objs[643]),/* "DES-CDMF" */
 &(nid_objs[30]),/* "DES-CFB" */
 &(nid_objs[29]),/* "DES-ECB" */
 &(nid_objs[32]),/* "DES-EDE" */
@@ -1113,9 +1780,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[70]),/* "DSA-SHA1-old" */
 &(nid_objs[67]),/* "DSA-old" */
 &(nid_objs[297]),/* "DVCS" */
-&(nid_objs[48]),/* "Email" */
-&(nid_objs[99]),/* "G" */
-&(nid_objs[101]),/* "I" */
+&(nid_objs[99]),/* "GN" */
 &(nid_objs[381]),/* "IANA" */
 &(nid_objs[34]),/* "IDEA-CBC" */
 &(nid_objs[35]),/* "IDEA-CFB" */
@@ -1130,6 +1795,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[ 4]),/* "MD5" */
 &(nid_objs[114]),/* "MD5-SHA1" */
 &(nid_objs[95]),/* "MDC2" */
+&(nid_objs[388]),/* "Mail" */
 &(nid_objs[57]),/* "Netscape" */
 &(nid_objs[366]),/* "Nonce" */
 &(nid_objs[17]),/* "O" */
@@ -1177,15 +1843,14 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[42]),/* "RSA-SHA" */
 &(nid_objs[65]),/* "RSA-SHA1" */
 &(nid_objs[115]),/* "RSA-SHA1-2" */
-&(nid_objs[100]),/* "S" */
 &(nid_objs[41]),/* "SHA" */
 &(nid_objs[64]),/* "SHA1" */
 &(nid_objs[188]),/* "SMIME" */
 &(nid_objs[167]),/* "SMIME-CAPS" */
-&(nid_objs[105]),/* "SN" */
+&(nid_objs[100]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
 &(nid_objs[143]),/* "SXNetID" */
-&(nid_objs[106]),/* "T" */
+&(nid_objs[458]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
 &(nid_objs[11]),/* "X500" */
 &(nid_objs[378]),/* "X500algorithms" */
@@ -1193,23 +1858,33 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[184]),/* "X9-57" */
 &(nid_objs[185]),/* "X9cm" */
 &(nid_objs[125]),/* "ZLIB" */
+&(nid_objs[478]),/* "aRecord" */
 &(nid_objs[289]),/* "aaControls" */
 &(nid_objs[287]),/* "ac-auditEntity" */
 &(nid_objs[397]),/* "ac-proxying" */
 &(nid_objs[288]),/* "ac-targeting" */
 &(nid_objs[368]),/* "acceptableResponses" */
+&(nid_objs[446]),/* "account" */
 &(nid_objs[363]),/* "ad_timestamping" */
 &(nid_objs[376]),/* "algorithm" */
+&(nid_objs[405]),/* "ansi-X9-62" */
 &(nid_objs[370]),/* "archiveCutoff" */
+&(nid_objs[484]),/* "associatedDomain" */
+&(nid_objs[485]),/* "associatedName" */
+&(nid_objs[501]),/* "audio" */
 &(nid_objs[177]),/* "authorityInfoAccess" */
 &(nid_objs[90]),/* "authorityKeyIdentifier" */
 &(nid_objs[87]),/* "basicConstraints" */
 &(nid_objs[365]),/* "basicOCSPResponse" */
 &(nid_objs[285]),/* "biometricInfo" */
+&(nid_objs[494]),/* "buildingName" */
+&(nid_objs[483]),/* "cNAMERecord" */
 &(nid_objs[179]),/* "caIssuers" */
+&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
 &(nid_objs[152]),/* "certBag" */
 &(nid_objs[89]),/* "certificatePolicies" */
 &(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[407]),/* "characteristic-two-field" */
 &(nid_objs[395]),/* "clearance" */
 &(nid_objs[130]),/* "clientAuth" */
 &(nid_objs[131]),/* "codeSigning" */
@@ -1218,12 +1893,28 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[153]),/* "crlBag" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[500]),/* "dITRedirect" */
+&(nid_objs[451]),/* "dNSDomain" */
+&(nid_objs[495]),/* "dSAQuality" */
+&(nid_objs[434]),/* "data" */
 &(nid_objs[390]),/* "dcobject" */
 &(nid_objs[140]),/* "deltaCRL" */
+&(nid_objs[107]),/* "description" */
 &(nid_objs[28]),/* "dhKeyAgreement" */
 &(nid_objs[382]),/* "directory" */
 &(nid_objs[174]),/* "dnQualifier" */
+&(nid_objs[447]),/* "document" */
+&(nid_objs[471]),/* "documentAuthor" */
+&(nid_objs[468]),/* "documentIdentifier" */
+&(nid_objs[472]),/* "documentLocation" */
+&(nid_objs[502]),/* "documentPublisher" */
+&(nid_objs[449]),/* "documentSeries" */
+&(nid_objs[469]),/* "documentTitle" */
+&(nid_objs[470]),/* "documentVersion" */
 &(nid_objs[392]),/* "domain" */
+&(nid_objs[452]),/* "domainRelatedObject" */
+&(nid_objs[416]),/* "ecdsa-with-SHA1" */
+&(nid_objs[48]),/* "emailAddress" */
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[389]),/* "enterprises" */
 &(nid_objs[384]),/* "experimental" */
@@ -1231,8 +1922,20 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
 &(nid_objs[372]),/* "extendedStatus" */
+&(nid_objs[462]),/* "favouriteDrink" */
+&(nid_objs[453]),/* "friendlyCountry" */
+&(nid_objs[490]),/* "friendlyCountryName" */
 &(nid_objs[156]),/* "friendlyName" */
+&(nid_objs[509]),/* "generationQualifier" */
 &(nid_objs[163]),/* "hmacWithSHA1" */
+&(nid_objs[432]),/* "holdInstructionCallIssuer" */
+&(nid_objs[430]),/* "holdInstructionCode" */
+&(nid_objs[431]),/* "holdInstructionNone" */
+&(nid_objs[433]),/* "holdInstructionReject" */
+&(nid_objs[486]),/* "homePostalAddress" */
+&(nid_objs[473]),/* "homeTelephoneNumber" */
+&(nid_objs[466]),/* "host" */
+&(nid_objs[442]),/* "iA5StringSyntax" */
 &(nid_objs[266]),/* "id-aca" */
 &(nid_objs[355]),/* "id-aca-accessIdentity" */
 &(nid_objs[354]),/* "id-aca-authenticationInfo" */
@@ -1272,6 +1975,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[332]),/* "id-cmc-senderNonce" */
 &(nid_objs[327]),/* "id-cmc-statusInfo" */
 &(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[408]),/* "id-ecPublicKey" */
+&(nid_objs[508]),/* "id-hex-multipart-message" */
+&(nid_objs[507]),/* "id-hex-partial-message" */
 &(nid_objs[260]),/* "id-it" */
 &(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
 &(nid_objs[298]),/* "id-it-caProtEncCert" */
@@ -1331,6 +2037,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[314]),/* "id-regInfo" */
 &(nid_objs[322]),/* "id-regInfo-certReq" */
 &(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+&(nid_objs[512]),/* "id-set" */
 &(nid_objs[191]),/* "id-smime-aa" */
 &(nid_objs[215]),/* "id-smime-aa-contentHint" */
 &(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
@@ -1399,24 +2106,39 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[194]),/* "id-smime-spq" */
 &(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
 &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+&(nid_objs[461]),/* "info" */
+&(nid_objs[101]),/* "initials" */
 &(nid_objs[142]),/* "invalidityDate" */
 &(nid_objs[294]),/* "ipsecEndSystem" */
 &(nid_objs[295]),/* "ipsecTunnel" */
 &(nid_objs[296]),/* "ipsecUser" */
 &(nid_objs[86]),/* "issuerAltName" */
+&(nid_objs[492]),/* "janetMailbox" */
 &(nid_objs[150]),/* "keyBag" */
 &(nid_objs[83]),/* "keyUsage" */
+&(nid_objs[477]),/* "lastModifiedBy" */
+&(nid_objs[476]),/* "lastModifiedTime" */
 &(nid_objs[157]),/* "localKeyID" */
-&(nid_objs[388]),/* "mail" */
+&(nid_objs[480]),/* "mXRecord" */
+&(nid_objs[460]),/* "mail" */
+&(nid_objs[493]),/* "mailPreferenceOption" */
+&(nid_objs[467]),/* "manager" */
 &(nid_objs[182]),/* "member-body" */
 &(nid_objs[51]),/* "messageDigest" */
 &(nid_objs[383]),/* "mgmt" */
+&(nid_objs[504]),/* "mime-mhs" */
+&(nid_objs[506]),/* "mime-mhs-bodies" */
+&(nid_objs[505]),/* "mime-mhs-headings" */
+&(nid_objs[488]),/* "mobileTelephoneNumber" */
 &(nid_objs[136]),/* "msCTLSign" */
 &(nid_objs[135]),/* "msCodeCom" */
 &(nid_objs[134]),/* "msCodeInd" */
 &(nid_objs[138]),/* "msEFS" */
 &(nid_objs[171]),/* "msExtReq" */
 &(nid_objs[137]),/* "msSGC" */
+&(nid_objs[648]),/* "msSmartcardLogin" */
+&(nid_objs[649]),/* "msUPN" */
+&(nid_objs[481]),/* "nSRecord" */
 &(nid_objs[173]),/* "name" */
 &(nid_objs[369]),/* "noCheck" */
 &(nid_objs[403]),/* "noRevAvail" */
@@ -1432,8 +2154,24 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[73]),/* "nsRevocationUrl" */
 &(nid_objs[139]),/* "nsSGC" */
 &(nid_objs[77]),/* "nsSslServerName" */
+&(nid_objs[491]),/* "organizationalStatus" */
+&(nid_objs[475]),/* "otherMailbox" */
+&(nid_objs[489]),/* "pagerTelephoneNumber" */
 &(nid_objs[374]),/* "path" */
 &(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+&(nid_objs[499]),/* "personalSignature" */
+&(nid_objs[487]),/* "personalTitle" */
+&(nid_objs[464]),/* "photo" */
+&(nid_objs[437]),/* "pilot" */
+&(nid_objs[439]),/* "pilotAttributeSyntax" */
+&(nid_objs[438]),/* "pilotAttributeType" */
+&(nid_objs[479]),/* "pilotAttributeType27" */
+&(nid_objs[456]),/* "pilotDSA" */
+&(nid_objs[441]),/* "pilotGroups" */
+&(nid_objs[444]),/* "pilotObject" */
+&(nid_objs[440]),/* "pilotObjectClass" */
+&(nid_objs[455]),/* "pilotOrganization" */
+&(nid_objs[445]),/* "pilotPerson" */
 &(nid_objs[ 2]),/* "pkcs" */
 &(nid_objs[186]),/* "pkcs1" */
 &(nid_objs[27]),/* "pkcs3" */
@@ -1448,42 +2186,199 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
 &(nid_objs[47]),/* "pkcs9" */
 &(nid_objs[401]),/* "policyConstraints" */
+&(nid_objs[406]),/* "prime-field" */
+&(nid_objs[409]),/* "prime192v1" */
+&(nid_objs[410]),/* "prime192v2" */
+&(nid_objs[411]),/* "prime192v3" */
+&(nid_objs[412]),/* "prime239v1" */
+&(nid_objs[413]),/* "prime239v2" */
+&(nid_objs[414]),/* "prime239v3" */
+&(nid_objs[415]),/* "prime256v1" */
 &(nid_objs[385]),/* "private" */
 &(nid_objs[84]),/* "privateKeyUsagePeriod" */
+&(nid_objs[510]),/* "pseudonym" */
+&(nid_objs[435]),/* "pss" */
 &(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[457]),/* "qualityLabelledData" */
+&(nid_objs[450]),/* "rFC822localPart" */
 &(nid_objs[400]),/* "role" */
+&(nid_objs[448]),/* "room" */
+&(nid_objs[463]),/* "roomNumber" */
 &(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
 &(nid_objs[377]),/* "rsaSignature" */
 &(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[482]),/* "sOARecord" */
 &(nid_objs[155]),/* "safeContentsBag" */
 &(nid_objs[291]),/* "sbqp-autonomousSysNum" */
 &(nid_objs[290]),/* "sbqp-ipAddrBlock" */
 &(nid_objs[292]),/* "sbqp-routerIdentifier" */
 &(nid_objs[159]),/* "sdsiCertificate" */
 &(nid_objs[154]),/* "secretBag" */
+&(nid_objs[474]),/* "secretary" */
 &(nid_objs[386]),/* "security" */
 &(nid_objs[394]),/* "selected-attribute-types" */
+&(nid_objs[105]),/* "serialNumber" */
 &(nid_objs[129]),/* "serverAuth" */
 &(nid_objs[371]),/* "serviceLocator" */
+&(nid_objs[625]),/* "set-addPolicy" */
+&(nid_objs[515]),/* "set-attr" */
+&(nid_objs[518]),/* "set-brand" */
+&(nid_objs[638]),/* "set-brand-AmericanExpress" */
+&(nid_objs[637]),/* "set-brand-Diners" */
+&(nid_objs[636]),/* "set-brand-IATA-ATA" */
+&(nid_objs[639]),/* "set-brand-JCB" */
+&(nid_objs[641]),/* "set-brand-MasterCard" */
+&(nid_objs[642]),/* "set-brand-Novus" */
+&(nid_objs[640]),/* "set-brand-Visa" */
+&(nid_objs[517]),/* "set-certExt" */
+&(nid_objs[513]),/* "set-ctype" */
+&(nid_objs[514]),/* "set-msgExt" */
+&(nid_objs[516]),/* "set-policy" */
+&(nid_objs[607]),/* "set-policy-root" */
+&(nid_objs[624]),/* "set-rootKeyThumb" */
+&(nid_objs[620]),/* "setAttr-Cert" */
+&(nid_objs[631]),/* "setAttr-GenCryptgrm" */
+&(nid_objs[623]),/* "setAttr-IssCap" */
+&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
+&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
+&(nid_objs[629]),/* "setAttr-IssCap-T2" */
+&(nid_objs[621]),/* "setAttr-PGWYcap" */
+&(nid_objs[635]),/* "setAttr-SecDevSig" */
+&(nid_objs[632]),/* "setAttr-T2Enc" */
+&(nid_objs[633]),/* "setAttr-T2cleartxt" */
+&(nid_objs[634]),/* "setAttr-TokICCsig" */
+&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
+&(nid_objs[626]),/* "setAttr-Token-EMV" */
+&(nid_objs[622]),/* "setAttr-TokenType" */
+&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
+&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
+&(nid_objs[616]),/* "setCext-TokenIdentifier" */
+&(nid_objs[618]),/* "setCext-TokenType" */
+&(nid_objs[617]),/* "setCext-Track2Data" */
+&(nid_objs[611]),/* "setCext-cCertRequired" */
+&(nid_objs[609]),/* "setCext-certType" */
+&(nid_objs[608]),/* "setCext-hashedRoot" */
+&(nid_objs[610]),/* "setCext-merchData" */
+&(nid_objs[613]),/* "setCext-setExt" */
+&(nid_objs[614]),/* "setCext-setQualf" */
+&(nid_objs[612]),/* "setCext-tunneling" */
+&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
+&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
+&(nid_objs[570]),/* "setct-AuthReqTBE" */
+&(nid_objs[534]),/* "setct-AuthReqTBS" */
+&(nid_objs[527]),/* "setct-AuthResBaggage" */
+&(nid_objs[571]),/* "setct-AuthResTBE" */
+&(nid_objs[572]),/* "setct-AuthResTBEX" */
+&(nid_objs[535]),/* "setct-AuthResTBS" */
+&(nid_objs[536]),/* "setct-AuthResTBSX" */
+&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
+&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
+&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
+&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
+&(nid_objs[542]),/* "setct-AuthRevResData" */
+&(nid_objs[578]),/* "setct-AuthRevResTBE" */
+&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
+&(nid_objs[543]),/* "setct-AuthRevResTBS" */
+&(nid_objs[573]),/* "setct-AuthTokenTBE" */
+&(nid_objs[537]),/* "setct-AuthTokenTBS" */
+&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
+&(nid_objs[558]),/* "setct-BatchAdminReqData" */
+&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
+&(nid_objs[559]),/* "setct-BatchAdminResData" */
+&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
+&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
+&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
+&(nid_objs[580]),/* "setct-CapReqTBE" */
+&(nid_objs[581]),/* "setct-CapReqTBEX" */
+&(nid_objs[544]),/* "setct-CapReqTBS" */
+&(nid_objs[545]),/* "setct-CapReqTBSX" */
+&(nid_objs[546]),/* "setct-CapResData" */
+&(nid_objs[582]),/* "setct-CapResTBE" */
+&(nid_objs[583]),/* "setct-CapRevReqTBE" */
+&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
+&(nid_objs[547]),/* "setct-CapRevReqTBS" */
+&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
+&(nid_objs[549]),/* "setct-CapRevResData" */
+&(nid_objs[585]),/* "setct-CapRevResTBE" */
+&(nid_objs[538]),/* "setct-CapTokenData" */
+&(nid_objs[530]),/* "setct-CapTokenSeq" */
+&(nid_objs[574]),/* "setct-CapTokenTBE" */
+&(nid_objs[575]),/* "setct-CapTokenTBEX" */
+&(nid_objs[539]),/* "setct-CapTokenTBS" */
+&(nid_objs[560]),/* "setct-CardCInitResTBS" */
+&(nid_objs[566]),/* "setct-CertInqReqTBS" */
+&(nid_objs[563]),/* "setct-CertReqData" */
+&(nid_objs[595]),/* "setct-CertReqTBE" */
+&(nid_objs[596]),/* "setct-CertReqTBEX" */
+&(nid_objs[564]),/* "setct-CertReqTBS" */
+&(nid_objs[565]),/* "setct-CertResData" */
+&(nid_objs[597]),/* "setct-CertResTBE" */
+&(nid_objs[586]),/* "setct-CredReqTBE" */
+&(nid_objs[587]),/* "setct-CredReqTBEX" */
+&(nid_objs[550]),/* "setct-CredReqTBS" */
+&(nid_objs[551]),/* "setct-CredReqTBSX" */
+&(nid_objs[552]),/* "setct-CredResData" */
+&(nid_objs[588]),/* "setct-CredResTBE" */
+&(nid_objs[589]),/* "setct-CredRevReqTBE" */
+&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
+&(nid_objs[553]),/* "setct-CredRevReqTBS" */
+&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
+&(nid_objs[555]),/* "setct-CredRevResData" */
+&(nid_objs[591]),/* "setct-CredRevResTBE" */
+&(nid_objs[567]),/* "setct-ErrorTBS" */
+&(nid_objs[526]),/* "setct-HODInput" */
+&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
+&(nid_objs[522]),/* "setct-OIData" */
+&(nid_objs[519]),/* "setct-PANData" */
+&(nid_objs[521]),/* "setct-PANOnly" */
+&(nid_objs[520]),/* "setct-PANToken" */
+&(nid_objs[556]),/* "setct-PCertReqData" */
+&(nid_objs[557]),/* "setct-PCertResTBS" */
+&(nid_objs[523]),/* "setct-PI" */
+&(nid_objs[532]),/* "setct-PI-TBS" */
+&(nid_objs[524]),/* "setct-PIData" */
+&(nid_objs[525]),/* "setct-PIDataUnsigned" */
+&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
+&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
+&(nid_objs[531]),/* "setct-PInitResData" */
+&(nid_objs[533]),/* "setct-PResData" */
+&(nid_objs[594]),/* "setct-RegFormReqTBE" */
+&(nid_objs[562]),/* "setct-RegFormResTBS" */
+&(nid_objs[606]),/* "setext-cv" */
+&(nid_objs[601]),/* "setext-genCrypt" */
+&(nid_objs[602]),/* "setext-miAuth" */
+&(nid_objs[604]),/* "setext-pinAny" */
+&(nid_objs[603]),/* "setext-pinSecure" */
+&(nid_objs[605]),/* "setext-track2" */
 &(nid_objs[52]),/* "signingTime" */
+&(nid_objs[454]),/* "simpleSecurityObject" */
+&(nid_objs[496]),/* "singleLevelQuality" */
 &(nid_objs[387]),/* "snmpv2" */
 &(nid_objs[85]),/* "subjectAltName" */
 &(nid_objs[398]),/* "subjectInfoAccess" */
 &(nid_objs[82]),/* "subjectKeyIdentifier" */
+&(nid_objs[498]),/* "subtreeMaximumQuality" */
+&(nid_objs[497]),/* "subtreeMinimumQuality" */
 &(nid_objs[402]),/* "targetInformation" */
+&(nid_objs[459]),/* "textEncodedORAddress" */
 &(nid_objs[293]),/* "textNotice" */
 &(nid_objs[133]),/* "timeStamping" */
+&(nid_objs[106]),/* "title" */
 &(nid_objs[375]),/* "trustRoot" */
-&(nid_objs[102]),/* "uniqueIdentifier" */
+&(nid_objs[436]),/* "ucl" */
 &(nid_objs[55]),/* "unstructuredAddress" */
 &(nid_objs[49]),/* "unstructuredName" */
+&(nid_objs[465]),/* "userClass" */
 &(nid_objs[373]),/* "valid" */
+&(nid_objs[503]),/* "x500UniqueIdentifier" */
 &(nid_objs[158]),/* "x509Certificate" */
 &(nid_objs[160]),/* "x509Crl" */
 };
 
 static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[363]),/* "AD Time Stamping" */
+&(nid_objs[405]),/* "ANSI X9.62" */
 &(nid_objs[368]),/* "Acceptable OCSP Responses" */
 &(nid_objs[177]),/* "Authority Information Access" */
 &(nid_objs[365]),/* "Basic OCSP Response" */
@@ -1497,20 +2392,29 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[384]),/* "Experimental" */
 &(nid_objs[372]),/* "Extended OCSP Status" */
 &(nid_objs[172]),/* "Extension Request" */
+&(nid_objs[432]),/* "Hold Instruction Call Issuer" */
+&(nid_objs[430]),/* "Hold Instruction Code" */
+&(nid_objs[431]),/* "Hold Instruction None" */
+&(nid_objs[433]),/* "Hold Instruction Reject" */
+&(nid_objs[634]),/* "ICC or token signature" */
 &(nid_objs[294]),/* "IPSec End System" */
 &(nid_objs[295]),/* "IPSec Tunnel" */
 &(nid_objs[296]),/* "IPSec User" */
 &(nid_objs[182]),/* "ISO Member Body" */
 &(nid_objs[183]),/* "ISO US Member Body" */
 &(nid_objs[142]),/* "Invalidity Date" */
+&(nid_objs[504]),/* "MIME MHS" */
 &(nid_objs[388]),/* "Mail" */
 &(nid_objs[383]),/* "Management" */
+&(nid_objs[417]),/* "Microsoft CSP Name" */
 &(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
 &(nid_objs[138]),/* "Microsoft Encrypted File System" */
 &(nid_objs[171]),/* "Microsoft Extension Request" */
 &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
 &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+&(nid_objs[648]),/* "Microsoft Smartcardlogin" */
 &(nid_objs[136]),/* "Microsoft Trust List Signing" */
+&(nid_objs[649]),/* "Microsoft Universal Principal Name" */
 &(nid_objs[72]),/* "Netscape Base Url" */
 &(nid_objs[76]),/* "Netscape CA Policy Url" */
 &(nid_objs[74]),/* "Netscape CA Revocation Url" */
@@ -1527,6 +2431,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[178]),/* "OCSP" */
 &(nid_objs[370]),/* "OCSP Archive Cutoff" */
 &(nid_objs[367]),/* "OCSP CRL ID" */
+&(nid_objs[369]),/* "OCSP No Check" */
 &(nid_objs[366]),/* "OCSP Nonce" */
 &(nid_objs[371]),/* "OCSP Service Locator" */
 &(nid_objs[180]),/* "OCSP Signing" */
@@ -1542,6 +2447,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[188]),/* "S/MIME" */
 &(nid_objs[167]),/* "S/MIME Capabilities" */
 &(nid_objs[387]),/* "SNMPv2" */
+&(nid_objs[512]),/* "Secure Electronic Transactions" */
 &(nid_objs[386]),/* "Security" */
 &(nid_objs[394]),/* "Selected Attribute Types" */
 &(nid_objs[143]),/* "Strong Extranet ID" */
@@ -1569,30 +2475,61 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
 &(nid_objs[184]),/* "X9.57" */
 &(nid_objs[185]),/* "X9.57 CM ?" */
+&(nid_objs[478]),/* "aRecord" */
 &(nid_objs[289]),/* "aaControls" */
 &(nid_objs[287]),/* "ac-auditEntity" */
 &(nid_objs[397]),/* "ac-proxying" */
 &(nid_objs[288]),/* "ac-targeting" */
+&(nid_objs[446]),/* "account" */
 &(nid_objs[364]),/* "ad dvcs" */
+&(nid_objs[606]),/* "additional verification" */
+&(nid_objs[419]),/* "aes-128-cbc" */
+&(nid_objs[421]),/* "aes-128-cfb" */
+&(nid_objs[418]),/* "aes-128-ecb" */
+&(nid_objs[420]),/* "aes-128-ofb" */
+&(nid_objs[423]),/* "aes-192-cbc" */
+&(nid_objs[425]),/* "aes-192-cfb" */
+&(nid_objs[422]),/* "aes-192-ecb" */
+&(nid_objs[424]),/* "aes-192-ofb" */
+&(nid_objs[427]),/* "aes-256-cbc" */
+&(nid_objs[429]),/* "aes-256-cfb" */
+&(nid_objs[426]),/* "aes-256-ecb" */
+&(nid_objs[428]),/* "aes-256-ofb" */
 &(nid_objs[376]),/* "algorithm" */
+&(nid_objs[484]),/* "associatedDomain" */
+&(nid_objs[485]),/* "associatedName" */
+&(nid_objs[501]),/* "audio" */
 &(nid_objs[91]),/* "bf-cbc" */
 &(nid_objs[93]),/* "bf-cfb" */
 &(nid_objs[92]),/* "bf-ecb" */
 &(nid_objs[94]),/* "bf-ofb" */
+&(nid_objs[494]),/* "buildingName" */
+&(nid_objs[483]),/* "cNAMERecord" */
+&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
 &(nid_objs[108]),/* "cast5-cbc" */
 &(nid_objs[110]),/* "cast5-cfb" */
 &(nid_objs[109]),/* "cast5-ecb" */
 &(nid_objs[111]),/* "cast5-ofb" */
+&(nid_objs[404]),/* "ccitt" */
 &(nid_objs[152]),/* "certBag" */
+&(nid_objs[517]),/* "certificate extensions" */
 &(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[407]),/* "characteristic-two-field" */
 &(nid_objs[395]),/* "clearance" */
+&(nid_objs[633]),/* "cleartext track 2" */
 &(nid_objs[13]),/* "commonName" */
+&(nid_objs[513]),/* "content types" */
 &(nid_objs[50]),/* "contentType" */
 &(nid_objs[53]),/* "countersignature" */
 &(nid_objs[14]),/* "countryName" */
 &(nid_objs[153]),/* "crlBag" */
+&(nid_objs[500]),/* "dITRedirect" */
+&(nid_objs[451]),/* "dNSDomain" */
+&(nid_objs[495]),/* "dSAQuality" */
+&(nid_objs[434]),/* "data" */
 &(nid_objs[390]),/* "dcObject" */
 &(nid_objs[31]),/* "des-cbc" */
+&(nid_objs[643]),/* "des-cdmf" */
 &(nid_objs[30]),/* "des-cfb" */
 &(nid_objs[29]),/* "des-ecb" */
 &(nid_objs[32]),/* "des-ede" */
@@ -1610,19 +2547,40 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[11]),/* "directory services (X.500)" */
 &(nid_objs[378]),/* "directory services - algorithms" */
 &(nid_objs[174]),/* "dnQualifier" */
+&(nid_objs[447]),/* "document" */
+&(nid_objs[471]),/* "documentAuthor" */
+&(nid_objs[468]),/* "documentIdentifier" */
+&(nid_objs[472]),/* "documentLocation" */
+&(nid_objs[502]),/* "documentPublisher" */
+&(nid_objs[449]),/* "documentSeries" */
+&(nid_objs[469]),/* "documentTitle" */
+&(nid_objs[470]),/* "documentVersion" */
 &(nid_objs[380]),/* "dod" */
 &(nid_objs[391]),/* "domainComponent" */
+&(nid_objs[452]),/* "domainRelatedObject" */
 &(nid_objs[116]),/* "dsaEncryption" */
 &(nid_objs[67]),/* "dsaEncryption-old" */
 &(nid_objs[66]),/* "dsaWithSHA" */
 &(nid_objs[113]),/* "dsaWithSHA1" */
 &(nid_objs[70]),/* "dsaWithSHA1-old" */
 &(nid_objs[297]),/* "dvcs" */
+&(nid_objs[416]),/* "ecdsa-with-SHA1" */
 &(nid_objs[48]),/* "emailAddress" */
+&(nid_objs[632]),/* "encrypted track 2" */
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[462]),/* "favouriteDrink" */
+&(nid_objs[453]),/* "friendlyCountry" */
+&(nid_objs[490]),/* "friendlyCountryName" */
 &(nid_objs[156]),/* "friendlyName" */
+&(nid_objs[631]),/* "generate cryptogram" */
+&(nid_objs[509]),/* "generationQualifier" */
+&(nid_objs[601]),/* "generic cryptogram" */
 &(nid_objs[99]),/* "givenName" */
 &(nid_objs[163]),/* "hmacWithSHA1" */
+&(nid_objs[486]),/* "homePostalAddress" */
+&(nid_objs[473]),/* "homeTelephoneNumber" */
+&(nid_objs[466]),/* "host" */
+&(nid_objs[442]),/* "iA5StringSyntax" */
 &(nid_objs[381]),/* "iana" */
 &(nid_objs[266]),/* "id-aca" */
 &(nid_objs[355]),/* "id-aca-accessIdentity" */
@@ -1663,6 +2621,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[332]),/* "id-cmc-senderNonce" */
 &(nid_objs[327]),/* "id-cmc-statusInfo" */
 &(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[408]),/* "id-ecPublicKey" */
+&(nid_objs[508]),/* "id-hex-multipart-message" */
+&(nid_objs[507]),/* "id-hex-partial-message" */
 &(nid_objs[260]),/* "id-it" */
 &(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
 &(nid_objs[298]),/* "id-it-caProtEncCert" */
@@ -1792,12 +2753,20 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[35]),/* "idea-cfb" */
 &(nid_objs[36]),/* "idea-ecb" */
 &(nid_objs[46]),/* "idea-ofb" */
+&(nid_objs[461]),/* "info" */
 &(nid_objs[101]),/* "initials" */
 &(nid_objs[181]),/* "iso" */
+&(nid_objs[623]),/* "issuer capabilities" */
+&(nid_objs[492]),/* "janetMailbox" */
 &(nid_objs[393]),/* "joint-iso-ccitt" */
 &(nid_objs[150]),/* "keyBag" */
+&(nid_objs[477]),/* "lastModifiedBy" */
+&(nid_objs[476]),/* "lastModifiedTime" */
 &(nid_objs[157]),/* "localKeyID" */
 &(nid_objs[15]),/* "localityName" */
+&(nid_objs[480]),/* "mXRecord" */
+&(nid_objs[493]),/* "mailPreferenceOption" */
+&(nid_objs[467]),/* "manager" */
 &(nid_objs[ 3]),/* "md2" */
 &(nid_objs[ 7]),/* "md2WithRSAEncryption" */
 &(nid_objs[257]),/* "md4" */
@@ -1808,13 +2777,22 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[ 8]),/* "md5WithRSAEncryption" */
 &(nid_objs[95]),/* "mdc2" */
 &(nid_objs[96]),/* "mdc2WithRSA" */
+&(nid_objs[602]),/* "merchant initiated auth" */
+&(nid_objs[514]),/* "message extensions" */
 &(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[506]),/* "mime-mhs-bodies" */
+&(nid_objs[505]),/* "mime-mhs-headings" */
+&(nid_objs[488]),/* "mobileTelephoneNumber" */
+&(nid_objs[481]),/* "nSRecord" */
 &(nid_objs[173]),/* "name" */
-&(nid_objs[369]),/* "noCheck" */
 &(nid_objs[379]),/* "org" */
 &(nid_objs[17]),/* "organizationName" */
+&(nid_objs[491]),/* "organizationalStatus" */
 &(nid_objs[18]),/* "organizationalUnitName" */
+&(nid_objs[475]),/* "otherMailbox" */
+&(nid_objs[489]),/* "pagerTelephoneNumber" */
 &(nid_objs[374]),/* "path" */
+&(nid_objs[621]),/* "payment gateway capabilities" */
 &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
 &(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
 &(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
@@ -1828,6 +2806,19 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
 &(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
 &(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
+&(nid_objs[499]),/* "personalSignature" */
+&(nid_objs[487]),/* "personalTitle" */
+&(nid_objs[464]),/* "photo" */
+&(nid_objs[437]),/* "pilot" */
+&(nid_objs[439]),/* "pilotAttributeSyntax" */
+&(nid_objs[438]),/* "pilotAttributeType" */
+&(nid_objs[479]),/* "pilotAttributeType27" */
+&(nid_objs[456]),/* "pilotDSA" */
+&(nid_objs[441]),/* "pilotGroups" */
+&(nid_objs[444]),/* "pilotObject" */
+&(nid_objs[440]),/* "pilotObjectClass" */
+&(nid_objs[455]),/* "pilotOrganization" */
+&(nid_objs[445]),/* "pilotPerson" */
 &(nid_objs[186]),/* "pkcs1" */
 &(nid_objs[27]),/* "pkcs3" */
 &(nid_objs[187]),/* "pkcs5" */
@@ -1840,7 +2831,19 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[22]),/* "pkcs7-signedData" */
 &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
 &(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[406]),/* "prime-field" */
+&(nid_objs[409]),/* "prime192v1" */
+&(nid_objs[410]),/* "prime192v2" */
+&(nid_objs[411]),/* "prime192v3" */
+&(nid_objs[412]),/* "prime239v1" */
+&(nid_objs[413]),/* "prime239v2" */
+&(nid_objs[414]),/* "prime239v3" */
+&(nid_objs[415]),/* "prime256v1" */
+&(nid_objs[510]),/* "pseudonym" */
+&(nid_objs[435]),/* "pss" */
 &(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[457]),/* "qualityLabelledData" */
+&(nid_objs[450]),/* "rFC822localPart" */
 &(nid_objs[98]),/* "rc2-40-cbc" */
 &(nid_objs[166]),/* "rc2-64-cbc" */
 &(nid_objs[37]),/* "rc2-cbc" */
@@ -1853,35 +2856,167 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[122]),/* "rc5-cfb" */
 &(nid_objs[121]),/* "rc5-ecb" */
 &(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[460]),/* "rfc822Mailbox" */
 &(nid_objs[117]),/* "ripemd160" */
 &(nid_objs[119]),/* "ripemd160WithRSA" */
 &(nid_objs[400]),/* "role" */
+&(nid_objs[448]),/* "room" */
+&(nid_objs[463]),/* "roomNumber" */
 &(nid_objs[19]),/* "rsa" */
 &(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
 &(nid_objs[377]),/* "rsaSignature" */
 &(nid_objs[124]),/* "run length compression" */
+&(nid_objs[482]),/* "sOARecord" */
 &(nid_objs[155]),/* "safeContentsBag" */
 &(nid_objs[291]),/* "sbqp-autonomousSysNum" */
 &(nid_objs[290]),/* "sbqp-ipAddrBlock" */
 &(nid_objs[292]),/* "sbqp-routerIdentifier" */
 &(nid_objs[159]),/* "sdsiCertificate" */
 &(nid_objs[154]),/* "secretBag" */
+&(nid_objs[474]),/* "secretary" */
+&(nid_objs[635]),/* "secure device signature" */
 &(nid_objs[105]),/* "serialNumber" */
+&(nid_objs[625]),/* "set-addPolicy" */
+&(nid_objs[515]),/* "set-attr" */
+&(nid_objs[518]),/* "set-brand" */
+&(nid_objs[638]),/* "set-brand-AmericanExpress" */
+&(nid_objs[637]),/* "set-brand-Diners" */
+&(nid_objs[636]),/* "set-brand-IATA-ATA" */
+&(nid_objs[639]),/* "set-brand-JCB" */
+&(nid_objs[641]),/* "set-brand-MasterCard" */
+&(nid_objs[642]),/* "set-brand-Novus" */
+&(nid_objs[640]),/* "set-brand-Visa" */
+&(nid_objs[516]),/* "set-policy" */
+&(nid_objs[607]),/* "set-policy-root" */
+&(nid_objs[624]),/* "set-rootKeyThumb" */
+&(nid_objs[620]),/* "setAttr-Cert" */
+&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
+&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
+&(nid_objs[629]),/* "setAttr-IssCap-T2" */
+&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
+&(nid_objs[626]),/* "setAttr-Token-EMV" */
+&(nid_objs[622]),/* "setAttr-TokenType" */
+&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
+&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
+&(nid_objs[616]),/* "setCext-TokenIdentifier" */
+&(nid_objs[618]),/* "setCext-TokenType" */
+&(nid_objs[617]),/* "setCext-Track2Data" */
+&(nid_objs[611]),/* "setCext-cCertRequired" */
+&(nid_objs[609]),/* "setCext-certType" */
+&(nid_objs[608]),/* "setCext-hashedRoot" */
+&(nid_objs[610]),/* "setCext-merchData" */
+&(nid_objs[613]),/* "setCext-setExt" */
+&(nid_objs[614]),/* "setCext-setQualf" */
+&(nid_objs[612]),/* "setCext-tunneling" */
+&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
+&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
+&(nid_objs[570]),/* "setct-AuthReqTBE" */
+&(nid_objs[534]),/* "setct-AuthReqTBS" */
+&(nid_objs[527]),/* "setct-AuthResBaggage" */
+&(nid_objs[571]),/* "setct-AuthResTBE" */
+&(nid_objs[572]),/* "setct-AuthResTBEX" */
+&(nid_objs[535]),/* "setct-AuthResTBS" */
+&(nid_objs[536]),/* "setct-AuthResTBSX" */
+&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
+&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
+&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
+&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
+&(nid_objs[542]),/* "setct-AuthRevResData" */
+&(nid_objs[578]),/* "setct-AuthRevResTBE" */
+&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
+&(nid_objs[543]),/* "setct-AuthRevResTBS" */
+&(nid_objs[573]),/* "setct-AuthTokenTBE" */
+&(nid_objs[537]),/* "setct-AuthTokenTBS" */
+&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
+&(nid_objs[558]),/* "setct-BatchAdminReqData" */
+&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
+&(nid_objs[559]),/* "setct-BatchAdminResData" */
+&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
+&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
+&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
+&(nid_objs[580]),/* "setct-CapReqTBE" */
+&(nid_objs[581]),/* "setct-CapReqTBEX" */
+&(nid_objs[544]),/* "setct-CapReqTBS" */
+&(nid_objs[545]),/* "setct-CapReqTBSX" */
+&(nid_objs[546]),/* "setct-CapResData" */
+&(nid_objs[582]),/* "setct-CapResTBE" */
+&(nid_objs[583]),/* "setct-CapRevReqTBE" */
+&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
+&(nid_objs[547]),/* "setct-CapRevReqTBS" */
+&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
+&(nid_objs[549]),/* "setct-CapRevResData" */
+&(nid_objs[585]),/* "setct-CapRevResTBE" */
+&(nid_objs[538]),/* "setct-CapTokenData" */
+&(nid_objs[530]),/* "setct-CapTokenSeq" */
+&(nid_objs[574]),/* "setct-CapTokenTBE" */
+&(nid_objs[575]),/* "setct-CapTokenTBEX" */
+&(nid_objs[539]),/* "setct-CapTokenTBS" */
+&(nid_objs[560]),/* "setct-CardCInitResTBS" */
+&(nid_objs[566]),/* "setct-CertInqReqTBS" */
+&(nid_objs[563]),/* "setct-CertReqData" */
+&(nid_objs[595]),/* "setct-CertReqTBE" */
+&(nid_objs[596]),/* "setct-CertReqTBEX" */
+&(nid_objs[564]),/* "setct-CertReqTBS" */
+&(nid_objs[565]),/* "setct-CertResData" */
+&(nid_objs[597]),/* "setct-CertResTBE" */
+&(nid_objs[586]),/* "setct-CredReqTBE" */
+&(nid_objs[587]),/* "setct-CredReqTBEX" */
+&(nid_objs[550]),/* "setct-CredReqTBS" */
+&(nid_objs[551]),/* "setct-CredReqTBSX" */
+&(nid_objs[552]),/* "setct-CredResData" */
+&(nid_objs[588]),/* "setct-CredResTBE" */
+&(nid_objs[589]),/* "setct-CredRevReqTBE" */
+&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
+&(nid_objs[553]),/* "setct-CredRevReqTBS" */
+&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
+&(nid_objs[555]),/* "setct-CredRevResData" */
+&(nid_objs[591]),/* "setct-CredRevResTBE" */
+&(nid_objs[567]),/* "setct-ErrorTBS" */
+&(nid_objs[526]),/* "setct-HODInput" */
+&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
+&(nid_objs[522]),/* "setct-OIData" */
+&(nid_objs[519]),/* "setct-PANData" */
+&(nid_objs[521]),/* "setct-PANOnly" */
+&(nid_objs[520]),/* "setct-PANToken" */
+&(nid_objs[556]),/* "setct-PCertReqData" */
+&(nid_objs[557]),/* "setct-PCertResTBS" */
+&(nid_objs[523]),/* "setct-PI" */
+&(nid_objs[532]),/* "setct-PI-TBS" */
+&(nid_objs[524]),/* "setct-PIData" */
+&(nid_objs[525]),/* "setct-PIDataUnsigned" */
+&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
+&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
+&(nid_objs[531]),/* "setct-PInitResData" */
+&(nid_objs[533]),/* "setct-PResData" */
+&(nid_objs[594]),/* "setct-RegFormReqTBE" */
+&(nid_objs[562]),/* "setct-RegFormResTBS" */
+&(nid_objs[604]),/* "setext-pinAny" */
+&(nid_objs[603]),/* "setext-pinSecure" */
+&(nid_objs[605]),/* "setext-track2" */
 &(nid_objs[41]),/* "sha" */
 &(nid_objs[64]),/* "sha1" */
 &(nid_objs[115]),/* "sha1WithRSA" */
 &(nid_objs[65]),/* "sha1WithRSAEncryption" */
 &(nid_objs[42]),/* "shaWithRSAEncryption" */
 &(nid_objs[52]),/* "signingTime" */
+&(nid_objs[454]),/* "simpleSecurityObject" */
+&(nid_objs[496]),/* "singleLevelQuality" */
 &(nid_objs[16]),/* "stateOrProvinceName" */
-&(nid_objs[100]),/* "surname" */
+&(nid_objs[498]),/* "subtreeMaximumQuality" */
+&(nid_objs[497]),/* "subtreeMinimumQuality" */
+&(nid_objs[100]),/* "surName" */
+&(nid_objs[459]),/* "textEncodedORAddress" */
 &(nid_objs[293]),/* "textNotice" */
 &(nid_objs[106]),/* "title" */
+&(nid_objs[436]),/* "ucl" */
 &(nid_objs[ 0]),/* "undefined" */
-&(nid_objs[102]),/* "uniqueIdentifier" */
 &(nid_objs[55]),/* "unstructuredAddress" */
 &(nid_objs[49]),/* "unstructuredName" */
+&(nid_objs[465]),/* "userClass" */
+&(nid_objs[458]),/* "userId" */
 &(nid_objs[373]),/* "valid" */
+&(nid_objs[503]),/* "x500UniqueIdentifier" */
 &(nid_objs[158]),/* "x509Certificate" */
 &(nid_objs[160]),/* "x509Crl" */
 &(nid_objs[125]),/* "zlib compression" */
@@ -1889,6 +3024,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 
 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
+&(nid_objs[404]),/* OBJ_ccitt                        0 */
+&(nid_objs[434]),/* OBJ_data                         0 9 */
 &(nid_objs[181]),/* OBJ_iso                          1 */
 &(nid_objs[182]),/* OBJ_member_body                  1 2 */
 &(nid_objs[379]),/* OBJ_org                          1 3 */
@@ -1898,6 +3035,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
 &(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
 &(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+&(nid_objs[512]),/* OBJ_id_set                       2 23 42 */
+&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */
 &(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
 &(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
 &(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
@@ -1914,8 +3053,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
 &(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
 &(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
-&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+&(nid_objs[509]),/* OBJ_generationQualifier          2 5 4 44 */
+&(nid_objs[503]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */
 &(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
+&(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */
 &(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
 &(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
 &(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
@@ -1925,6 +3066,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
 &(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
 &(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
 &(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
 &(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
@@ -1934,6 +3076,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
 &(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
 &(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+&(nid_objs[513]),/* OBJ_set_ctype                    2 23 42 0 */
+&(nid_objs[514]),/* OBJ_set_msgExt                   2 23 42 1 */
+&(nid_objs[515]),/* OBJ_set_attr                     2 23 42 3 */
+&(nid_objs[516]),/* OBJ_set_policy                   2 23 42 5 */
+&(nid_objs[517]),/* OBJ_set_certExt                  2 23 42 7 */
+&(nid_objs[518]),/* OBJ_set_brand                    2 23 42 8 */
 &(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
 &(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
 &(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
@@ -1946,8 +3094,121 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+&(nid_objs[519]),/* OBJ_setct_PANData                2 23 42 0 0 */
+&(nid_objs[520]),/* OBJ_setct_PANToken               2 23 42 0 1 */
+&(nid_objs[521]),/* OBJ_setct_PANOnly                2 23 42 0 2 */
+&(nid_objs[522]),/* OBJ_setct_OIData                 2 23 42 0 3 */
+&(nid_objs[523]),/* OBJ_setct_PI                     2 23 42 0 4 */
+&(nid_objs[524]),/* OBJ_setct_PIData                 2 23 42 0 5 */
+&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+&(nid_objs[526]),/* OBJ_setct_HODInput               2 23 42 0 7 */
+&(nid_objs[527]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+&(nid_objs[530]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+&(nid_objs[531]),/* OBJ_setct_PInitResData           2 23 42 0 12 */
+&(nid_objs[532]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+&(nid_objs[533]),/* OBJ_setct_PResData               2 23 42 0 14 */
+&(nid_objs[534]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+&(nid_objs[535]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+&(nid_objs[536]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+&(nid_objs[538]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */
+&(nid_objs[539]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+&(nid_objs[542]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+&(nid_objs[544]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+&(nid_objs[545]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+&(nid_objs[546]),/* OBJ_setct_CapResData             2 23 42 0 28 */
+&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+&(nid_objs[549]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */
+&(nid_objs[550]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+&(nid_objs[551]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+&(nid_objs[552]),/* OBJ_setct_CredResData            2 23 42 0 34 */
+&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+&(nid_objs[555]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */
+&(nid_objs[556]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */
+&(nid_objs[557]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+&(nid_objs[559]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+&(nid_objs[562]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+&(nid_objs[563]),/* OBJ_setct_CertReqData            2 23 42 0 45 */
+&(nid_objs[564]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+&(nid_objs[565]),/* OBJ_setct_CertResData            2 23 42 0 47 */
+&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+&(nid_objs[567]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+&(nid_objs[570]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+&(nid_objs[571]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+&(nid_objs[572]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+&(nid_objs[574]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+&(nid_objs[580]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+&(nid_objs[581]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+&(nid_objs[582]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */
+&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+&(nid_objs[585]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+&(nid_objs[586]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+&(nid_objs[587]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+&(nid_objs[588]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */
+&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+&(nid_objs[591]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+&(nid_objs[595]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+&(nid_objs[596]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+&(nid_objs[597]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */
+&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+&(nid_objs[601]),/* OBJ_setext_genCrypt              2 23 42 1 1 */
+&(nid_objs[602]),/* OBJ_setext_miAuth                2 23 42 1 3 */
+&(nid_objs[603]),/* OBJ_setext_pinSecure             2 23 42 1 4 */
+&(nid_objs[604]),/* OBJ_setext_pinAny                2 23 42 1 5 */
+&(nid_objs[605]),/* OBJ_setext_track2                2 23 42 1 7 */
+&(nid_objs[606]),/* OBJ_setext_cv                    2 23 42 1 8 */
+&(nid_objs[620]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */
+&(nid_objs[621]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+&(nid_objs[622]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */
+&(nid_objs[623]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */
+&(nid_objs[607]),/* OBJ_set_policy_root              2 23 42 5 0 */
+&(nid_objs[608]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+&(nid_objs[609]),/* OBJ_setCext_certType             2 23 42 7 1 */
+&(nid_objs[610]),/* OBJ_setCext_merchData            2 23 42 7 2 */
+&(nid_objs[611]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+&(nid_objs[612]),/* OBJ_setCext_tunneling            2 23 42 7 4 */
+&(nid_objs[613]),/* OBJ_setCext_setExt               2 23 42 7 5 */
+&(nid_objs[614]),/* OBJ_setCext_setQualf             2 23 42 7 6 */
+&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+&(nid_objs[617]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */
+&(nid_objs[618]),/* OBJ_setCext_TokenType            2 23 42 7 10 */
+&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+&(nid_objs[640]),/* OBJ_set_brand_Visa               2 23 42 8 4 */
+&(nid_objs[641]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+&(nid_objs[637]),/* OBJ_set_brand_Diners             2 23 42 8 30 */
+&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+&(nid_objs[639]),/* OBJ_set_brand_JCB                2 23 42 8 35 */
 &(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
+&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */
 &(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
+&(nid_objs[504]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
@@ -1957,22 +3218,45 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
 &(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
 &(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
 &(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
 &(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
 &(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
 &(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
 &(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
 &(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
+&(nid_objs[624]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+&(nid_objs[625]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */
+&(nid_objs[626]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+&(nid_objs[642]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */
 &(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
 &(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
 &(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
 &(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+&(nid_objs[505]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+&(nid_objs[506]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
 &(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+&(nid_objs[632]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+&(nid_objs[634]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+&(nid_objs[635]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */
 &(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
 &(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
 &(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
 &(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 &(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 &(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
@@ -1987,7 +3271,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
 &(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
 &(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+&(nid_objs[507]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+&(nid_objs[508]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
 &(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */
 &(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
 &(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
 &(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
@@ -2001,6 +3288,14 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
 &(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[643]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
 &(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
 &(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
 &(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
@@ -2104,6 +3399,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
 &(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
 &(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
 &(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
 &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
 &(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
@@ -2111,6 +3410,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
 &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
 &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
 &(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
 &(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
 &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
@@ -2141,6 +3441,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
 &(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
 &(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
 &(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
 &(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
 &(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
@@ -2162,6 +3463,18 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
 &(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
 &(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
 &(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
 &(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
 &(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
@@ -2172,8 +3485,69 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
 &(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
 &(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */
+&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */
+&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
 &(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */
+&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */
+&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */
+&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
 &(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
 &(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
 &(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
 &(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
@@ -2196,6 +3570,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
 &(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
 &(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+&(nid_objs[648]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+&(nid_objs[649]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
 &(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
 &(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
 &(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/openssl/crypto/objects/obj_dat.pl
index be92f18..5dfb84e 100644
--- a/crypto/openssl/crypto/objects/obj_dat.pl
+++ b/crypto/openssl/crypto/objects/obj_dat.pl
@@ -168,7 +168,7 @@ print OUT <<'EOF';
 
 /* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
  * following command:
- * perl obj_dat.pl objects.h obj_dat.h
+ * perl obj_dat.pl obj_mac.h obj_dat.h
  */
 
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
diff --git a/crypto/openssl/crypto/objects/obj_err.c b/crypto/openssl/crypto/objects/obj_err.c
index 7aec0ed..80ab685 100644
--- a/crypto/openssl/crypto/objects/obj_err.c
+++ b/crypto/openssl/crypto/objects/obj_err.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA OBJ_str_functs[]=
 	{
 {ERR_PACK(0,OBJ_F_OBJ_CREATE,0),	"OBJ_create"},
@@ -90,7 +90,7 @@ void ERR_load_OBJ_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/objects/obj_lib.c b/crypto/openssl/crypto/objects/obj_lib.c
index 0c71639..b0b0f2f 100644
--- a/crypto/openssl/crypto/objects/obj_lib.c
+++ b/crypto/openssl/crypto/objects/obj_lib.c
@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
-ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 	{
 	ASN1_OBJECT *r;
 	int i;
@@ -70,7 +70,8 @@ ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
 
 	if (o == NULL) return(NULL);
 	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		return(o);
+		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
+					     duplication is this??? */
 
 	r=ASN1_OBJECT_new();
 	if (r == NULL)
@@ -116,7 +117,7 @@ err:
 	return(NULL);
 	}
 
-int OBJ_cmp(ASN1_OBJECT *a, ASN1_OBJECT *b)
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
 	{
 	int ret;
 
diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h
index a2a960e..a66b5b9 100644
--- a/crypto/openssl/crypto/objects/obj_mac.h
+++ b/crypto/openssl/crypto/objects/obj_mac.h
@@ -67,6 +67,11 @@
 #define NID_undef			0
 #define OBJ_undef			0L
 
+#define SN_ccitt		"CCITT"
+#define LN_ccitt		"ccitt"
+#define NID_ccitt		404
+#define OBJ_ccitt		0L
+
 #define SN_iso		"ISO"
 #define LN_iso		"iso"
 #define NID_iso		181
@@ -116,6 +121,67 @@
 #define NID_dsaWithSHA1		113
 #define OBJ_dsaWithSHA1		OBJ_X9cm,3L
 
+#define SN_ansi_X9_62		"ansi-X9-62"
+#define LN_ansi_X9_62		"ANSI X9.62"
+#define NID_ansi_X9_62		405
+#define OBJ_ansi_X9_62		OBJ_ISO_US,10045L
+
+#define OBJ_X9_62_id_fieldType		OBJ_ansi_X9_62,1L
+
+#define SN_X9_62_prime_field		"prime-field"
+#define NID_X9_62_prime_field		406
+#define OBJ_X9_62_prime_field		OBJ_X9_62_id_fieldType,1L
+
+#define SN_X9_62_characteristic_two_field		"characteristic-two-field"
+#define NID_X9_62_characteristic_two_field		407
+#define OBJ_X9_62_characteristic_two_field		OBJ_X9_62_id_fieldType,2L
+
+#define OBJ_X9_62_id_publicKeyType		OBJ_ansi_X9_62,2L
+
+#define SN_X9_62_id_ecPublicKey		"id-ecPublicKey"
+#define NID_X9_62_id_ecPublicKey		408
+#define OBJ_X9_62_id_ecPublicKey		OBJ_X9_62_id_publicKeyType,1L
+
+#define OBJ_X9_62_ellipticCurve		OBJ_ansi_X9_62,3L
+
+#define OBJ_X9_62_c_TwoCurve		OBJ_X9_62_ellipticCurve,0L
+
+#define OBJ_X9_62_primeCurve		OBJ_X9_62_ellipticCurve,1L
+
+#define SN_X9_62_prime192v1		"prime192v1"
+#define NID_X9_62_prime192v1		409
+#define OBJ_X9_62_prime192v1		OBJ_X9_62_primeCurve,1L
+
+#define SN_X9_62_prime192v2		"prime192v2"
+#define NID_X9_62_prime192v2		410
+#define OBJ_X9_62_prime192v2		OBJ_X9_62_primeCurve,2L
+
+#define SN_X9_62_prime192v3		"prime192v3"
+#define NID_X9_62_prime192v3		411
+#define OBJ_X9_62_prime192v3		OBJ_X9_62_primeCurve,3L
+
+#define SN_X9_62_prime239v1		"prime239v1"
+#define NID_X9_62_prime239v1		412
+#define OBJ_X9_62_prime239v1		OBJ_X9_62_primeCurve,4L
+
+#define SN_X9_62_prime239v2		"prime239v2"
+#define NID_X9_62_prime239v2		413
+#define OBJ_X9_62_prime239v2		OBJ_X9_62_primeCurve,5L
+
+#define SN_X9_62_prime239v3		"prime239v3"
+#define NID_X9_62_prime239v3		414
+#define OBJ_X9_62_prime239v3		OBJ_X9_62_primeCurve,6L
+
+#define SN_X9_62_prime256v1		"prime256v1"
+#define NID_X9_62_prime256v1		415
+#define OBJ_X9_62_prime256v1		OBJ_X9_62_primeCurve,7L
+
+#define OBJ_X9_62_id_ecSigType		OBJ_ansi_X9_62,4L
+
+#define SN_ecdsa_with_SHA1		"ecdsa-with-SHA1"
+#define NID_ecdsa_with_SHA1		416
+#define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L
+
 #define SN_cast5_cbc		"CAST5-CBC"
 #define LN_cast5_cbc		"cast5-cbc"
 #define NID_cast5_cbc		108
@@ -261,7 +327,6 @@
 #define NID_pkcs9		47
 #define OBJ_pkcs9		OBJ_pkcs,9L
 
-#define SN_pkcs9_emailAddress		"Email"
 #define LN_pkcs9_emailAddress		"emailAddress"
 #define NID_pkcs9_emailAddress		48
 #define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
@@ -593,6 +658,11 @@
 #define NID_localKeyID		157
 #define OBJ_localKeyID		OBJ_pkcs9,21L
 
+#define SN_ms_csp_name		"CSPName"
+#define LN_ms_csp_name		"Microsoft CSP Name"
+#define NID_ms_csp_name		417
+#define OBJ_ms_csp_name		1L,3L,6L,1L,4L,1L,311L,17L,1L
+
 #define OBJ_certTypes		OBJ_pkcs9,22L
 
 #define LN_x509Certificate		"x509Certificate"
@@ -780,6 +850,16 @@
 #define NID_ms_efs		138
 #define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
 
+#define SN_ms_smartcard_login		"msSmartcardLogin"
+#define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
+#define NID_ms_smartcard_login		648
+#define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn		"msUPN"
+#define LN_ms_upn		"Microsoft Universal Principal Name"
+#define NID_ms_upn		649
+#define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
 #define SN_idea_cbc		"IDEA-CBC"
 #define LN_idea_cbc		"idea-cbc"
 #define NID_idea_cbc		34
@@ -1352,6 +1432,7 @@
 #define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L
 
 #define SN_id_pkix_OCSP_noCheck		"noCheck"
+#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"
 #define NID_id_pkix_OCSP_noCheck		369
 #define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L
 
@@ -1432,14 +1513,14 @@
 #define NID_shaWithRSAEncryption		42
 #define OBJ_shaWithRSAEncryption		OBJ_algorithm,15L
 
-#define SN_des_ede		"DES-EDE"
-#define LN_des_ede		"des-ede"
-#define NID_des_ede		32
-#define OBJ_des_ede		OBJ_algorithm,17L
+#define SN_des_ede_ecb		"DES-EDE"
+#define LN_des_ede_ecb		"des-ede"
+#define NID_des_ede_ecb		32
+#define OBJ_des_ede_ecb		OBJ_algorithm,17L
 
-#define SN_des_ede3		"DES-EDE3"
-#define LN_des_ede3		"des-ede3"
-#define NID_des_ede3		33
+#define SN_des_ede3_ecb		"DES-EDE3"
+#define LN_des_ede3_ecb		"des-ede3"
+#define NID_des_ede3_ecb		33
 
 #define SN_des_ede_cbc		"DES-EDE-CBC"
 #define LN_des_ede_cbc		"des-ede-cbc"
@@ -1514,12 +1595,11 @@
 #define NID_commonName		13
 #define OBJ_commonName		OBJ_X509,3L
 
-#define SN_surname		"S"
-#define LN_surname		"surname"
+#define SN_surname		"SN"
+#define LN_surname		"surName"
 #define NID_surname		100
 #define OBJ_surname		OBJ_X509,4L
 
-#define SN_serialNumber		"SN"
 #define LN_serialNumber		"serialNumber"
 #define NID_serialNumber		105
 #define OBJ_serialNumber		OBJ_X509,5L
@@ -1549,12 +1629,10 @@
 #define NID_organizationalUnitName		18
 #define OBJ_organizationalUnitName		OBJ_X509,11L
 
-#define SN_title		"T"
 #define LN_title		"title"
 #define NID_title		106
 #define OBJ_title		OBJ_X509,12L
 
-#define SN_description		"D"
 #define LN_description		"description"
 #define NID_description		107
 #define OBJ_description		OBJ_X509,13L
@@ -1564,25 +1642,32 @@
 #define NID_name		173
 #define OBJ_name		OBJ_X509,41L
 
-#define SN_givenName		"G"
+#define SN_givenName		"GN"
 #define LN_givenName		"givenName"
 #define NID_givenName		99
 #define OBJ_givenName		OBJ_X509,42L
 
-#define SN_initials		"I"
 #define LN_initials		"initials"
 #define NID_initials		101
 #define OBJ_initials		OBJ_X509,43L
 
-#define LN_uniqueIdentifier		"uniqueIdentifier"
-#define NID_uniqueIdentifier		102
-#define OBJ_uniqueIdentifier		OBJ_X509,45L
+#define LN_generationQualifier		"generationQualifier"
+#define NID_generationQualifier		509
+#define OBJ_generationQualifier		OBJ_X509,44L
+
+#define LN_x500UniqueIdentifier		"x500UniqueIdentifier"
+#define NID_x500UniqueIdentifier		503
+#define OBJ_x500UniqueIdentifier		OBJ_X509,45L
 
 #define SN_dnQualifier		"dnQualifier"
 #define LN_dnQualifier		"dnQualifier"
 #define NID_dnQualifier		174
 #define OBJ_dnQualifier		OBJ_X509,46L
 
+#define LN_pseudonym		"pseudonym"
+#define NID_pseudonym		510
+#define OBJ_pseudonym		OBJ_X509,65L
+
 #define SN_role		"role"
 #define LN_role		"role"
 #define NID_role		400
@@ -1809,7 +1894,6 @@
 #define NID_SNMPv2		387
 #define OBJ_SNMPv2		OBJ_internet,6L
 
-#define SN_Mail		"mail"
 #define LN_Mail		"Mail"
 #define NID_Mail		388
 #define OBJ_Mail		OBJ_internet,7L
@@ -1824,15 +1908,30 @@
 #define NID_dcObject		390
 #define OBJ_dcObject		OBJ_Enterprises,1466L,344L
 
-#define SN_domainComponent		"DC"
-#define LN_domainComponent		"domainComponent"
-#define NID_domainComponent		391
-#define OBJ_domainComponent		0L,9L,2342L,19200300L,100L,1L,25L
+#define SN_mime_mhs		"mime-mhs"
+#define LN_mime_mhs		"MIME MHS"
+#define NID_mime_mhs		504
+#define OBJ_mime_mhs		OBJ_Mail,1L
 
-#define SN_Domain		"domain"
-#define LN_Domain		"Domain"
-#define NID_Domain		392
-#define OBJ_Domain		0L,9L,2342L,19200300L,100L,4L,13L
+#define SN_mime_mhs_headings		"mime-mhs-headings"
+#define LN_mime_mhs_headings		"mime-mhs-headings"
+#define NID_mime_mhs_headings		505
+#define OBJ_mime_mhs_headings		OBJ_mime_mhs,1L
+
+#define SN_mime_mhs_bodies		"mime-mhs-bodies"
+#define LN_mime_mhs_bodies		"mime-mhs-bodies"
+#define NID_mime_mhs_bodies		506
+#define OBJ_mime_mhs_bodies		OBJ_mime_mhs,2L
+
+#define SN_id_hex_partial_message		"id-hex-partial-message"
+#define LN_id_hex_partial_message		"id-hex-partial-message"
+#define NID_id_hex_partial_message		507
+#define OBJ_id_hex_partial_message		OBJ_mime_mhs_headings,1L
+
+#define SN_id_hex_multipart_message		"id-hex-multipart-message"
+#define LN_id_hex_multipart_message		"id-hex-multipart-message"
+#define NID_id_hex_multipart_message		508
+#define OBJ_id_hex_multipart_message		OBJ_mime_mhs_headings,2L
 
 #define SN_rle_compression		"RLE"
 #define LN_rle_compression		"run length compression"
@@ -1844,3 +1943,926 @@
 #define NID_zlib_compression		125
 #define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L
 
+#define OBJ_csor		2L,16L,840L,1L,101L,3L
+
+#define OBJ_nistAlgorithms		OBJ_csor,4L
+
+#define OBJ_aes		OBJ_nistAlgorithms,1L
+
+#define SN_aes_128_ecb		"AES-128-ECB"
+#define LN_aes_128_ecb		"aes-128-ecb"
+#define NID_aes_128_ecb		418
+#define OBJ_aes_128_ecb		OBJ_aes,1L
+
+#define SN_aes_128_cbc		"AES-128-CBC"
+#define LN_aes_128_cbc		"aes-128-cbc"
+#define NID_aes_128_cbc		419
+#define OBJ_aes_128_cbc		OBJ_aes,2L
+
+#define SN_aes_128_ofb128		"AES-128-OFB"
+#define LN_aes_128_ofb128		"aes-128-ofb"
+#define NID_aes_128_ofb128		420
+#define OBJ_aes_128_ofb128		OBJ_aes,3L
+
+#define SN_aes_128_cfb128		"AES-128-CFB"
+#define LN_aes_128_cfb128		"aes-128-cfb"
+#define NID_aes_128_cfb128		421
+#define OBJ_aes_128_cfb128		OBJ_aes,4L
+
+#define SN_aes_192_ecb		"AES-192-ECB"
+#define LN_aes_192_ecb		"aes-192-ecb"
+#define NID_aes_192_ecb		422
+#define OBJ_aes_192_ecb		OBJ_aes,21L
+
+#define SN_aes_192_cbc		"AES-192-CBC"
+#define LN_aes_192_cbc		"aes-192-cbc"
+#define NID_aes_192_cbc		423
+#define OBJ_aes_192_cbc		OBJ_aes,22L
+
+#define SN_aes_192_ofb128		"AES-192-OFB"
+#define LN_aes_192_ofb128		"aes-192-ofb"
+#define NID_aes_192_ofb128		424
+#define OBJ_aes_192_ofb128		OBJ_aes,23L
+
+#define SN_aes_192_cfb128		"AES-192-CFB"
+#define LN_aes_192_cfb128		"aes-192-cfb"
+#define NID_aes_192_cfb128		425
+#define OBJ_aes_192_cfb128		OBJ_aes,24L
+
+#define SN_aes_256_ecb		"AES-256-ECB"
+#define LN_aes_256_ecb		"aes-256-ecb"
+#define NID_aes_256_ecb		426
+#define OBJ_aes_256_ecb		OBJ_aes,41L
+
+#define SN_aes_256_cbc		"AES-256-CBC"
+#define LN_aes_256_cbc		"aes-256-cbc"
+#define NID_aes_256_cbc		427
+#define OBJ_aes_256_cbc		OBJ_aes,42L
+
+#define SN_aes_256_ofb128		"AES-256-OFB"
+#define LN_aes_256_ofb128		"aes-256-ofb"
+#define NID_aes_256_ofb128		428
+#define OBJ_aes_256_ofb128		OBJ_aes,43L
+
+#define SN_aes_256_cfb128		"AES-256-CFB"
+#define LN_aes_256_cfb128		"aes-256-cfb"
+#define NID_aes_256_cfb128		429
+#define OBJ_aes_256_cfb128		OBJ_aes,44L
+
+#define SN_hold_instruction_code		"holdInstructionCode"
+#define LN_hold_instruction_code		"Hold Instruction Code"
+#define NID_hold_instruction_code		430
+#define OBJ_hold_instruction_code		OBJ_id_ce,23L
+
+#define OBJ_holdInstruction		OBJ_X9_57,2L
+
+#define SN_hold_instruction_none		"holdInstructionNone"
+#define LN_hold_instruction_none		"Hold Instruction None"
+#define NID_hold_instruction_none		431
+#define OBJ_hold_instruction_none		OBJ_holdInstruction,1L
+
+#define SN_hold_instruction_call_issuer		"holdInstructionCallIssuer"
+#define LN_hold_instruction_call_issuer		"Hold Instruction Call Issuer"
+#define NID_hold_instruction_call_issuer		432
+#define OBJ_hold_instruction_call_issuer		OBJ_holdInstruction,2L
+
+#define SN_hold_instruction_reject		"holdInstructionReject"
+#define LN_hold_instruction_reject		"Hold Instruction Reject"
+#define NID_hold_instruction_reject		433
+#define OBJ_hold_instruction_reject		OBJ_holdInstruction,3L
+
+#define SN_data		"data"
+#define NID_data		434
+#define OBJ_data		OBJ_ccitt,9L
+
+#define SN_pss		"pss"
+#define NID_pss		435
+#define OBJ_pss		OBJ_data,2342L
+
+#define SN_ucl		"ucl"
+#define NID_ucl		436
+#define OBJ_ucl		OBJ_pss,19200300L
+
+#define SN_pilot		"pilot"
+#define NID_pilot		437
+#define OBJ_pilot		OBJ_ucl,100L
+
+#define LN_pilotAttributeType		"pilotAttributeType"
+#define NID_pilotAttributeType		438
+#define OBJ_pilotAttributeType		OBJ_pilot,1L
+
+#define LN_pilotAttributeSyntax		"pilotAttributeSyntax"
+#define NID_pilotAttributeSyntax		439
+#define OBJ_pilotAttributeSyntax		OBJ_pilot,3L
+
+#define LN_pilotObjectClass		"pilotObjectClass"
+#define NID_pilotObjectClass		440
+#define OBJ_pilotObjectClass		OBJ_pilot,4L
+
+#define LN_pilotGroups		"pilotGroups"
+#define NID_pilotGroups		441
+#define OBJ_pilotGroups		OBJ_pilot,10L
+
+#define LN_iA5StringSyntax		"iA5StringSyntax"
+#define NID_iA5StringSyntax		442
+#define OBJ_iA5StringSyntax		OBJ_pilotAttributeSyntax,4L
+
+#define LN_caseIgnoreIA5StringSyntax		"caseIgnoreIA5StringSyntax"
+#define NID_caseIgnoreIA5StringSyntax		443
+#define OBJ_caseIgnoreIA5StringSyntax		OBJ_pilotAttributeSyntax,5L
+
+#define LN_pilotObject		"pilotObject"
+#define NID_pilotObject		444
+#define OBJ_pilotObject		OBJ_pilotObjectClass,3L
+
+#define LN_pilotPerson		"pilotPerson"
+#define NID_pilotPerson		445
+#define OBJ_pilotPerson		OBJ_pilotObjectClass,4L
+
+#define SN_account		"account"
+#define NID_account		446
+#define OBJ_account		OBJ_pilotObjectClass,5L
+
+#define SN_document		"document"
+#define NID_document		447
+#define OBJ_document		OBJ_pilotObjectClass,6L
+
+#define SN_room		"room"
+#define NID_room		448
+#define OBJ_room		OBJ_pilotObjectClass,7L
+
+#define LN_documentSeries		"documentSeries"
+#define NID_documentSeries		449
+#define OBJ_documentSeries		OBJ_pilotObjectClass,9L
+
+#define SN_Domain		"domain"
+#define LN_Domain		"Domain"
+#define NID_Domain		392
+#define OBJ_Domain		OBJ_pilotObjectClass,13L
+
+#define LN_rFC822localPart		"rFC822localPart"
+#define NID_rFC822localPart		450
+#define OBJ_rFC822localPart		OBJ_pilotObjectClass,14L
+
+#define LN_dNSDomain		"dNSDomain"
+#define NID_dNSDomain		451
+#define OBJ_dNSDomain		OBJ_pilotObjectClass,15L
+
+#define LN_domainRelatedObject		"domainRelatedObject"
+#define NID_domainRelatedObject		452
+#define OBJ_domainRelatedObject		OBJ_pilotObjectClass,17L
+
+#define LN_friendlyCountry		"friendlyCountry"
+#define NID_friendlyCountry		453
+#define OBJ_friendlyCountry		OBJ_pilotObjectClass,18L
+
+#define LN_simpleSecurityObject		"simpleSecurityObject"
+#define NID_simpleSecurityObject		454
+#define OBJ_simpleSecurityObject		OBJ_pilotObjectClass,19L
+
+#define LN_pilotOrganization		"pilotOrganization"
+#define NID_pilotOrganization		455
+#define OBJ_pilotOrganization		OBJ_pilotObjectClass,20L
+
+#define LN_pilotDSA		"pilotDSA"
+#define NID_pilotDSA		456
+#define OBJ_pilotDSA		OBJ_pilotObjectClass,21L
+
+#define LN_qualityLabelledData		"qualityLabelledData"
+#define NID_qualityLabelledData		457
+#define OBJ_qualityLabelledData		OBJ_pilotObjectClass,22L
+
+#define SN_userId		"UID"
+#define LN_userId		"userId"
+#define NID_userId		458
+#define OBJ_userId		OBJ_pilotAttributeType,1L
+
+#define LN_textEncodedORAddress		"textEncodedORAddress"
+#define NID_textEncodedORAddress		459
+#define OBJ_textEncodedORAddress		OBJ_pilotAttributeType,2L
+
+#define SN_rfc822Mailbox		"mail"
+#define LN_rfc822Mailbox		"rfc822Mailbox"
+#define NID_rfc822Mailbox		460
+#define OBJ_rfc822Mailbox		OBJ_pilotAttributeType,3L
+
+#define SN_info		"info"
+#define NID_info		461
+#define OBJ_info		OBJ_pilotAttributeType,4L
+
+#define LN_favouriteDrink		"favouriteDrink"
+#define NID_favouriteDrink		462
+#define OBJ_favouriteDrink		OBJ_pilotAttributeType,5L
+
+#define LN_roomNumber		"roomNumber"
+#define NID_roomNumber		463
+#define OBJ_roomNumber		OBJ_pilotAttributeType,6L
+
+#define SN_photo		"photo"
+#define NID_photo		464
+#define OBJ_photo		OBJ_pilotAttributeType,7L
+
+#define LN_userClass		"userClass"
+#define NID_userClass		465
+#define OBJ_userClass		OBJ_pilotAttributeType,8L
+
+#define SN_host		"host"
+#define NID_host		466
+#define OBJ_host		OBJ_pilotAttributeType,9L
+
+#define SN_manager		"manager"
+#define NID_manager		467
+#define OBJ_manager		OBJ_pilotAttributeType,10L
+
+#define LN_documentIdentifier		"documentIdentifier"
+#define NID_documentIdentifier		468
+#define OBJ_documentIdentifier		OBJ_pilotAttributeType,11L
+
+#define LN_documentTitle		"documentTitle"
+#define NID_documentTitle		469
+#define OBJ_documentTitle		OBJ_pilotAttributeType,12L
+
+#define LN_documentVersion		"documentVersion"
+#define NID_documentVersion		470
+#define OBJ_documentVersion		OBJ_pilotAttributeType,13L
+
+#define LN_documentAuthor		"documentAuthor"
+#define NID_documentAuthor		471
+#define OBJ_documentAuthor		OBJ_pilotAttributeType,14L
+
+#define LN_documentLocation		"documentLocation"
+#define NID_documentLocation		472
+#define OBJ_documentLocation		OBJ_pilotAttributeType,15L
+
+#define LN_homeTelephoneNumber		"homeTelephoneNumber"
+#define NID_homeTelephoneNumber		473
+#define OBJ_homeTelephoneNumber		OBJ_pilotAttributeType,20L
+
+#define SN_secretary		"secretary"
+#define NID_secretary		474
+#define OBJ_secretary		OBJ_pilotAttributeType,21L
+
+#define LN_otherMailbox		"otherMailbox"
+#define NID_otherMailbox		475
+#define OBJ_otherMailbox		OBJ_pilotAttributeType,22L
+
+#define LN_lastModifiedTime		"lastModifiedTime"
+#define NID_lastModifiedTime		476
+#define OBJ_lastModifiedTime		OBJ_pilotAttributeType,23L
+
+#define LN_lastModifiedBy		"lastModifiedBy"
+#define NID_lastModifiedBy		477
+#define OBJ_lastModifiedBy		OBJ_pilotAttributeType,24L
+
+#define SN_domainComponent		"DC"
+#define LN_domainComponent		"domainComponent"
+#define NID_domainComponent		391
+#define OBJ_domainComponent		OBJ_pilotAttributeType,25L
+
+#define LN_aRecord		"aRecord"
+#define NID_aRecord		478
+#define OBJ_aRecord		OBJ_pilotAttributeType,26L
+
+#define LN_pilotAttributeType27		"pilotAttributeType27"
+#define NID_pilotAttributeType27		479
+#define OBJ_pilotAttributeType27		OBJ_pilotAttributeType,27L
+
+#define LN_mXRecord		"mXRecord"
+#define NID_mXRecord		480
+#define OBJ_mXRecord		OBJ_pilotAttributeType,28L
+
+#define LN_nSRecord		"nSRecord"
+#define NID_nSRecord		481
+#define OBJ_nSRecord		OBJ_pilotAttributeType,29L
+
+#define LN_sOARecord		"sOARecord"
+#define NID_sOARecord		482
+#define OBJ_sOARecord		OBJ_pilotAttributeType,30L
+
+#define LN_cNAMERecord		"cNAMERecord"
+#define NID_cNAMERecord		483
+#define OBJ_cNAMERecord		OBJ_pilotAttributeType,31L
+
+#define LN_associatedDomain		"associatedDomain"
+#define NID_associatedDomain		484
+#define OBJ_associatedDomain		OBJ_pilotAttributeType,37L
+
+#define LN_associatedName		"associatedName"
+#define NID_associatedName		485
+#define OBJ_associatedName		OBJ_pilotAttributeType,38L
+
+#define LN_homePostalAddress		"homePostalAddress"
+#define NID_homePostalAddress		486
+#define OBJ_homePostalAddress		OBJ_pilotAttributeType,39L
+
+#define LN_personalTitle		"personalTitle"
+#define NID_personalTitle		487
+#define OBJ_personalTitle		OBJ_pilotAttributeType,40L
+
+#define LN_mobileTelephoneNumber		"mobileTelephoneNumber"
+#define NID_mobileTelephoneNumber		488
+#define OBJ_mobileTelephoneNumber		OBJ_pilotAttributeType,41L
+
+#define LN_pagerTelephoneNumber		"pagerTelephoneNumber"
+#define NID_pagerTelephoneNumber		489
+#define OBJ_pagerTelephoneNumber		OBJ_pilotAttributeType,42L
+
+#define LN_friendlyCountryName		"friendlyCountryName"
+#define NID_friendlyCountryName		490
+#define OBJ_friendlyCountryName		OBJ_pilotAttributeType,43L
+
+#define LN_organizationalStatus		"organizationalStatus"
+#define NID_organizationalStatus		491
+#define OBJ_organizationalStatus		OBJ_pilotAttributeType,45L
+
+#define LN_janetMailbox		"janetMailbox"
+#define NID_janetMailbox		492
+#define OBJ_janetMailbox		OBJ_pilotAttributeType,46L
+
+#define LN_mailPreferenceOption		"mailPreferenceOption"
+#define NID_mailPreferenceOption		493
+#define OBJ_mailPreferenceOption		OBJ_pilotAttributeType,47L
+
+#define LN_buildingName		"buildingName"
+#define NID_buildingName		494
+#define OBJ_buildingName		OBJ_pilotAttributeType,48L
+
+#define LN_dSAQuality		"dSAQuality"
+#define NID_dSAQuality		495
+#define OBJ_dSAQuality		OBJ_pilotAttributeType,49L
+
+#define LN_singleLevelQuality		"singleLevelQuality"
+#define NID_singleLevelQuality		496
+#define OBJ_singleLevelQuality		OBJ_pilotAttributeType,50L
+
+#define LN_subtreeMinimumQuality		"subtreeMinimumQuality"
+#define NID_subtreeMinimumQuality		497
+#define OBJ_subtreeMinimumQuality		OBJ_pilotAttributeType,51L
+
+#define LN_subtreeMaximumQuality		"subtreeMaximumQuality"
+#define NID_subtreeMaximumQuality		498
+#define OBJ_subtreeMaximumQuality		OBJ_pilotAttributeType,52L
+
+#define LN_personalSignature		"personalSignature"
+#define NID_personalSignature		499
+#define OBJ_personalSignature		OBJ_pilotAttributeType,53L
+
+#define LN_dITRedirect		"dITRedirect"
+#define NID_dITRedirect		500
+#define OBJ_dITRedirect		OBJ_pilotAttributeType,54L
+
+#define SN_audio		"audio"
+#define NID_audio		501
+#define OBJ_audio		OBJ_pilotAttributeType,55L
+
+#define LN_documentPublisher		"documentPublisher"
+#define NID_documentPublisher		502
+#define OBJ_documentPublisher		OBJ_pilotAttributeType,56L
+
+#define SN_id_set		"id-set"
+#define LN_id_set		"Secure Electronic Transactions"
+#define NID_id_set		512
+#define OBJ_id_set		2L,23L,42L
+
+#define SN_set_ctype		"set-ctype"
+#define LN_set_ctype		"content types"
+#define NID_set_ctype		513
+#define OBJ_set_ctype		OBJ_id_set,0L
+
+#define SN_set_msgExt		"set-msgExt"
+#define LN_set_msgExt		"message extensions"
+#define NID_set_msgExt		514
+#define OBJ_set_msgExt		OBJ_id_set,1L
+
+#define SN_set_attr		"set-attr"
+#define NID_set_attr		515
+#define OBJ_set_attr		OBJ_id_set,3L
+
+#define SN_set_policy		"set-policy"
+#define NID_set_policy		516
+#define OBJ_set_policy		OBJ_id_set,5L
+
+#define SN_set_certExt		"set-certExt"
+#define LN_set_certExt		"certificate extensions"
+#define NID_set_certExt		517
+#define OBJ_set_certExt		OBJ_id_set,7L
+
+#define SN_set_brand		"set-brand"
+#define NID_set_brand		518
+#define OBJ_set_brand		OBJ_id_set,8L
+
+#define SN_setct_PANData		"setct-PANData"
+#define NID_setct_PANData		519
+#define OBJ_setct_PANData		OBJ_set_ctype,0L
+
+#define SN_setct_PANToken		"setct-PANToken"
+#define NID_setct_PANToken		520
+#define OBJ_setct_PANToken		OBJ_set_ctype,1L
+
+#define SN_setct_PANOnly		"setct-PANOnly"
+#define NID_setct_PANOnly		521
+#define OBJ_setct_PANOnly		OBJ_set_ctype,2L
+
+#define SN_setct_OIData		"setct-OIData"
+#define NID_setct_OIData		522
+#define OBJ_setct_OIData		OBJ_set_ctype,3L
+
+#define SN_setct_PI		"setct-PI"
+#define NID_setct_PI		523
+#define OBJ_setct_PI		OBJ_set_ctype,4L
+
+#define SN_setct_PIData		"setct-PIData"
+#define NID_setct_PIData		524
+#define OBJ_setct_PIData		OBJ_set_ctype,5L
+
+#define SN_setct_PIDataUnsigned		"setct-PIDataUnsigned"
+#define NID_setct_PIDataUnsigned		525
+#define OBJ_setct_PIDataUnsigned		OBJ_set_ctype,6L
+
+#define SN_setct_HODInput		"setct-HODInput"
+#define NID_setct_HODInput		526
+#define OBJ_setct_HODInput		OBJ_set_ctype,7L
+
+#define SN_setct_AuthResBaggage		"setct-AuthResBaggage"
+#define NID_setct_AuthResBaggage		527
+#define OBJ_setct_AuthResBaggage		OBJ_set_ctype,8L
+
+#define SN_setct_AuthRevReqBaggage		"setct-AuthRevReqBaggage"
+#define NID_setct_AuthRevReqBaggage		528
+#define OBJ_setct_AuthRevReqBaggage		OBJ_set_ctype,9L
+
+#define SN_setct_AuthRevResBaggage		"setct-AuthRevResBaggage"
+#define NID_setct_AuthRevResBaggage		529
+#define OBJ_setct_AuthRevResBaggage		OBJ_set_ctype,10L
+
+#define SN_setct_CapTokenSeq		"setct-CapTokenSeq"
+#define NID_setct_CapTokenSeq		530
+#define OBJ_setct_CapTokenSeq		OBJ_set_ctype,11L
+
+#define SN_setct_PInitResData		"setct-PInitResData"
+#define NID_setct_PInitResData		531
+#define OBJ_setct_PInitResData		OBJ_set_ctype,12L
+
+#define SN_setct_PI_TBS		"setct-PI-TBS"
+#define NID_setct_PI_TBS		532
+#define OBJ_setct_PI_TBS		OBJ_set_ctype,13L
+
+#define SN_setct_PResData		"setct-PResData"
+#define NID_setct_PResData		533
+#define OBJ_setct_PResData		OBJ_set_ctype,14L
+
+#define SN_setct_AuthReqTBS		"setct-AuthReqTBS"
+#define NID_setct_AuthReqTBS		534
+#define OBJ_setct_AuthReqTBS		OBJ_set_ctype,16L
+
+#define SN_setct_AuthResTBS		"setct-AuthResTBS"
+#define NID_setct_AuthResTBS		535
+#define OBJ_setct_AuthResTBS		OBJ_set_ctype,17L
+
+#define SN_setct_AuthResTBSX		"setct-AuthResTBSX"
+#define NID_setct_AuthResTBSX		536
+#define OBJ_setct_AuthResTBSX		OBJ_set_ctype,18L
+
+#define SN_setct_AuthTokenTBS		"setct-AuthTokenTBS"
+#define NID_setct_AuthTokenTBS		537
+#define OBJ_setct_AuthTokenTBS		OBJ_set_ctype,19L
+
+#define SN_setct_CapTokenData		"setct-CapTokenData"
+#define NID_setct_CapTokenData		538
+#define OBJ_setct_CapTokenData		OBJ_set_ctype,20L
+
+#define SN_setct_CapTokenTBS		"setct-CapTokenTBS"
+#define NID_setct_CapTokenTBS		539
+#define OBJ_setct_CapTokenTBS		OBJ_set_ctype,21L
+
+#define SN_setct_AcqCardCodeMsg		"setct-AcqCardCodeMsg"
+#define NID_setct_AcqCardCodeMsg		540
+#define OBJ_setct_AcqCardCodeMsg		OBJ_set_ctype,22L
+
+#define SN_setct_AuthRevReqTBS		"setct-AuthRevReqTBS"
+#define NID_setct_AuthRevReqTBS		541
+#define OBJ_setct_AuthRevReqTBS		OBJ_set_ctype,23L
+
+#define SN_setct_AuthRevResData		"setct-AuthRevResData"
+#define NID_setct_AuthRevResData		542
+#define OBJ_setct_AuthRevResData		OBJ_set_ctype,24L
+
+#define SN_setct_AuthRevResTBS		"setct-AuthRevResTBS"
+#define NID_setct_AuthRevResTBS		543
+#define OBJ_setct_AuthRevResTBS		OBJ_set_ctype,25L
+
+#define SN_setct_CapReqTBS		"setct-CapReqTBS"
+#define NID_setct_CapReqTBS		544
+#define OBJ_setct_CapReqTBS		OBJ_set_ctype,26L
+
+#define SN_setct_CapReqTBSX		"setct-CapReqTBSX"
+#define NID_setct_CapReqTBSX		545
+#define OBJ_setct_CapReqTBSX		OBJ_set_ctype,27L
+
+#define SN_setct_CapResData		"setct-CapResData"
+#define NID_setct_CapResData		546
+#define OBJ_setct_CapResData		OBJ_set_ctype,28L
+
+#define SN_setct_CapRevReqTBS		"setct-CapRevReqTBS"
+#define NID_setct_CapRevReqTBS		547
+#define OBJ_setct_CapRevReqTBS		OBJ_set_ctype,29L
+
+#define SN_setct_CapRevReqTBSX		"setct-CapRevReqTBSX"
+#define NID_setct_CapRevReqTBSX		548
+#define OBJ_setct_CapRevReqTBSX		OBJ_set_ctype,30L
+
+#define SN_setct_CapRevResData		"setct-CapRevResData"
+#define NID_setct_CapRevResData		549
+#define OBJ_setct_CapRevResData		OBJ_set_ctype,31L
+
+#define SN_setct_CredReqTBS		"setct-CredReqTBS"
+#define NID_setct_CredReqTBS		550
+#define OBJ_setct_CredReqTBS		OBJ_set_ctype,32L
+
+#define SN_setct_CredReqTBSX		"setct-CredReqTBSX"
+#define NID_setct_CredReqTBSX		551
+#define OBJ_setct_CredReqTBSX		OBJ_set_ctype,33L
+
+#define SN_setct_CredResData		"setct-CredResData"
+#define NID_setct_CredResData		552
+#define OBJ_setct_CredResData		OBJ_set_ctype,34L
+
+#define SN_setct_CredRevReqTBS		"setct-CredRevReqTBS"
+#define NID_setct_CredRevReqTBS		553
+#define OBJ_setct_CredRevReqTBS		OBJ_set_ctype,35L
+
+#define SN_setct_CredRevReqTBSX		"setct-CredRevReqTBSX"
+#define NID_setct_CredRevReqTBSX		554
+#define OBJ_setct_CredRevReqTBSX		OBJ_set_ctype,36L
+
+#define SN_setct_CredRevResData		"setct-CredRevResData"
+#define NID_setct_CredRevResData		555
+#define OBJ_setct_CredRevResData		OBJ_set_ctype,37L
+
+#define SN_setct_PCertReqData		"setct-PCertReqData"
+#define NID_setct_PCertReqData		556
+#define OBJ_setct_PCertReqData		OBJ_set_ctype,38L
+
+#define SN_setct_PCertResTBS		"setct-PCertResTBS"
+#define NID_setct_PCertResTBS		557
+#define OBJ_setct_PCertResTBS		OBJ_set_ctype,39L
+
+#define SN_setct_BatchAdminReqData		"setct-BatchAdminReqData"
+#define NID_setct_BatchAdminReqData		558
+#define OBJ_setct_BatchAdminReqData		OBJ_set_ctype,40L
+
+#define SN_setct_BatchAdminResData		"setct-BatchAdminResData"
+#define NID_setct_BatchAdminResData		559
+#define OBJ_setct_BatchAdminResData		OBJ_set_ctype,41L
+
+#define SN_setct_CardCInitResTBS		"setct-CardCInitResTBS"
+#define NID_setct_CardCInitResTBS		560
+#define OBJ_setct_CardCInitResTBS		OBJ_set_ctype,42L
+
+#define SN_setct_MeAqCInitResTBS		"setct-MeAqCInitResTBS"
+#define NID_setct_MeAqCInitResTBS		561
+#define OBJ_setct_MeAqCInitResTBS		OBJ_set_ctype,43L
+
+#define SN_setct_RegFormResTBS		"setct-RegFormResTBS"
+#define NID_setct_RegFormResTBS		562
+#define OBJ_setct_RegFormResTBS		OBJ_set_ctype,44L
+
+#define SN_setct_CertReqData		"setct-CertReqData"
+#define NID_setct_CertReqData		563
+#define OBJ_setct_CertReqData		OBJ_set_ctype,45L
+
+#define SN_setct_CertReqTBS		"setct-CertReqTBS"
+#define NID_setct_CertReqTBS		564
+#define OBJ_setct_CertReqTBS		OBJ_set_ctype,46L
+
+#define SN_setct_CertResData		"setct-CertResData"
+#define NID_setct_CertResData		565
+#define OBJ_setct_CertResData		OBJ_set_ctype,47L
+
+#define SN_setct_CertInqReqTBS		"setct-CertInqReqTBS"
+#define NID_setct_CertInqReqTBS		566
+#define OBJ_setct_CertInqReqTBS		OBJ_set_ctype,48L
+
+#define SN_setct_ErrorTBS		"setct-ErrorTBS"
+#define NID_setct_ErrorTBS		567
+#define OBJ_setct_ErrorTBS		OBJ_set_ctype,49L
+
+#define SN_setct_PIDualSignedTBE		"setct-PIDualSignedTBE"
+#define NID_setct_PIDualSignedTBE		568
+#define OBJ_setct_PIDualSignedTBE		OBJ_set_ctype,50L
+
+#define SN_setct_PIUnsignedTBE		"setct-PIUnsignedTBE"
+#define NID_setct_PIUnsignedTBE		569
+#define OBJ_setct_PIUnsignedTBE		OBJ_set_ctype,51L
+
+#define SN_setct_AuthReqTBE		"setct-AuthReqTBE"
+#define NID_setct_AuthReqTBE		570
+#define OBJ_setct_AuthReqTBE		OBJ_set_ctype,52L
+
+#define SN_setct_AuthResTBE		"setct-AuthResTBE"
+#define NID_setct_AuthResTBE		571
+#define OBJ_setct_AuthResTBE		OBJ_set_ctype,53L
+
+#define SN_setct_AuthResTBEX		"setct-AuthResTBEX"
+#define NID_setct_AuthResTBEX		572
+#define OBJ_setct_AuthResTBEX		OBJ_set_ctype,54L
+
+#define SN_setct_AuthTokenTBE		"setct-AuthTokenTBE"
+#define NID_setct_AuthTokenTBE		573
+#define OBJ_setct_AuthTokenTBE		OBJ_set_ctype,55L
+
+#define SN_setct_CapTokenTBE		"setct-CapTokenTBE"
+#define NID_setct_CapTokenTBE		574
+#define OBJ_setct_CapTokenTBE		OBJ_set_ctype,56L
+
+#define SN_setct_CapTokenTBEX		"setct-CapTokenTBEX"
+#define NID_setct_CapTokenTBEX		575
+#define OBJ_setct_CapTokenTBEX		OBJ_set_ctype,57L
+
+#define SN_setct_AcqCardCodeMsgTBE		"setct-AcqCardCodeMsgTBE"
+#define NID_setct_AcqCardCodeMsgTBE		576
+#define OBJ_setct_AcqCardCodeMsgTBE		OBJ_set_ctype,58L
+
+#define SN_setct_AuthRevReqTBE		"setct-AuthRevReqTBE"
+#define NID_setct_AuthRevReqTBE		577
+#define OBJ_setct_AuthRevReqTBE		OBJ_set_ctype,59L
+
+#define SN_setct_AuthRevResTBE		"setct-AuthRevResTBE"
+#define NID_setct_AuthRevResTBE		578
+#define OBJ_setct_AuthRevResTBE		OBJ_set_ctype,60L
+
+#define SN_setct_AuthRevResTBEB		"setct-AuthRevResTBEB"
+#define NID_setct_AuthRevResTBEB		579
+#define OBJ_setct_AuthRevResTBEB		OBJ_set_ctype,61L
+
+#define SN_setct_CapReqTBE		"setct-CapReqTBE"
+#define NID_setct_CapReqTBE		580
+#define OBJ_setct_CapReqTBE		OBJ_set_ctype,62L
+
+#define SN_setct_CapReqTBEX		"setct-CapReqTBEX"
+#define NID_setct_CapReqTBEX		581
+#define OBJ_setct_CapReqTBEX		OBJ_set_ctype,63L
+
+#define SN_setct_CapResTBE		"setct-CapResTBE"
+#define NID_setct_CapResTBE		582
+#define OBJ_setct_CapResTBE		OBJ_set_ctype,64L
+
+#define SN_setct_CapRevReqTBE		"setct-CapRevReqTBE"
+#define NID_setct_CapRevReqTBE		583
+#define OBJ_setct_CapRevReqTBE		OBJ_set_ctype,65L
+
+#define SN_setct_CapRevReqTBEX		"setct-CapRevReqTBEX"
+#define NID_setct_CapRevReqTBEX		584
+#define OBJ_setct_CapRevReqTBEX		OBJ_set_ctype,66L
+
+#define SN_setct_CapRevResTBE		"setct-CapRevResTBE"
+#define NID_setct_CapRevResTBE		585
+#define OBJ_setct_CapRevResTBE		OBJ_set_ctype,67L
+
+#define SN_setct_CredReqTBE		"setct-CredReqTBE"
+#define NID_setct_CredReqTBE		586
+#define OBJ_setct_CredReqTBE		OBJ_set_ctype,68L
+
+#define SN_setct_CredReqTBEX		"setct-CredReqTBEX"
+#define NID_setct_CredReqTBEX		587
+#define OBJ_setct_CredReqTBEX		OBJ_set_ctype,69L
+
+#define SN_setct_CredResTBE		"setct-CredResTBE"
+#define NID_setct_CredResTBE		588
+#define OBJ_setct_CredResTBE		OBJ_set_ctype,70L
+
+#define SN_setct_CredRevReqTBE		"setct-CredRevReqTBE"
+#define NID_setct_CredRevReqTBE		589
+#define OBJ_setct_CredRevReqTBE		OBJ_set_ctype,71L
+
+#define SN_setct_CredRevReqTBEX		"setct-CredRevReqTBEX"
+#define NID_setct_CredRevReqTBEX		590
+#define OBJ_setct_CredRevReqTBEX		OBJ_set_ctype,72L
+
+#define SN_setct_CredRevResTBE		"setct-CredRevResTBE"
+#define NID_setct_CredRevResTBE		591
+#define OBJ_setct_CredRevResTBE		OBJ_set_ctype,73L
+
+#define SN_setct_BatchAdminReqTBE		"setct-BatchAdminReqTBE"
+#define NID_setct_BatchAdminReqTBE		592
+#define OBJ_setct_BatchAdminReqTBE		OBJ_set_ctype,74L
+
+#define SN_setct_BatchAdminResTBE		"setct-BatchAdminResTBE"
+#define NID_setct_BatchAdminResTBE		593
+#define OBJ_setct_BatchAdminResTBE		OBJ_set_ctype,75L
+
+#define SN_setct_RegFormReqTBE		"setct-RegFormReqTBE"
+#define NID_setct_RegFormReqTBE		594
+#define OBJ_setct_RegFormReqTBE		OBJ_set_ctype,76L
+
+#define SN_setct_CertReqTBE		"setct-CertReqTBE"
+#define NID_setct_CertReqTBE		595
+#define OBJ_setct_CertReqTBE		OBJ_set_ctype,77L
+
+#define SN_setct_CertReqTBEX		"setct-CertReqTBEX"
+#define NID_setct_CertReqTBEX		596
+#define OBJ_setct_CertReqTBEX		OBJ_set_ctype,78L
+
+#define SN_setct_CertResTBE		"setct-CertResTBE"
+#define NID_setct_CertResTBE		597
+#define OBJ_setct_CertResTBE		OBJ_set_ctype,79L
+
+#define SN_setct_CRLNotificationTBS		"setct-CRLNotificationTBS"
+#define NID_setct_CRLNotificationTBS		598
+#define OBJ_setct_CRLNotificationTBS		OBJ_set_ctype,80L
+
+#define SN_setct_CRLNotificationResTBS		"setct-CRLNotificationResTBS"
+#define NID_setct_CRLNotificationResTBS		599
+#define OBJ_setct_CRLNotificationResTBS		OBJ_set_ctype,81L
+
+#define SN_setct_BCIDistributionTBS		"setct-BCIDistributionTBS"
+#define NID_setct_BCIDistributionTBS		600
+#define OBJ_setct_BCIDistributionTBS		OBJ_set_ctype,82L
+
+#define SN_setext_genCrypt		"setext-genCrypt"
+#define LN_setext_genCrypt		"generic cryptogram"
+#define NID_setext_genCrypt		601
+#define OBJ_setext_genCrypt		OBJ_set_msgExt,1L
+
+#define SN_setext_miAuth		"setext-miAuth"
+#define LN_setext_miAuth		"merchant initiated auth"
+#define NID_setext_miAuth		602
+#define OBJ_setext_miAuth		OBJ_set_msgExt,3L
+
+#define SN_setext_pinSecure		"setext-pinSecure"
+#define NID_setext_pinSecure		603
+#define OBJ_setext_pinSecure		OBJ_set_msgExt,4L
+
+#define SN_setext_pinAny		"setext-pinAny"
+#define NID_setext_pinAny		604
+#define OBJ_setext_pinAny		OBJ_set_msgExt,5L
+
+#define SN_setext_track2		"setext-track2"
+#define NID_setext_track2		605
+#define OBJ_setext_track2		OBJ_set_msgExt,7L
+
+#define SN_setext_cv		"setext-cv"
+#define LN_setext_cv		"additional verification"
+#define NID_setext_cv		606
+#define OBJ_setext_cv		OBJ_set_msgExt,8L
+
+#define SN_set_policy_root		"set-policy-root"
+#define NID_set_policy_root		607
+#define OBJ_set_policy_root		OBJ_set_policy,0L
+
+#define SN_setCext_hashedRoot		"setCext-hashedRoot"
+#define NID_setCext_hashedRoot		608
+#define OBJ_setCext_hashedRoot		OBJ_set_certExt,0L
+
+#define SN_setCext_certType		"setCext-certType"
+#define NID_setCext_certType		609
+#define OBJ_setCext_certType		OBJ_set_certExt,1L
+
+#define SN_setCext_merchData		"setCext-merchData"
+#define NID_setCext_merchData		610
+#define OBJ_setCext_merchData		OBJ_set_certExt,2L
+
+#define SN_setCext_cCertRequired		"setCext-cCertRequired"
+#define NID_setCext_cCertRequired		611
+#define OBJ_setCext_cCertRequired		OBJ_set_certExt,3L
+
+#define SN_setCext_tunneling		"setCext-tunneling"
+#define NID_setCext_tunneling		612
+#define OBJ_setCext_tunneling		OBJ_set_certExt,4L
+
+#define SN_setCext_setExt		"setCext-setExt"
+#define NID_setCext_setExt		613
+#define OBJ_setCext_setExt		OBJ_set_certExt,5L
+
+#define SN_setCext_setQualf		"setCext-setQualf"
+#define NID_setCext_setQualf		614
+#define OBJ_setCext_setQualf		OBJ_set_certExt,6L
+
+#define SN_setCext_PGWYcapabilities		"setCext-PGWYcapabilities"
+#define NID_setCext_PGWYcapabilities		615
+#define OBJ_setCext_PGWYcapabilities		OBJ_set_certExt,7L
+
+#define SN_setCext_TokenIdentifier		"setCext-TokenIdentifier"
+#define NID_setCext_TokenIdentifier		616
+#define OBJ_setCext_TokenIdentifier		OBJ_set_certExt,8L
+
+#define SN_setCext_Track2Data		"setCext-Track2Data"
+#define NID_setCext_Track2Data		617
+#define OBJ_setCext_Track2Data		OBJ_set_certExt,9L
+
+#define SN_setCext_TokenType		"setCext-TokenType"
+#define NID_setCext_TokenType		618
+#define OBJ_setCext_TokenType		OBJ_set_certExt,10L
+
+#define SN_setCext_IssuerCapabilities		"setCext-IssuerCapabilities"
+#define NID_setCext_IssuerCapabilities		619
+#define OBJ_setCext_IssuerCapabilities		OBJ_set_certExt,11L
+
+#define SN_setAttr_Cert		"setAttr-Cert"
+#define NID_setAttr_Cert		620
+#define OBJ_setAttr_Cert		OBJ_set_attr,0L
+
+#define SN_setAttr_PGWYcap		"setAttr-PGWYcap"
+#define LN_setAttr_PGWYcap		"payment gateway capabilities"
+#define NID_setAttr_PGWYcap		621
+#define OBJ_setAttr_PGWYcap		OBJ_set_attr,1L
+
+#define SN_setAttr_TokenType		"setAttr-TokenType"
+#define NID_setAttr_TokenType		622
+#define OBJ_setAttr_TokenType		OBJ_set_attr,2L
+
+#define SN_setAttr_IssCap		"setAttr-IssCap"
+#define LN_setAttr_IssCap		"issuer capabilities"
+#define NID_setAttr_IssCap		623
+#define OBJ_setAttr_IssCap		OBJ_set_attr,3L
+
+#define SN_set_rootKeyThumb		"set-rootKeyThumb"
+#define NID_set_rootKeyThumb		624
+#define OBJ_set_rootKeyThumb		OBJ_setAttr_Cert,0L
+
+#define SN_set_addPolicy		"set-addPolicy"
+#define NID_set_addPolicy		625
+#define OBJ_set_addPolicy		OBJ_setAttr_Cert,1L
+
+#define SN_setAttr_Token_EMV		"setAttr-Token-EMV"
+#define NID_setAttr_Token_EMV		626
+#define OBJ_setAttr_Token_EMV		OBJ_setAttr_TokenType,1L
+
+#define SN_setAttr_Token_B0Prime		"setAttr-Token-B0Prime"
+#define NID_setAttr_Token_B0Prime		627
+#define OBJ_setAttr_Token_B0Prime		OBJ_setAttr_TokenType,2L
+
+#define SN_setAttr_IssCap_CVM		"setAttr-IssCap-CVM"
+#define NID_setAttr_IssCap_CVM		628
+#define OBJ_setAttr_IssCap_CVM		OBJ_setAttr_IssCap,3L
+
+#define SN_setAttr_IssCap_T2		"setAttr-IssCap-T2"
+#define NID_setAttr_IssCap_T2		629
+#define OBJ_setAttr_IssCap_T2		OBJ_setAttr_IssCap,4L
+
+#define SN_setAttr_IssCap_Sig		"setAttr-IssCap-Sig"
+#define NID_setAttr_IssCap_Sig		630
+#define OBJ_setAttr_IssCap_Sig		OBJ_setAttr_IssCap,5L
+
+#define SN_setAttr_GenCryptgrm		"setAttr-GenCryptgrm"
+#define LN_setAttr_GenCryptgrm		"generate cryptogram"
+#define NID_setAttr_GenCryptgrm		631
+#define OBJ_setAttr_GenCryptgrm		OBJ_setAttr_IssCap_CVM,1L
+
+#define SN_setAttr_T2Enc		"setAttr-T2Enc"
+#define LN_setAttr_T2Enc		"encrypted track 2"
+#define NID_setAttr_T2Enc		632
+#define OBJ_setAttr_T2Enc		OBJ_setAttr_IssCap_T2,1L
+
+#define SN_setAttr_T2cleartxt		"setAttr-T2cleartxt"
+#define LN_setAttr_T2cleartxt		"cleartext track 2"
+#define NID_setAttr_T2cleartxt		633
+#define OBJ_setAttr_T2cleartxt		OBJ_setAttr_IssCap_T2,2L
+
+#define SN_setAttr_TokICCsig		"setAttr-TokICCsig"
+#define LN_setAttr_TokICCsig		"ICC or token signature"
+#define NID_setAttr_TokICCsig		634
+#define OBJ_setAttr_TokICCsig		OBJ_setAttr_IssCap_Sig,1L
+
+#define SN_setAttr_SecDevSig		"setAttr-SecDevSig"
+#define LN_setAttr_SecDevSig		"secure device signature"
+#define NID_setAttr_SecDevSig		635
+#define OBJ_setAttr_SecDevSig		OBJ_setAttr_IssCap_Sig,2L
+
+#define SN_set_brand_IATA_ATA		"set-brand-IATA-ATA"
+#define NID_set_brand_IATA_ATA		636
+#define OBJ_set_brand_IATA_ATA		OBJ_set_brand,1L
+
+#define SN_set_brand_Diners		"set-brand-Diners"
+#define NID_set_brand_Diners		637
+#define OBJ_set_brand_Diners		OBJ_set_brand,30L
+
+#define SN_set_brand_AmericanExpress		"set-brand-AmericanExpress"
+#define NID_set_brand_AmericanExpress		638
+#define OBJ_set_brand_AmericanExpress		OBJ_set_brand,34L
+
+#define SN_set_brand_JCB		"set-brand-JCB"
+#define NID_set_brand_JCB		639
+#define OBJ_set_brand_JCB		OBJ_set_brand,35L
+
+#define SN_set_brand_Visa		"set-brand-Visa"
+#define NID_set_brand_Visa		640
+#define OBJ_set_brand_Visa		OBJ_set_brand,4L
+
+#define SN_set_brand_MasterCard		"set-brand-MasterCard"
+#define NID_set_brand_MasterCard		641
+#define OBJ_set_brand_MasterCard		OBJ_set_brand,5L
+
+#define SN_set_brand_Novus		"set-brand-Novus"
+#define NID_set_brand_Novus		642
+#define OBJ_set_brand_Novus		OBJ_set_brand,6011L
+
+#define SN_des_cdmf		"DES-CDMF"
+#define LN_des_cdmf		"des-cdmf"
+#define NID_des_cdmf		643
+#define OBJ_des_cdmf		OBJ_rsadsi,3L,10L
+
+#define SN_rsaOAEPEncryptionSET		"rsaOAEPEncryptionSET"
+#define NID_rsaOAEPEncryptionSET		644
+#define OBJ_rsaOAEPEncryptionSET		OBJ_rsadsi,1L,1L,6L
+
diff --git a/crypto/openssl/crypto/objects/obj_mac.num b/crypto/openssl/crypto/objects/obj_mac.num
index a6baa8c..9838072 100644
--- a/crypto/openssl/crypto/objects/obj_mac.num
+++ b/crypto/openssl/crypto/objects/obj_mac.num
@@ -30,8 +30,8 @@ dhKeyAgreement		28
 des_ecb		29
 des_cfb64		30
 des_cbc		31
-des_ede		32
-des_ede3		33
+des_ede_ecb		32
+des_ede3_ecb		33
 idea_cbc		34
 idea_cfb64		35
 idea_ecb		36
@@ -401,3 +401,249 @@ role		400
 policy_constraints		401
 target_information		402
 no_rev_avail		403
+ccitt		404
+ansi_X9_62		405
+X9_62_prime_field		406
+X9_62_characteristic_two_field		407
+X9_62_id_ecPublicKey		408
+X9_62_prime192v1		409
+X9_62_prime192v2		410
+X9_62_prime192v3		411
+X9_62_prime239v1		412
+X9_62_prime239v2		413
+X9_62_prime239v3		414
+X9_62_prime256v1		415
+ecdsa_with_SHA1		416
+ms_csp_name		417
+aes_128_ecb		418
+aes_128_cbc		419
+aes_128_ofb128		420
+aes_128_cfb128		421
+aes_192_ecb		422
+aes_192_cbc		423
+aes_192_ofb128		424
+aes_192_cfb128		425
+aes_256_ecb		426
+aes_256_cbc		427
+aes_256_ofb128		428
+aes_256_cfb128		429
+hold_instruction_code		430
+hold_instruction_none		431
+hold_instruction_call_issuer		432
+hold_instruction_reject		433
+data		434
+pss		435
+ucl		436
+pilot		437
+pilotAttributeType		438
+pilotAttributeSyntax		439
+pilotObjectClass		440
+pilotGroups		441
+iA5StringSyntax		442
+caseIgnoreIA5StringSyntax		443
+pilotObject		444
+pilotPerson		445
+account		446
+document		447
+room		448
+documentSeries		449
+rFC822localPart		450
+dNSDomain		451
+domainRelatedObject		452
+friendlyCountry		453
+simpleSecurityObject		454
+pilotOrganization		455
+pilotDSA		456
+qualityLabelledData		457
+userId		458
+textEncodedORAddress		459
+rfc822Mailbox		460
+info		461
+favouriteDrink		462
+roomNumber		463
+photo		464
+userClass		465
+host		466
+manager		467
+documentIdentifier		468
+documentTitle		469
+documentVersion		470
+documentAuthor		471
+documentLocation		472
+homeTelephoneNumber		473
+secretary		474
+otherMailbox		475
+lastModifiedTime		476
+lastModifiedBy		477
+aRecord		478
+pilotAttributeType27		479
+mXRecord		480
+nSRecord		481
+sOARecord		482
+cNAMERecord		483
+associatedDomain		484
+associatedName		485
+homePostalAddress		486
+personalTitle		487
+mobileTelephoneNumber		488
+pagerTelephoneNumber		489
+friendlyCountryName		490
+organizationalStatus		491
+janetMailbox		492
+mailPreferenceOption		493
+buildingName		494
+dSAQuality		495
+singleLevelQuality		496
+subtreeMinimumQuality		497
+subtreeMaximumQuality		498
+personalSignature		499
+dITRedirect		500
+audio		501
+documentPublisher		502
+x500UniqueIdentifier		503
+mime_mhs		504
+mime_mhs_headings		505
+mime_mhs_bodies		506
+id_hex_partial_message		507
+id_hex_multipart_message		508
+generationQualifier		509
+pseudonym		510
+InternationalRA		511
+id_set		512
+set_ctype		513
+set_msgExt		514
+set_attr		515
+set_policy		516
+set_certExt		517
+set_brand		518
+setct_PANData		519
+setct_PANToken		520
+setct_PANOnly		521
+setct_OIData		522
+setct_PI		523
+setct_PIData		524
+setct_PIDataUnsigned		525
+setct_HODInput		526
+setct_AuthResBaggage		527
+setct_AuthRevReqBaggage		528
+setct_AuthRevResBaggage		529
+setct_CapTokenSeq		530
+setct_PInitResData		531
+setct_PI_TBS		532
+setct_PResData		533
+setct_AuthReqTBS		534
+setct_AuthResTBS		535
+setct_AuthResTBSX		536
+setct_AuthTokenTBS		537
+setct_CapTokenData		538
+setct_CapTokenTBS		539
+setct_AcqCardCodeMsg		540
+setct_AuthRevReqTBS		541
+setct_AuthRevResData		542
+setct_AuthRevResTBS		543
+setct_CapReqTBS		544
+setct_CapReqTBSX		545
+setct_CapResData		546
+setct_CapRevReqTBS		547
+setct_CapRevReqTBSX		548
+setct_CapRevResData		549
+setct_CredReqTBS		550
+setct_CredReqTBSX		551
+setct_CredResData		552
+setct_CredRevReqTBS		553
+setct_CredRevReqTBSX		554
+setct_CredRevResData		555
+setct_PCertReqData		556
+setct_PCertResTBS		557
+setct_BatchAdminReqData		558
+setct_BatchAdminResData		559
+setct_CardCInitResTBS		560
+setct_MeAqCInitResTBS		561
+setct_RegFormResTBS		562
+setct_CertReqData		563
+setct_CertReqTBS		564
+setct_CertResData		565
+setct_CertInqReqTBS		566
+setct_ErrorTBS		567
+setct_PIDualSignedTBE		568
+setct_PIUnsignedTBE		569
+setct_AuthReqTBE		570
+setct_AuthResTBE		571
+setct_AuthResTBEX		572
+setct_AuthTokenTBE		573
+setct_CapTokenTBE		574
+setct_CapTokenTBEX		575
+setct_AcqCardCodeMsgTBE		576
+setct_AuthRevReqTBE		577
+setct_AuthRevResTBE		578
+setct_AuthRevResTBEB		579
+setct_CapReqTBE		580
+setct_CapReqTBEX		581
+setct_CapResTBE		582
+setct_CapRevReqTBE		583
+setct_CapRevReqTBEX		584
+setct_CapRevResTBE		585
+setct_CredReqTBE		586
+setct_CredReqTBEX		587
+setct_CredResTBE		588
+setct_CredRevReqTBE		589
+setct_CredRevReqTBEX		590
+setct_CredRevResTBE		591
+setct_BatchAdminReqTBE		592
+setct_BatchAdminResTBE		593
+setct_RegFormReqTBE		594
+setct_CertReqTBE		595
+setct_CertReqTBEX		596
+setct_CertResTBE		597
+setct_CRLNotificationTBS		598
+setct_CRLNotificationResTBS		599
+setct_BCIDistributionTBS		600
+setext_genCrypt		601
+setext_miAuth		602
+setext_pinSecure		603
+setext_pinAny		604
+setext_track2		605
+setext_cv		606
+set_policy_root		607
+setCext_hashedRoot		608
+setCext_certType		609
+setCext_merchData		610
+setCext_cCertRequired		611
+setCext_tunneling		612
+setCext_setExt		613
+setCext_setQualf		614
+setCext_PGWYcapabilities		615
+setCext_TokenIdentifier		616
+setCext_Track2Data		617
+setCext_TokenType		618
+setCext_IssuerCapabilities		619
+setAttr_Cert		620
+setAttr_PGWYcap		621
+setAttr_TokenType		622
+setAttr_IssCap		623
+set_rootKeyThumb		624
+set_addPolicy		625
+setAttr_Token_EMV		626
+setAttr_Token_B0Prime		627
+setAttr_IssCap_CVM		628
+setAttr_IssCap_T2		629
+setAttr_IssCap_Sig		630
+setAttr_GenCryptgrm		631
+setAttr_T2Enc		632
+setAttr_T2cleartxt		633
+setAttr_TokICCsig		634
+setAttr_SecDevSig		635
+set_brand_IATA_ATA		636
+set_brand_Diners		637
+set_brand_AmericanExpress		638
+set_brand_JCB		639
+set_brand_Visa		640
+set_brand_MasterCard		641
+set_brand_Novus		642
+des_cdmf		643
+rsaOAEPEncryptionSET		644
+itu_t		645
+joint_iso_itu_t		646
+international_organizations		647
+ms_smartcard_login		648
+ms_upn		649
diff --git a/crypto/openssl/crypto/objects/objects.h b/crypto/openssl/crypto/objects/objects.h
index 990a6b8..de10532 100644
--- a/crypto/openssl/crypto/objects/objects.h
+++ b/crypto/openssl/crypto/objects/objects.h
@@ -985,29 +985,35 @@ typedef struct obj_name_st
 
 
 int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),int (*cmp_func)(const void *, const void *),
-	void (*free_func)(const char *, int, const char *));
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
+		       int (*cmp_func)(const char *, const char *),
+		       void (*free_func)(const char *, int, const char *));
 const char *OBJ_NAME_get(const char *name,int type);
 int OBJ_NAME_add(const char *name,int type,const char *data);
 int OBJ_NAME_remove(const char *name,int type);
 void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
+		     void *arg);
+void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+			    void *arg);
 
-ASN1_OBJECT *	OBJ_dup(ASN1_OBJECT *o);
+ASN1_OBJECT *	OBJ_dup(const ASN1_OBJECT *o);
 ASN1_OBJECT *	OBJ_nid2obj(int n);
 const char *	OBJ_nid2ln(int n);
 const char *	OBJ_nid2sn(int n);
-int		OBJ_obj2nid(ASN1_OBJECT *o);
+int		OBJ_obj2nid(const ASN1_OBJECT *o);
 ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);
-int	OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name);
-int		OBJ_txt2nid(char *s);
+int	OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int		OBJ_txt2nid(const char *s);
 int		OBJ_ln2nid(const char *s);
 int		OBJ_sn2nid(const char *s);
-int		OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
-char *		OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)(const void *, const void *));
+int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+const char *	OBJ_bsearch(const char *key,const char *base,int num,int size,
+	int (*cmp)(const void *, const void *));
 
 int		OBJ_new_nid(int num);
-int		OBJ_add_object(ASN1_OBJECT *obj);
-int		OBJ_create(char *oid,char *sn,char *ln);
+int		OBJ_add_object(const ASN1_OBJECT *obj);
+int		OBJ_create(const char *oid,const char *sn,const char *ln);
 void		OBJ_cleanup(void );
 int		OBJ_create_objects(BIO *in);
 
diff --git a/crypto/openssl/crypto/objects/objects.pl b/crypto/openssl/crypto/objects/objects.pl
index fe0d88b..76c06cc 100644
--- a/crypto/openssl/crypto/objects/objects.pl
+++ b/crypto/openssl/crypto/objects/objects.pl
@@ -9,7 +9,9 @@ while(<NUMIN>)
 	$o++;
 	s/#.*$//;
 	next if /^\s*$/;
+	$_ = 'X'.$_;
 	($Cname,$mynum) = split;
+	$Cname =~ s/^X//;
 	if (defined($nidn{$mynum}))
 		{ die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
 	$nid{$Cname} = $mynum;
diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt
index fb73408..f1c206f 100644
--- a/crypto/openssl/crypto/objects/objects.txt
+++ b/crypto/openssl/crypto/objects/objects.txt
@@ -1,3 +1,5 @@
+0			: CCITT			: ccitt
+
 1			: ISO			: iso
 
 2			: JOINT-ISO-CCITT	: joint-iso-ccitt
@@ -16,6 +18,32 @@ X9-57 4			: X9cm			: X9.57 CM ?
 X9cm 1			: DSA			: dsaEncryption
 X9cm 3			: DSA-SHA1		: dsaWithSHA1
 
+
+ISO-US 10045		: ansi-X9-62		: ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1		: prime-field
+X9-62_id-fieldType 2		: characteristic-two-field
+# ... characteristic-two-field OID subtree
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1	: id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+# ... characteristic 2 curve OIDs
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1	 	: prime192v1
+X9-62_primeCurve 2	 	: prime192v2
+X9-62_primeCurve 3	 	: prime192v3
+X9-62_primeCurve 4	 	: prime239v1
+X9-62_primeCurve 5	 	: prime239v2
+X9-62_primeCurve 6	 	: prime239v3
+X9-62_primeCurve 7	 	: prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1		: ecdsa-with-SHA1
+
+
+
 ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
 			: CAST5-ECB		: cast5-ecb
 !Cname cast5-cfb64
@@ -68,7 +96,7 @@ pkcs7 6			:			: pkcs7-encryptedData
 
 pkcs 9			: pkcs9
 !module pkcs9
-pkcs9 1			: Email			: emailAddress
+pkcs9 1			: 			: emailAddress
 pkcs9 2			:			: unstructuredName
 pkcs9 3			:			: contentType
 pkcs9 4			:			: messageDigest
@@ -180,6 +208,8 @@ id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
 
 pkcs9 20		:			: friendlyName
 pkcs9 21		:			: localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
 !Alias certTypes pkcs9 22
 certTypes 1		:			: x509Certificate
 certTypes 2		:			: sdsiCertificate
@@ -246,6 +276,10 @@ rsadsi 3 8		: RC5-CBC		: rc5-cbc
 1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
 !Cname ms-efs
 1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
 
 1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
 			: IDEA-ECB		: idea-ecb
@@ -445,7 +479,7 @@ id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
 id-pkix-OCSP 2		: Nonce			: OCSP Nonce
 id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
 id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
-id-pkix-OCSP 5		: noCheck
+id-pkix-OCSP 5		: noCheck		: OCSP No Check
 id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
 id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
 id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
@@ -467,7 +501,9 @@ algorithm 11		: rsaSignature
 algorithm 12		: DSA-old		: dsaEncryption-old
 algorithm 13		: DSA-SHA		: dsaWithSHA
 algorithm 15		: RSA-SHA		: shaWithRSAEncryption
+!Cname des-ede-ecb
 algorithm 17		: DES-EDE		: des-ede
+!Cname des-ede3-ecb
 			: DES-EDE3		: des-ede3
 			: DES-EDE-CBC		: des-ede-cbc
 !Cname des-ede-cfb64
@@ -495,20 +531,23 @@ algorithm 29		: RSA-SHA1-2		: sha1WithRSA
 
 X500 4			: X509
 X509 3			: CN			: commonName
-X509 4			: S			: surname
-X509 5			: SN			: serialNumber
+!Cname surname
+X509 4			: SN			: surName
+X509 5			: 			: serialNumber
 X509 6			: C			: countryName
 X509 7			: L			: localityName
 X509 8			: ST			: stateOrProvinceName
 X509 10			: O			: organizationName
 X509 11			: OU			: organizationalUnitName
-X509 12			: T			: title
-X509 13			: D			: description
+X509 12			: 			: title
+X509 13			: 			: description
 X509 41			: name			: name
-X509 42			: G			: givenName
-X509 43			: I			: initials
-X509 45			: 			: uniqueIdentifier
+X509 42			: GN			: givenName
+X509 43			: 			: initials
+X509 44			: 			: generationQualifier
+X509 45			: 			: x500UniqueIdentifier
 X509 46			: dnQualifier		: dnQualifier
+X509 65			:			: pseudonym
 X509 72			: role			: role
 
 X500 8			: X500algorithms	: directory services - algorithms
@@ -591,17 +630,24 @@ internet 3		: experimental		: Experimental
 internet 4		: private		: Private
 internet 5		: security		: Security
 internet 6		: snmpv2		: SNMPv2
-internet 7		: mail			: Mail
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7		:			: Mail
 
 Private 1		: enterprises		: Enterprises
 
 # RFC 2247
 Enterprises 1466 344	: dcobject		: dcObject
 
-# Stray OIDs we don't know the full name of each step for
-# RFC 2247
-0 9 2342 19200300 100 1 25 : DC			: domainComponent
-0 9 2342 19200300 100 4 13 : domain		: Domain
+# RFC 1495
+Mail 1			: mime-mhs		: MIME MHS
+mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
+mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
+mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
 
 # What the hell are these OIDs, really?
 !Cname rle-compression
@@ -609,3 +655,263 @@ Enterprises 1466 344	: dcobject		: dcObject
 !Cname zlib-compression
 1 1 1 1 666 2		: ZLIB			: zlib compression
 
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1			: AES-128-ECB		: aes-128-ecb
+aes 2			: AES-128-CBC		: aes-128-cbc
+!Cname aes-128-ofb128
+aes 3			: AES-128-OFB		: aes-128-ofb
+!Cname aes-128-cfb128
+aes 4			: AES-128-CFB		: aes-128-cfb
+
+aes 21			: AES-192-ECB		: aes-192-ecb
+aes 22			: AES-192-CBC		: aes-192-cbc
+!Cname aes-192-ofb128
+aes 23			: AES-192-OFB		: aes-192-ofb
+!Cname aes-192-cfb128
+aes 24			: AES-192-CFB		: aes-192-cfb
+
+aes 41			: AES-256-ECB		: aes-256-ecb
+aes 42			: AES-256-CBC		: aes-256-cbc
+!Cname aes-256-ofb128
+aes 43			: AES-256-OFB		: aes-256-ofb
+!Cname aes-256-cfb128
+aes 44			: AES-256-CFB		: aes-256-cfb
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23		: holdInstructionCode	: Hold Instruction Code
+!Alias holdInstruction	X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1	: holdInstructionNone	: Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject
+
+# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
+# them are also mentioned in RFC 2247
+ccitt 9			: data
+data 2342		: pss
+pss 19200300		: ucl
+ucl 100			: pilot
+pilot 1			:			: pilotAttributeType
+pilot 3			:			: pilotAttributeSyntax
+pilot 4			:			: pilotObjectClass
+pilot 10		:			: pilotGroups
+pilotAttributeSyntax 4	:			: iA5StringSyntax
+pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
+pilotObjectClass 3	:			: pilotObject
+pilotObjectClass 4	:			: pilotPerson
+pilotObjectClass 5	: account
+pilotObjectClass 6	: document
+pilotObjectClass 7	: room
+pilotObjectClass 9	:			: documentSeries
+pilotObjectClass 13	: domain		: Domain
+pilotObjectClass 14	:			: rFC822localPart
+pilotObjectClass 15	:			: dNSDomain
+pilotObjectClass 17	:			: domainRelatedObject
+pilotObjectClass 18	:			: friendlyCountry
+pilotObjectClass 19	:			: simpleSecurityObject
+pilotObjectClass 20	:			: pilotOrganization
+pilotObjectClass 21	:			: pilotDSA
+pilotObjectClass 22	:			: qualityLabelledData
+pilotAttributeType 1	: UID			: userId
+pilotAttributeType 2	:			: textEncodedORAddress
+pilotAttributeType 3	: mail			: rfc822Mailbox
+pilotAttributeType 4	: info
+pilotAttributeType 5	:			: favouriteDrink
+pilotAttributeType 6	:			: roomNumber
+pilotAttributeType 7	: photo
+pilotAttributeType 8	:			: userClass
+pilotAttributeType 9	: host
+pilotAttributeType 10	: manager
+pilotAttributeType 11	:			: documentIdentifier
+pilotAttributeType 12	:			: documentTitle
+pilotAttributeType 13	:			: documentVersion
+pilotAttributeType 14	:			: documentAuthor
+pilotAttributeType 15	:			: documentLocation
+pilotAttributeType 20	:			: homeTelephoneNumber
+pilotAttributeType 21	: secretary
+pilotAttributeType 22	:			: otherMailbox
+pilotAttributeType 23	:			: lastModifiedTime
+pilotAttributeType 24	:			: lastModifiedBy
+pilotAttributeType 25	: DC			: domainComponent
+pilotAttributeType 26	:			: aRecord
+pilotAttributeType 27	:			: pilotAttributeType27
+pilotAttributeType 28	:			: mXRecord
+pilotAttributeType 29	:			: nSRecord
+pilotAttributeType 30	:			: sOARecord
+pilotAttributeType 31	:			: cNAMERecord
+pilotAttributeType 37	:			: associatedDomain
+pilotAttributeType 38	:			: associatedName
+pilotAttributeType 39	:			: homePostalAddress
+pilotAttributeType 40	:			: personalTitle
+pilotAttributeType 41	:			: mobileTelephoneNumber
+pilotAttributeType 42	:			: pagerTelephoneNumber
+pilotAttributeType 43	:			: friendlyCountryName
+# The following clashes with 2.5.4.45, so commented away
+#pilotAttributeType 44	: uid			: uniqueIdentifier
+pilotAttributeType 45	:			: organizationalStatus
+pilotAttributeType 46	:			: janetMailbox
+pilotAttributeType 47	:			: mailPreferenceOption
+pilotAttributeType 48	:			: buildingName
+pilotAttributeType 49	:			: dSAQuality
+pilotAttributeType 50	:			: singleLevelQuality
+pilotAttributeType 51	:			: subtreeMinimumQuality
+pilotAttributeType 52	:			: subtreeMaximumQuality
+pilotAttributeType 53	:			: personalSignature
+pilotAttributeType 54	:			: dITRedirect
+pilotAttributeType 55	: audio
+pilotAttributeType 56	:			: documentPublisher
+
+2 23 42			: id-set		: Secure Electronic Transactions
+
+id-set 0		: set-ctype		: content types
+id-set 1		: set-msgExt		: message extensions
+id-set 3		: set-attr
+id-set 5		: set-policy
+id-set 7		: set-certExt		: certificate extensions
+id-set 8		: set-brand
+
+set-ctype 0		: setct-PANData
+set-ctype 1		: setct-PANToken
+set-ctype 2		: setct-PANOnly
+set-ctype 3		: setct-OIData
+set-ctype 4		: setct-PI
+set-ctype 5		: setct-PIData
+set-ctype 6		: setct-PIDataUnsigned
+set-ctype 7		: setct-HODInput
+set-ctype 8		: setct-AuthResBaggage
+set-ctype 9		: setct-AuthRevReqBaggage
+set-ctype 10		: setct-AuthRevResBaggage
+set-ctype 11		: setct-CapTokenSeq
+set-ctype 12		: setct-PInitResData
+set-ctype 13		: setct-PI-TBS
+set-ctype 14		: setct-PResData
+set-ctype 16		: setct-AuthReqTBS
+set-ctype 17		: setct-AuthResTBS
+set-ctype 18		: setct-AuthResTBSX
+set-ctype 19		: setct-AuthTokenTBS
+set-ctype 20		: setct-CapTokenData
+set-ctype 21		: setct-CapTokenTBS
+set-ctype 22		: setct-AcqCardCodeMsg
+set-ctype 23		: setct-AuthRevReqTBS
+set-ctype 24		: setct-AuthRevResData
+set-ctype 25		: setct-AuthRevResTBS
+set-ctype 26		: setct-CapReqTBS
+set-ctype 27		: setct-CapReqTBSX
+set-ctype 28		: setct-CapResData
+set-ctype 29		: setct-CapRevReqTBS
+set-ctype 30		: setct-CapRevReqTBSX
+set-ctype 31		: setct-CapRevResData
+set-ctype 32		: setct-CredReqTBS
+set-ctype 33		: setct-CredReqTBSX
+set-ctype 34		: setct-CredResData
+set-ctype 35		: setct-CredRevReqTBS
+set-ctype 36		: setct-CredRevReqTBSX
+set-ctype 37		: setct-CredRevResData
+set-ctype 38		: setct-PCertReqData
+set-ctype 39		: setct-PCertResTBS
+set-ctype 40		: setct-BatchAdminReqData
+set-ctype 41		: setct-BatchAdminResData
+set-ctype 42		: setct-CardCInitResTBS
+set-ctype 43		: setct-MeAqCInitResTBS
+set-ctype 44		: setct-RegFormResTBS
+set-ctype 45		: setct-CertReqData
+set-ctype 46		: setct-CertReqTBS
+set-ctype 47		: setct-CertResData
+set-ctype 48		: setct-CertInqReqTBS
+set-ctype 49		: setct-ErrorTBS
+set-ctype 50		: setct-PIDualSignedTBE
+set-ctype 51		: setct-PIUnsignedTBE
+set-ctype 52		: setct-AuthReqTBE
+set-ctype 53		: setct-AuthResTBE
+set-ctype 54		: setct-AuthResTBEX
+set-ctype 55		: setct-AuthTokenTBE
+set-ctype 56		: setct-CapTokenTBE
+set-ctype 57		: setct-CapTokenTBEX
+set-ctype 58		: setct-AcqCardCodeMsgTBE
+set-ctype 59		: setct-AuthRevReqTBE
+set-ctype 60		: setct-AuthRevResTBE
+set-ctype 61		: setct-AuthRevResTBEB
+set-ctype 62		: setct-CapReqTBE
+set-ctype 63		: setct-CapReqTBEX
+set-ctype 64		: setct-CapResTBE
+set-ctype 65		: setct-CapRevReqTBE
+set-ctype 66		: setct-CapRevReqTBEX
+set-ctype 67		: setct-CapRevResTBE
+set-ctype 68		: setct-CredReqTBE
+set-ctype 69		: setct-CredReqTBEX
+set-ctype 70		: setct-CredResTBE
+set-ctype 71		: setct-CredRevReqTBE
+set-ctype 72		: setct-CredRevReqTBEX
+set-ctype 73		: setct-CredRevResTBE
+set-ctype 74		: setct-BatchAdminReqTBE
+set-ctype 75		: setct-BatchAdminResTBE
+set-ctype 76		: setct-RegFormReqTBE
+set-ctype 77		: setct-CertReqTBE
+set-ctype 78		: setct-CertReqTBEX
+set-ctype 79		: setct-CertResTBE
+set-ctype 80		: setct-CRLNotificationTBS
+set-ctype 81		: setct-CRLNotificationResTBS
+set-ctype 82		: setct-BCIDistributionTBS
+
+set-msgExt 1		: setext-genCrypt	: generic cryptogram
+set-msgExt 3		: setext-miAuth		: merchant initiated auth
+set-msgExt 4		: setext-pinSecure
+set-msgExt 5		: setext-pinAny
+set-msgExt 7		: setext-track2
+set-msgExt 8		: setext-cv		: additional verification
+
+set-policy 0		: set-policy-root
+
+set-certExt 0		: setCext-hashedRoot
+set-certExt 1		: setCext-certType
+set-certExt 2		: setCext-merchData
+set-certExt 3		: setCext-cCertRequired
+set-certExt 4		: setCext-tunneling
+set-certExt 5		: setCext-setExt
+set-certExt 6		: setCext-setQualf
+set-certExt 7		: setCext-PGWYcapabilities
+set-certExt 8		: setCext-TokenIdentifier
+set-certExt 9		: setCext-Track2Data
+set-certExt 10		: setCext-TokenType
+set-certExt 11		: setCext-IssuerCapabilities
+
+set-attr 0		: setAttr-Cert
+set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
+set-attr 2		: setAttr-TokenType
+set-attr 3		: setAttr-IssCap	: issuer capabilities
+
+setAttr-Cert 0		: set-rootKeyThumb
+setAttr-Cert 1		: set-addPolicy
+
+setAttr-TokenType 1	: setAttr-Token-EMV
+setAttr-TokenType 2	: setAttr-Token-B0Prime
+
+setAttr-IssCap 3	: setAttr-IssCap-CVM
+setAttr-IssCap 4	: setAttr-IssCap-T2
+setAttr-IssCap 5	: setAttr-IssCap-Sig
+
+setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
+setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
+setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2
+
+setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
+setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature
+
+set-brand 1		: set-brand-IATA-ATA
+set-brand 30		: set-brand-Diners
+set-brand 34		: set-brand-AmericanExpress
+set-brand 35		: set-brand-JCB
+set-brand 4		: set-brand-Visa
+set-brand 5		: set-brand-MasterCard
+set-brand 6011		: set-brand-Novus
+
+rsadsi 3 10		: DES-CDMF		: des-cdmf
+rsadsi 1 1 6		: rsaOAEPEncryptionSET
diff --git a/crypto/openssl/crypto/ocsp/Makefile.ssl b/crypto/openssl/crypto/ocsp/Makefile.ssl
new file mode 100644
index 0000000..4b2d8ec8
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/Makefile.ssl
@@ -0,0 +1,293 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR=	ocsp
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+	ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+	ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+ocsp_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_cl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_cl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_cl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+ocsp_cl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_cl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_ht.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_ht.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_ht.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ht.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_srv.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_srv.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_srv.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_srv.o: ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp.h b/crypto/openssl/crypto/ocsp/ocsp.h
new file mode 100644
index 0000000..fab3c03
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp.h
@@ -0,0 +1,619 @@
+/* ocsp.h */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OCSP_H
+#define HEADER_OCSP_H
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#define OCSP_DEFAULT_NONCE_LENGTH	16
+
+#define OCSP_NOCERTS			0x1
+#define OCSP_NOINTERN			0x2
+#define OCSP_NOSIGS			0x4
+#define OCSP_NOCHAIN			0x8
+#define OCSP_NOVERIFY			0x10
+#define OCSP_NOEXPLICIT			0x20
+#define OCSP_NOCASIGN			0x40
+#define OCSP_NODELEGATED		0x80
+#define OCSP_NOCHECKS			0x100
+#define OCSP_TRUSTOTHER			0x200
+#define OCSP_RESPID_KEY			0x400
+#define OCSP_NOTIME			0x800
+
+/*   CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+typedef struct ocsp_cert_id_st
+	{
+	X509_ALGOR *hashAlgorithm;
+	ASN1_OCTET_STRING *issuerNameHash;
+	ASN1_OCTET_STRING *issuerKeyHash;
+	ASN1_INTEGER *serialNumber;
+	} OCSP_CERTID;
+
+DECLARE_STACK_OF(OCSP_CERTID)
+
+/*   Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_one_request_st
+	{
+	OCSP_CERTID *reqCert;
+	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+	} OCSP_ONEREQ;
+
+DECLARE_STACK_OF(OCSP_ONEREQ)
+DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
+
+
+/*   TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_req_info_st
+	{
+	ASN1_INTEGER *version;
+	GENERAL_NAME *requestorName;
+	STACK_OF(OCSP_ONEREQ) *requestList;
+	STACK_OF(X509_EXTENSION) *requestExtensions;
+	} OCSP_REQINFO;
+
+/*   Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct ocsp_signature_st
+	{
+	X509_ALGOR *signatureAlgorithm;
+	ASN1_BIT_STRING *signature;
+	STACK_OF(X509) *certs;
+	} OCSP_SIGNATURE;
+
+/*   OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+typedef struct ocsp_request_st
+	{
+	OCSP_REQINFO *tbsRequest;
+	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+	} OCSP_REQUEST;
+
+/*   OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
+#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#define OCSP_RESPONSE_STATUS_TRYLATER             3
+#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+/*   ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+typedef struct ocsp_resp_bytes_st
+	{
+	ASN1_OBJECT *responseType;
+	ASN1_OCTET_STRING *response;
+	} OCSP_RESPBYTES;
+
+/*   OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+typedef struct ocsp_response_st
+	{
+	ASN1_ENUMERATED *responseStatus;
+	OCSP_RESPBYTES  *responseBytes;
+	} OCSP_RESPONSE;
+
+/*   ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+#define V_OCSP_RESPID_NAME 0
+#define V_OCSP_RESPID_KEY  1
+typedef struct ocsp_responder_id_st
+	{
+	int type;
+	union   {
+		X509_NAME* byName;
+        	ASN1_OCTET_STRING *byKey;
+		} value;
+	} OCSP_RESPID;
+/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*   RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct ocsp_revoked_info_st
+	{
+	ASN1_GENERALIZEDTIME *revocationTime;
+	ASN1_ENUMERATED *revocationReason;
+	} OCSP_REVOKEDINFO;
+
+/*   CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+#define V_OCSP_CERTSTATUS_GOOD    0
+#define V_OCSP_CERTSTATUS_REVOKED 1
+#define V_OCSP_CERTSTATUS_UNKNOWN 2
+typedef struct ocsp_cert_status_st
+	{
+	int type;
+	union	{
+		ASN1_NULL *good;
+		OCSP_REVOKEDINFO *revoked;
+		ASN1_NULL *unknown;
+		} value;
+	} OCSP_CERTSTATUS;
+
+/*   SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_single_response_st
+	{
+	OCSP_CERTID *certId;
+	OCSP_CERTSTATUS *certStatus;
+	ASN1_GENERALIZEDTIME *thisUpdate;
+	ASN1_GENERALIZEDTIME *nextUpdate;
+	STACK_OF(X509_EXTENSION) *singleExtensions;
+	} OCSP_SINGLERESP;
+
+DECLARE_STACK_OF(OCSP_SINGLERESP)
+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
+
+/*   ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_response_data_st
+	{
+	ASN1_INTEGER *version;
+	OCSP_RESPID  *responderId;
+	ASN1_GENERALIZEDTIME *producedAt;
+	STACK_OF(OCSP_SINGLERESP) *responses;
+	STACK_OF(X509_EXTENSION) *responseExtensions;
+	} OCSP_RESPDATA;
+
+/*   BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /* Note 1:
+     The value for "signature" is specified in the OCSP rfc2560 as follows:
+     "The value for the signature SHALL be computed on the hash of the DER
+     encoding ResponseData."  This means that you must hash the DER-encoded
+     tbsResponseData, and then run it through a crypto-signing function, which
+     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
+     a bit odd, but that's the spec.  Also note that the data structures do not
+     leave anywhere to independently specify the algorithm used for the initial
+     hash. So, we look at the signature-specification algorithm, and try to do
+     something intelligent.	-- Kathy Weinhold, CertCo */
+  /* Note 2:
+     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
+     for interpretation.  I've done tests against another responder, and found
+     that it doesn't do the double hashing that the RFC seems to say one
+     should.  Therefore, all relevant functions take a flag saying which
+     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */
+typedef struct ocsp_basic_response_st
+	{
+	OCSP_RESPDATA *tbsResponseData;
+	X509_ALGOR *signatureAlgorithm;
+	ASN1_BIT_STRING *signature;
+	STACK_OF(X509) *certs;
+	} OCSP_BASICRESP;
+
+/*
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+/* CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+typedef struct ocsp_crl_id_st
+        {
+	ASN1_IA5STRING *crlUrl;
+	ASN1_INTEGER *crlNum;
+	ASN1_GENERALIZEDTIME *crlTime;
+        } OCSP_CRLID;
+
+/* ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+typedef struct ocsp_service_locator_st
+        {
+	X509_NAME* issuer;
+	STACK_OF(ACCESS_DESCRIPTION) *locator;
+        } OCSP_SERVICELOC;
+ 
+#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"
+#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
+		OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
+		(unsigned char **)(p))
+
+#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
+		OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
+		(unsigned char **)(p))
+
+#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+#define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+			bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+			bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
+		(unsigned char *)o)
+
+#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
+		(unsigned char *)o)
+
+#define OCSP_REQUEST_sign(o,pkey,md) \
+	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+		o->optionalSignature->signatureAlgorithm,NULL,\
+	        o->optionalSignature->signature,o->tbsRequest,pkey,md)
+
+#define OCSP_BASICRESP_sign(o,pkey,md,d) \
+	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
+		o->signature,o->tbsResponseData,pkey,md)
+
+#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        a->optionalSignature->signatureAlgorithm,\
+	a->optionalSignature->signature,a->tbsRequest,r)
+
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+
+#define ASN1_BIT_STRING_digest(data,type,md,len) \
+	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
+		(char *(*)())d2i_OCSP_CERTID,(char *)(cid))
+
+#define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+			      X509_NAME *issuerName, 
+			      ASN1_BIT_STRING* issuerKey, 
+			      ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+		      X509           *signer,
+		      EVP_PKEY       *key,
+		      const EVP_MD   *dgst,
+		      STACK_OF(X509) *certs,
+		      unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+				int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+			ASN1_GENERALIZEDTIME *nextupd,
+			long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+			ASN1_OCTET_STRING **pikeyHash,
+			ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+						OCSP_CERTID *cid,
+						int status, int reason,
+						ASN1_TIME *revtime,
+					ASN1_TIME *thisupd, ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+			STACK_OF(X509) *certs, unsigned long flags);
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+				char *data, STACK_OF(ASN1_OBJECT) *sk);
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OCSP_strings(void);
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+#define OCSP_F_ASN1_STRING_ENCODE			 100
+#define OCSP_F_CERT_ID_NEW				 101
+#define OCSP_F_D2I_OCSP_NONCE				 102
+#define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103
+#define OCSP_F_OCSP_BASIC_SIGN				 104
+#define OCSP_F_OCSP_BASIC_VERIFY			 105
+#define OCSP_F_OCSP_CHECK_DELEGATED			 106
+#define OCSP_F_OCSP_CHECK_IDS				 107
+#define OCSP_F_OCSP_CHECK_ISSUER			 108
+#define OCSP_F_OCSP_CHECK_VALIDITY			 115
+#define OCSP_F_OCSP_MATCH_ISSUERID			 109
+#define OCSP_F_OCSP_PARSE_URL				 114
+#define OCSP_F_OCSP_REQUEST_SIGN			 110
+#define OCSP_F_OCSP_REQUEST_VERIFY			 116
+#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111
+#define OCSP_F_OCSP_SENDREQ_BIO				 112
+#define OCSP_F_REQUEST_VERIFY				 113
+
+/* Reason codes. */
+#define OCSP_R_BAD_DATA					 100
+#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101
+#define OCSP_R_DIGEST_ERR				 102
+#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122
+#define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123
+#define OCSP_R_ERROR_PARSING_URL			 121
+#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103
+#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124
+#define OCSP_R_NOT_BASIC_RESPONSE			 104
+#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105
+#define OCSP_R_NO_CONTENT				 106
+#define OCSP_R_NO_PUBLIC_KEY				 107
+#define OCSP_R_NO_RESPONSE_DATA				 108
+#define OCSP_R_NO_REVOKED_TIME				 109
+#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110
+#define OCSP_R_REQUEST_NOT_SIGNED			 128
+#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111
+#define OCSP_R_ROOT_CA_NOT_TRUSTED			 112
+#define OCSP_R_SERVER_READ_ERROR			 113
+#define OCSP_R_SERVER_RESPONSE_ERROR			 114
+#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115
+#define OCSP_R_SERVER_WRITE_ERROR			 116
+#define OCSP_R_SIGNATURE_FAILURE			 117
+#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118
+#define OCSP_R_STATUS_EXPIRED				 125
+#define OCSP_R_STATUS_NOT_YET_VALID			 126
+#define OCSP_R_STATUS_TOO_OLD				 127
+#define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119
+#define OCSP_R_UNKNOWN_NID				 120
+#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/ocsp/ocsp_asn.c b/crypto/openssl/crypto/ocsp/ocsp_asn.c
new file mode 100644
index 0000000..6a3a360
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_asn.c
@@ -0,0 +1,182 @@
+/* ocsp_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+	ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+	ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+	ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+	ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+	ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+	ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+	ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+	    ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+	    ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+	ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+	ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+	   ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+	   ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+	ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+  	ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+	ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+	ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+	ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+	   ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+	   ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+	   ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+	   ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+	   ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+	   ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+	   ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+	   ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+	   ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+	   ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+	   ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+	   ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+	   ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+	   ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/crypto/openssl/crypto/ocsp/ocsp_cl.c b/crypto/openssl/crypto/ocsp/ocsp_cl.c
new file mode 100755
index 0000000..9b3e6dd
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_cl.c
@@ -0,0 +1,370 @@
+/* ocsp_cl.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Utility functions related to sending OCSP requests and extracting
+ * relevant information from the response.
+ */
+
+/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 
+ * pointer: useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+        {
+	OCSP_ONEREQ *one = NULL;
+
+	if (!(one = OCSP_ONEREQ_new())) goto err;
+	if (one->reqCert) OCSP_CERTID_free(one->reqCert);
+	one->reqCert = cid;
+	if (req &&
+		!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+				goto err;
+	return one;
+err:
+	OCSP_ONEREQ_free(one);
+	return NULL;
+        }
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+	{
+	GENERAL_NAME *gen;
+	gen = GENERAL_NAME_new();
+	if (!X509_NAME_set(&gen->d.directoryName, nm))
+		{
+		GENERAL_NAME_free(gen);
+		return 0;
+		}
+	gen->type = GEN_DIRNAME;
+	if (req->tbsRequest->requestorName)
+		GENERAL_NAME_free(req->tbsRequest->requestorName);
+	req->tbsRequest->requestorName = gen;
+	return 1;
+	}
+	
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+	{
+	OCSP_SIGNATURE *sig;
+	if (!req->optionalSignature)
+		req->optionalSignature = OCSP_SIGNATURE_new();
+	sig = req->optionalSignature;
+	if (!sig) return 0;
+	if (!cert) return 1;
+	if (!sig->certs && !(sig->certs = sk_X509_new_null()))
+		return 0;
+
+	if(!sk_X509_push(sig->certs, cert)) return 0;
+	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+	return 1;
+	}
+
+/* Sign an OCSP request set the requestorName to the subjec
+ * name of an optional signers certificate and include one
+ * or more optional certificates in the request. Behaves
+ * like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+		      X509           *signer,
+		      EVP_PKEY       *key,
+		      const EVP_MD   *dgst,
+		      STACK_OF(X509) *certs,
+		      unsigned long flags)
+        {
+	int i;
+	OCSP_SIGNATURE *sig;
+	X509 *x;
+
+	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+			goto err;
+
+	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
+	if (!dgst) dgst = EVP_sha1();
+	if (key)
+		{
+		if (!X509_check_private_key(signer, key))
+			{
+			OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+			goto err;
+			}
+		if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
+		}
+
+	if (!(flags & OCSP_NOCERTS))
+		{
+		if(!OCSP_request_add1_cert(req, signer)) goto err;
+		for (i = 0; i < sk_X509_num(certs); i++)
+			{
+			x = sk_X509_value(certs, i);
+			if (!OCSP_request_add1_cert(req, x)) goto err;
+			}
+		}
+
+	return 1;
+err:
+	OCSP_SIGNATURE_free(req->optionalSignature);
+	req->optionalSignature = NULL;
+	return 0;
+	}
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+	{
+	return ASN1_ENUMERATED_get(resp->responseStatus);
+	}
+
+/* Extract basic response from OCSP_RESPONSE or NULL if
+ * no basic response present.
+ */
+ 
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+	{
+	OCSP_RESPBYTES *rb;
+	rb = resp->responseBytes;
+	if (!rb)
+		{
+		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+		return NULL;
+		}
+	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
+		{
+		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+		return NULL;
+		}
+
+	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+	}
+
+/* Return number of OCSP_SINGLERESP reponses present in
+ * a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+	{
+	if (!bs) return -1;
+	return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+	}
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+	{
+	if (!bs) return NULL;
+	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+	}
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+	{
+	int i;
+	STACK_OF(OCSP_SINGLERESP) *sresp;
+	OCSP_SINGLERESP *single;
+	if (!bs) return -1;
+	if (last < 0) last = 0;
+	else last++;
+	sresp = bs->tbsResponseData->responses;
+	for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
+		{
+		single = sk_OCSP_SINGLERESP_value(sresp, i);
+		if (!OCSP_id_cmp(id, single->certId)) return i;
+		}
+	return -1;
+	}
+
+/* Extract status information from an OCSP_SINGLERESP structure.
+ * Note: the revtime and reason values are only set if the 
+ * certificate status is revoked. Returns numerical value of
+ * status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd)
+	{
+	int ret;
+	OCSP_CERTSTATUS *cst;
+	if(!single) return -1;
+	cst = single->certStatus;
+	ret = cst->type;
+	if (ret == V_OCSP_CERTSTATUS_REVOKED)
+		{
+		OCSP_REVOKEDINFO *rev = cst->value.revoked;
+		if (revtime) *revtime = rev->revocationTime;
+		if (reason) 
+			{
+			if(rev->revocationReason)
+				*reason = ASN1_ENUMERATED_get(rev->revocationReason);
+			else *reason = -1;
+			}
+		}
+	if(thisupd) *thisupd = single->thisUpdate;
+	if(nextupd) *nextupd = single->nextUpdate;
+	return ret;
+	}
+
+/* This function combines the previous ones: look up a certificate ID and
+ * if found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+				int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd)
+	{
+	int i;
+	OCSP_SINGLERESP *single;
+	i = OCSP_resp_find(bs, id, -1);
+	/* Maybe check for multiple responses and give an error? */
+	if(i < 0) return 0;
+	single = OCSP_resp_get0(bs, i);
+	i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+	if(status) *status = i;
+	return 1;
+	}
+
+/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
+ * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
+ * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
+ * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+	{
+	int ret = 1;
+	time_t t_now, t_tmp;
+	time(&t_now);
+	/* Check thisUpdate is valid and not more than nsec in the future */
+	if (!ASN1_GENERALIZEDTIME_check(thisupd))
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+		ret = 0;
+		}
+	else 
+		{
+			t_tmp = t_now + nsec;
+			if (X509_cmp_time(thisupd, &t_tmp) > 0)
+			{
+			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+			ret = 0;
+			}
+
+		/* If maxsec specified check thisUpdate is not more than maxsec in the past */
+		if (maxsec >= 0)
+			{
+			t_tmp = t_now - maxsec;
+			if (X509_cmp_time(thisupd, &t_tmp) < 0)
+				{
+				OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+				ret = 0;
+				}
+			}
+		}
+		
+
+	if (!nextupd) return ret;
+
+	/* Check nextUpdate is valid and not more than nsec in the past */
+	if (!ASN1_GENERALIZEDTIME_check(nextupd))
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+		ret = 0;
+		}
+	else 
+		{
+		t_tmp = t_now - nsec;
+		if (X509_cmp_time(nextupd, &t_tmp) < 0)
+			{
+			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+			ret = 0;
+			}
+		}
+
+	/* Also don't allow nextUpdate to precede thisUpdate */
+	if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+		ret = 0;
+		}
+
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_err.c b/crypto/openssl/crypto/ocsp/ocsp_err.c
new file mode 100644
index 0000000..4c4d830
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_err.c
@@ -0,0 +1,139 @@
+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA OCSP_str_functs[]=
+	{
+{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0),	"ASN1_STRING_encode"},
+{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0),	"CERT_ID_NEW"},
+{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0),	"D2I_OCSP_NONCE"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0),	"OCSP_basic_add1_status"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0),	"OCSP_basic_sign"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0),	"OCSP_basic_verify"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0),	"OCSP_CHECK_DELEGATED"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0),	"OCSP_CHECK_IDS"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0),	"OCSP_CHECK_ISSUER"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0),	"OCSP_check_validity"},
+{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0),	"OCSP_MATCH_ISSUERID"},
+{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0),	"OCSP_parse_url"},
+{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0),	"OCSP_request_sign"},
+{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0),	"OCSP_request_verify"},
+{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0),	"OCSP_response_get1_basic"},
+{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0),	"OCSP_sendreq_bio"},
+{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0),	"REQUEST_VERIFY"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA OCSP_str_reasons[]=
+	{
+{OCSP_R_BAD_DATA                         ,"bad data"},
+{OCSP_R_CERTIFICATE_VERIFY_ERROR         ,"certificate verify error"},
+{OCSP_R_DIGEST_ERR                       ,"digest err"},
+{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD        ,"error in nextupdate field"},
+{OCSP_R_ERROR_IN_THISUPDATE_FIELD        ,"error in thisupdate field"},
+{OCSP_R_ERROR_PARSING_URL                ,"error parsing url"},
+{OCSP_R_MISSING_OCSPSIGNING_USAGE        ,"missing ocspsigning usage"},
+{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE     ,"nextupdate before thisupdate"},
+{OCSP_R_NOT_BASIC_RESPONSE               ,"not basic response"},
+{OCSP_R_NO_CERTIFICATES_IN_CHAIN         ,"no certificates in chain"},
+{OCSP_R_NO_CONTENT                       ,"no content"},
+{OCSP_R_NO_PUBLIC_KEY                    ,"no public key"},
+{OCSP_R_NO_RESPONSE_DATA                 ,"no response data"},
+{OCSP_R_NO_REVOKED_TIME                  ,"no revoked time"},
+{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
+{OCSP_R_REQUEST_NOT_SIGNED               ,"request not signed"},
+{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"},
+{OCSP_R_ROOT_CA_NOT_TRUSTED              ,"root ca not trusted"},
+{OCSP_R_SERVER_READ_ERROR                ,"server read error"},
+{OCSP_R_SERVER_RESPONSE_ERROR            ,"server response error"},
+{OCSP_R_SERVER_RESPONSE_PARSE_ERROR      ,"server response parse error"},
+{OCSP_R_SERVER_WRITE_ERROR               ,"server write error"},
+{OCSP_R_SIGNATURE_FAILURE                ,"signature failure"},
+{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND     ,"signer certificate not found"},
+{OCSP_R_STATUS_EXPIRED                   ,"status expired"},
+{OCSP_R_STATUS_NOT_YET_VALID             ,"status not yet valid"},
+{OCSP_R_STATUS_TOO_OLD                   ,"status too old"},
+{OCSP_R_UNKNOWN_MESSAGE_DIGEST           ,"unknown message digest"},
+{OCSP_R_UNKNOWN_NID                      ,"unknown nid"},
+{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE   ,"unsupported requestorname type"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
+		ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ext.c b/crypto/openssl/crypto/ocsp/ocsp_ext.c
new file mode 100755
index 0000000..d6c8899
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_ext.c
@@ -0,0 +1,528 @@
+/* ocsp_ext.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+	{
+	return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+	}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
+	}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
+	}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+	{
+	return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+	{
+	return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
+	}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+	}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
+	}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+	{
+	return(X509v3_get_ext_count(x->singleRequestExtensions));
+	}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
+	}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
+	}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+	{
+	return(X509v3_get_ext(x->singleRequestExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+	{
+	return(X509v3_delete_ext(x->singleRequestExtensions,loc));
+	}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+	}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
+	}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+	{
+	return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+	}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
+	}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
+	}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+	{
+	return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+	{
+	return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
+	}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
+	}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
+	}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+	{
+	return(X509v3_get_ext_count(x->singleExtensions));
+	}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
+	}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
+	}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+	{
+	return(X509v3_get_ext(x->singleExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+	{
+	return(X509v3_delete_ext(x->singleExtensions,loc));
+	}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+	}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
+	}
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+				char *data, STACK_OF(ASN1_OBJECT) *sk)
+        {
+	int i;
+	unsigned char *p, *b = NULL;
+
+	if (data)
+	        {
+		if ((i=i2d(data,NULL)) <= 0) goto err;
+		if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+			goto err;
+	        if (i2d(data, &p) <= 0) goto err;
+		}
+	else if (sk)
+	        {
+		if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE,
+				   V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
+		if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+			goto err;
+		if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE,
+				 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+		}
+	else
+		{
+		OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
+		goto err;
+		}
+	if (!s && !(s = ASN1_STRING_new())) goto err;
+	if (!(ASN1_STRING_set(s, b, i))) goto err;
+	OPENSSL_free(b);
+	return s;
+err:
+	if (b) OPENSSL_free(b);
+	return NULL;
+	}
+
+/* Nonce handling functions */
+
+/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
+ * a random nonce will be generated.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
+	{
+	unsigned char *tmpval;
+	ASN1_OCTET_STRING os;
+	int ret = 0;
+	if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
+	if (val) tmpval = val;
+	else
+		{
+		if (!(tmpval = OPENSSL_malloc(len))) goto err;
+		RAND_pseudo_bytes(tmpval, len);
+		}
+	os.data = tmpval;
+	os.length = len;
+	if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+			&os, 0, X509V3_ADD_REPLACE))
+				goto err;
+	ret = 1;
+	err:
+	if(!val) OPENSSL_free(tmpval);
+	return ret;
+	}
+
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+	{
+	return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+	}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+	{
+	return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
+	}
+
+/* Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+	{
+	/*
+	 * Since we are only interested in the presence or absence of
+	 * the nonce and comparing its value there is no need to use
+	 * the X509V3 routines: this way we can avoid them allocating an
+	 * ASN1_OCTET_STRING structure for the value which would be
+	 * freed immediately anyway.
+	 */
+
+	int req_idx, resp_idx;
+	X509_EXTENSION *req_ext, *resp_ext;
+	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+	resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+	/* Check both absent */
+	if((req_idx < 0) && (resp_idx < 0))
+		return 2;
+	/* Check in request only */
+	if((req_idx >= 0) && (resp_idx < 0))
+		return -1;
+	/* Check in response but not request */
+	if((req_idx < 0) && (resp_idx >= 0))
+		return 3;
+	/* Otherwise nonce in request and response so retrieve the extensions */
+	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+	resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+	if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+		return 0;
+	return 1;
+	}
+
+/* Copy the nonce value (if any) from an OCSP request to 
+ * a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+	{
+	X509_EXTENSION *req_ext;
+	int req_idx;
+	/* Check for nonce in request */
+	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+	/* If no nonce that's OK */
+	if (req_idx < 0) return 2;
+	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+	return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+	}
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+        {
+	X509_EXTENSION *x = NULL;
+	OCSP_CRLID *cid = NULL;
+	
+	if (!(cid = OCSP_CRLID_new())) goto err;
+	if (url)
+	        {
+		if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
+		if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
+		}
+	if (n)
+	        {
+		if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
+		if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
+		}
+	if (tim)
+	        {
+		if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
+		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
+		        goto err;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+	        goto err;
+	OCSP_CRLID_free(cid);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (cid) OCSP_CRLID_free(cid);
+	return NULL;
+	}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+        {
+	int nid;
+	STACK_OF(ASN1_OBJECT) *sk = NULL;
+	ASN1_OBJECT *o = NULL;
+        X509_EXTENSION *x = NULL;
+
+	if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
+	while (oids && *oids)
+	        {
+		if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
+		        sk_ASN1_OBJECT_push(sk, o);
+		oids++;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+		goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+	        goto err;
+	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+	return NULL;
+        }
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
+        {
+	X509_EXTENSION *x=NULL;
+	ASN1_GENERALIZEDTIME *gt = NULL;
+
+	if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
+	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
+				 (char*)gt,NULL))) goto err;
+	ASN1_GENERALIZEDTIME_free(gt);
+	return x;
+err:
+	if (gt) ASN1_GENERALIZEDTIME_free(gt);
+	if (x) X509_EXTENSION_free(x);
+	return NULL;
+	}
+
+/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
+ * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+        {
+	X509_EXTENSION *x = NULL;
+	ASN1_IA5STRING *ia5 = NULL;
+	OCSP_SERVICELOC *sloc = NULL;
+	ACCESS_DESCRIPTION *ad = NULL;
+	
+	if (!(sloc = OCSP_SERVICELOC_new())) goto err;
+	if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
+	if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
+	while (urls && *urls)
+	        {
+		if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
+		if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
+		if (!(ad->location = GENERAL_NAME_new())) goto err;
+	        if (!(ia5 = ASN1_IA5STRING_new())) goto err;
+		if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
+		ad->location->type = GEN_URI;
+		ad->location->d.ia5 = ia5;
+		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
+		urls++;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
+	        goto err;
+	if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
+				 (char*)sloc, NULL))) goto err;
+	OCSP_SERVICELOC_free(sloc);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (sloc) OCSP_SERVICELOC_free(sloc);
+	return NULL;
+	}
+
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ht.c b/crypto/openssl/crypto/ocsp/ocsp_ht.c
new file mode 100644
index 0000000..357709a
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_ht.c
@@ -0,0 +1,167 @@
+/* ocsp_ht.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#ifdef OPENSSL_SYS_SUNOS
+#define strtoul (unsigned long)strtol
+#endif /* OPENSSL_SYS_SUNOS */
+
+/* Quick and dirty HTTP OCSP request handler.
+ * Could make this a bit cleverer by adding
+ * support for non blocking BIOs and a few
+ * other refinements.
+ */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+{
+	BIO *mem = NULL;
+	char tmpbuf[1024];
+	OCSP_RESPONSE *resp = NULL;
+	char *p, *q, *r;
+	int len, retcode;
+	static char req_txt[] =
+"POST %s HTTP/1.0\r\n\
+Content-Type: application/ocsp-request\r\n\
+Content-Length: %d\r\n\r\n";
+
+	len = i2d_OCSP_REQUEST(req, NULL);
+	if(BIO_printf(b, req_txt, path, len) < 0) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+		goto err;
+	}
+	if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+		goto err;
+	}
+	if(!(mem = BIO_new(BIO_s_mem()))) goto err;
+	/* Copy response to a memory BIO: socket bios can't do gets! */
+	while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
+		if(len < 0) {
+			OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
+			goto err;
+		}
+		BIO_write(mem, tmpbuf, len);
+	}
+	if(BIO_gets(mem, tmpbuf, 512) <= 0) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Parse the HTTP response. This will look like this:
+	 * "HTTP/1.0 200 OK". We need to obtain the numeric code and
+         * informational message.
+	 */
+
+	/* Skip to first white space (passed protocol info) */
+	for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
+	if(!*p) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Skip past white space to start of response code */
+	while(*p && isspace((unsigned char)*p)) p++;
+	if(!*p) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Find end of response code: first whitespace after start of code */
+	for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
+	if(!*q) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Set end of response code and start of message */ 
+	*q++ = 0;
+	/* Attempt to parse numeric code */
+	retcode = strtoul(p, &r, 10);
+	if(*r) goto err;
+	/* Skip over any leading white space in message */
+	while(*q && isspace((unsigned char)*q))  q++;
+	if(!*q) goto err;
+	/* Finally zap any trailing white space in message (include CRLF) */
+	/* We know q has a non white space character so this is OK */
+	for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
+	if(retcode != 200) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
+		ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+		goto err;
+	}
+	/* Find blank line marking beginning of content */	
+	while(BIO_gets(mem, tmpbuf, 512) > 0)
+	{
+		for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue;
+		if(!*p) break;
+	}
+	if(*p) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);
+		goto err;
+	}
+	if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+	}
+	err:
+	BIO_free(mem);
+	return resp;
+}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_lib.c b/crypto/openssl/crypto/ocsp/ocsp_lib.c
new file mode 100755
index 0000000..3875af1
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_lib.c
@@ -0,0 +1,261 @@
+/* ocsp_lib.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+{
+	X509_NAME *iname;
+	ASN1_INTEGER *serial;
+	ASN1_BIT_STRING *ikey;
+#ifndef OPENSSL_NO_SHA1
+	if(!dgst) dgst = EVP_sha1();
+#endif
+	if (subject)
+		{
+		iname = X509_get_issuer_name(subject);
+		serial = X509_get_serialNumber(subject);
+		}
+	else
+		{
+		iname = X509_get_subject_name(issuer);
+		serial = NULL;
+		}
+	ikey = X509_get0_pubkey_bitstr(issuer);
+	return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+			      X509_NAME *issuerName, 
+			      ASN1_BIT_STRING* issuerKey, 
+			      ASN1_INTEGER *serialNumber)
+        {
+	int nid;
+        unsigned int i;
+	X509_ALGOR *alg;
+	OCSP_CERTID *cid = NULL;
+	unsigned char md[EVP_MAX_MD_SIZE];
+
+	if (!(cid = OCSP_CERTID_new())) goto err;
+
+	alg = cid->hashAlgorithm;
+	if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
+	if ((nid = EVP_MD_type(dgst)) == NID_undef)
+	        {
+		OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+		goto err;
+		}
+	if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
+	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	alg->parameter->type=V_ASN1_NULL;
+
+	if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
+	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
+
+	/* Calculate the issuerKey hash, excluding tag and length */
+	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+
+	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
+
+	if (serialNumber)
+		{
+		ASN1_INTEGER_free(cid->serialNumber);
+		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+		}
+	return cid;
+digerr:
+	OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+err:
+	if (cid) OCSP_CERTID_free(cid);
+	return NULL;
+	}
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+	{
+	int ret;
+	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+	if (ret) return ret;
+	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+	if (ret) return ret;
+	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+	}
+
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+	{
+	int ret;
+	ret = OCSP_id_issuer_cmp(a, b);
+	if (ret) return ret;
+	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+	}
+
+
+/* Parse a URL and split it up into host, port and path components and whether
+ * it is SSL.
+ */
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+	{
+	char *p, *buf;
+
+	char *host, *port;
+
+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
+	*phost = NULL;
+	*pport = NULL;
+	*ppath = NULL;
+
+	/* Check for initial colon */
+	p = strchr(buf, ':');
+
+	if (!p) goto parse_err;
+
+	*(p++) = '\0';
+
+	if (!strcmp(buf, "http"))
+		{
+		*pssl = 0;
+		port = "80";
+		}
+	else if (!strcmp(buf, "https"))
+		{
+		*pssl = 1;
+		port = "443";
+		}
+	else
+		goto parse_err;
+
+	/* Check for double slash */
+	if ((p[0] != '/') || (p[1] != '/'))
+		goto parse_err;
+
+	p += 2;
+
+	host = p;
+
+	/* Check for trailing part of path */
+
+	p = strchr(p, '/');
+
+	if (!p) 
+		*ppath = BUF_strdup("/");
+	else
+		{
+		*ppath = BUF_strdup(p);
+		/* Set start of path to 0 so hostname is valid */
+		*p = '\0';
+		}
+
+	if (!*ppath) goto mem_err;
+
+	/* Look for optional ':' for port number */
+	if ((p = strchr(host, ':')))
+		{
+		*p = 0;
+		port = p + 1;
+		}
+	else
+		{
+		/* Not found: set default port */
+		if (*pssl) port = "443";
+		else port = "80";
+		}
+
+	*pport = BUF_strdup(port);
+	if (!*pport) goto mem_err;
+
+	*phost = BUF_strdup(host);
+
+	if (!*phost) goto mem_err;
+
+	OPENSSL_free(buf);
+
+	return 1;
+
+	mem_err:
+	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+	goto err;
+
+	parse_err:
+	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+
+	err:
+	if (*ppath) OPENSSL_free(*ppath);
+	if (*pport) OPENSSL_free(*pport);
+	if (*phost) OPENSSL_free(*phost);
+	return 0;
+
+	}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_prn.c b/crypto/openssl/crypto/ocsp/ocsp_prn.c
new file mode 100644
index 0000000..4b7bc28
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_prn.c
@@ -0,0 +1,291 @@
+/* ocsp_prn.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
+        {
+	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+	indent += 2;
+	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+	BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+	i2a_ASN1_INTEGER(bp, a->serialNumber);
+	BIO_printf(bp, "\n");
+	return 1;
+	}
+
+typedef struct
+	{
+	long t;
+	char *m;
+	} OCSP_TBLSTR;
+
+static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+{
+	OCSP_TBLSTR *p;
+	for (p=ts; p < ts + len; p++)
+	        if (p->t == s)
+		         return p->m;
+	return "(UNKNOWN)";
+}
+
+char *OCSP_response_status_str(long s)
+        {
+	static OCSP_TBLSTR rstat_tbl[] = {
+	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
+	        { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+	        { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+	        { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+	        { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+	        { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
+	return table2string(s, rstat_tbl, 6);
+	} 
+
+char *OCSP_cert_status_str(long s)
+        {
+	static OCSP_TBLSTR cstat_tbl[] = {
+	        { V_OCSP_CERTSTATUS_GOOD, "good" },
+	        { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+	        { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
+	return table2string(s, cstat_tbl, 3);
+	} 
+
+char *OCSP_crl_reason_str(long s)
+        {
+	OCSP_TBLSTR reason_tbl[] = {
+	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
+	return table2string(s, reason_tbl, 8);
+	} 
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
+        {
+	int i;
+	long l;
+	OCSP_CERTID* cid = NULL;
+	OCSP_ONEREQ *one = NULL;
+	OCSP_REQINFO *inf = o->tbsRequest;
+	OCSP_SIGNATURE *sig = o->optionalSignature;
+
+	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
+	l=ASN1_INTEGER_get(inf->version);
+	if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
+	if (inf->requestorName != NULL)
+	        {
+		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
+		        goto err;
+		GENERAL_NAME_print(bp, inf->requestorName);
+		}
+	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
+	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
+	        {
+		one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+		cid = one->reqCert;
+		ocsp_certid_print(bp, cid, 8);
+		if (!X509V3_extensions_print(bp,
+					"Request Single Extensions",
+					one->singleRequestExtensions, flags, 8))
+							goto err;
+		}
+	if (!X509V3_extensions_print(bp, "Request Extensions",
+			inf->requestExtensions, flags, 4))
+							goto err;
+	if (sig)
+	        {
+		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+		for (i=0; i<sk_X509_num(sig->certs); i++)
+			{
+			X509_print(bp, sk_X509_value(sig->certs,i));
+			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
+			}
+		}
+	return 1;
+err:
+	return 0;
+	}
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
+        {
+	int i, ret = 0;
+	long l;
+	unsigned char *p;
+	OCSP_CERTID *cid = NULL;
+	OCSP_BASICRESP *br = NULL;
+	OCSP_RESPID *rid = NULL;
+	OCSP_RESPDATA  *rd = NULL;
+	OCSP_CERTSTATUS *cst = NULL;
+	OCSP_REVOKEDINFO *rev = NULL;
+	OCSP_SINGLERESP *single = NULL;
+	OCSP_RESPBYTES *rb = o->responseBytes;
+
+	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
+	l=ASN1_ENUMERATED_get(o->responseStatus);
+	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
+		       OCSP_response_status_str(l), l) <= 0) goto err;
+	if (rb == NULL) return 1;
+        if (BIO_puts(bp,"    Response Type: ") <= 0)
+	        goto err;
+	if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+	        goto err;
+	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
+	        {
+		BIO_puts(bp," (unknown response type)\n");
+		return 1;
+		}
+
+	p = ASN1_STRING_data(rb->response);
+	i = ASN1_STRING_length(rb->response);
+	if (!(br = OCSP_response_get1_basic(o))) goto err;
+	rd = br->tbsResponseData;
+	l=ASN1_INTEGER_get(rd->version);
+	if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",
+		       l+1,l) <= 0) goto err;
+	if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;
+
+	rid =  rd->responderId;
+	switch (rid->type)
+		{
+		case V_OCSP_RESPID_NAME:
+		        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+		        break;
+		case V_OCSP_RESPID_KEY:
+		        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+		        break;
+		}
+
+	if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;
+	if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
+	if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;
+	for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
+	        {
+		if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
+		single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+		cid = single->certId;
+		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
+		cst = single->certStatus;
+		if (BIO_printf(bp,"    Cert Status: %s",
+			       OCSP_cert_status_str(cst->type)) <= 0)
+		        goto err;
+		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
+		        {
+		        rev = cst->value.revoked;
+			if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
+			        goto err;
+			if (!ASN1_GENERALIZEDTIME_print(bp, 
+							rev->revocationTime)) 
+				goto err;
+			if (rev->revocationReason) 
+			        {
+				l=ASN1_ENUMERATED_get(rev->revocationReason);
+				if (BIO_printf(bp, 
+					 "\n    Revocation Reason: %s (0x%x)",
+					       OCSP_crl_reason_str(l), l) <= 0)
+				        goto err;
+				}
+			}
+		if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
+		if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
+			goto err;
+		if (single->nextUpdate)
+		        {
+			if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
+			if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+				goto err;
+			}
+		if (!BIO_write(bp,"\n",1)) goto err;
+		if (!X509V3_extensions_print(bp,
+					"Response Single Extensions",
+					single->singleExtensions, flags, 8))
+							goto err;
+		if (!BIO_write(bp,"\n",1)) goto err;
+		}
+	if (!X509V3_extensions_print(bp, "Response Extensions",
+					rd->responseExtensions, flags, 4))
+	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+							goto err;
+
+	for (i=0; i<sk_X509_num(br->certs); i++)
+		{
+		X509_print(bp, sk_X509_value(br->certs,i));
+		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+		}
+
+	ret = 1;
+err:
+	OCSP_BASICRESP_free(br);
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_srv.c b/crypto/openssl/crypto/ocsp/ocsp_srv.c
new file mode 100755
index 0000000..fffa134
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_srv.c
@@ -0,0 +1,264 @@
+/* ocsp_srv.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+	{
+	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+	}
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+	{
+	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+	}
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+	{
+	return one->reqCert;
+	}
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+			ASN1_OCTET_STRING **pikeyHash,
+			ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+	{
+	if (!cid) return 0;
+	if (pmd) *pmd = cid->hashAlgorithm->algorithm;
+	if(piNameHash) *piNameHash = cid->issuerNameHash;
+	if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
+	if (pserial) *pserial = cid->serialNumber;
+	return 1;
+	}
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+	{
+	if(req->optionalSignature) return 1;
+	return 0;
+	}
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+        {
+        OCSP_RESPONSE *rsp = NULL;
+
+	if (!(rsp = OCSP_RESPONSE_new())) goto err;
+	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
+	if (!bs) return rsp;
+	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
+	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+				goto err;
+	return rsp;
+err:
+	if (rsp) OCSP_RESPONSE_free(rsp);
+	return NULL;
+	}
+
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+						OCSP_CERTID *cid,
+						int status, int reason,
+						ASN1_TIME *revtime,
+					ASN1_TIME *thisupd, ASN1_TIME *nextupd)
+	{
+	OCSP_SINGLERESP *single = NULL;
+	OCSP_CERTSTATUS *cs;
+	OCSP_REVOKEDINFO *ri;
+
+	if(!rsp->tbsResponseData->responses &&
+	    !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
+		goto err;
+
+	if (!(single = OCSP_SINGLERESP_new()))
+		goto err;
+
+
+
+	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+		goto err;
+	if (nextupd &&
+		!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+		goto err;
+
+	OCSP_CERTID_free(single->certId);
+
+	if(!(single->certId = OCSP_CERTID_dup(cid)))
+		goto err;
+
+	cs = single->certStatus;
+	switch(cs->type = status)
+		{
+	case V_OCSP_CERTSTATUS_REVOKED:
+		if (!revtime)
+		        {
+		        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
+			goto err;
+		        }
+		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
+		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+			goto err;	
+		if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
+		        {
+			if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
+			        goto err;
+			if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
+						  reason)))
+			        goto err;	
+			}
+		break;
+
+	case V_OCSP_CERTSTATUS_GOOD:
+		cs->value.good = ASN1_NULL_new();
+		break;
+
+	case V_OCSP_CERTSTATUS_UNKNOWN:
+		cs->value.unknown = ASN1_NULL_new();
+		break;
+
+	default:
+		goto err;
+
+		}
+	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+		goto err;
+	return single;
+err:
+	OCSP_SINGLERESP_free(single);
+	return NULL;
+	}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+	{
+	if (!resp->certs && !(resp->certs = sk_X509_new_null()))
+		return 0;
+
+	if(!sk_X509_push(resp->certs, cert)) return 0;
+	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+	return 1;
+	}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+			STACK_OF(X509) *certs, unsigned long flags)
+        {
+	int i;
+	OCSP_RESPID *rid;
+
+	if (!X509_check_private_key(signer, key))
+		{
+		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		goto err;
+		}
+
+	if(!(flags & OCSP_NOCERTS))
+		{
+		if(!OCSP_basic_add1_cert(brsp, signer))
+			goto err;
+		for (i = 0; i < sk_X509_num(certs); i++)
+			{
+			X509 *tmpcert = sk_X509_value(certs, i);
+			if(!OCSP_basic_add1_cert(brsp, tmpcert))
+				goto err;
+			}
+		}
+
+	rid = brsp->tbsResponseData->responderId;
+	if (flags & OCSP_RESPID_KEY)
+		{
+		unsigned char md[SHA_DIGEST_LENGTH];
+		X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
+		if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+			goto err;
+		if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+				goto err;
+		rid->type = V_OCSP_RESPID_KEY;
+		}
+	else
+		{
+		if (!X509_NAME_set(&rid->value.byName,
+					X509_get_subject_name(signer)))
+				goto err;
+		rid->type = V_OCSP_RESPID_NAME;
+		}
+
+	if (!(flags & OCSP_NOTIME) &&
+		!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+		goto err;
+
+	/* Right now, I think that not doing double hashing is the right
+	   thing.	-- Richard Levitte */
+
+	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
+
+	return 1;
+err:
+	return 0;
+	}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
new file mode 100644
index 0000000..1f5fda7
--- /dev/null
+++ b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
@@ -0,0 +1,444 @@
+/* ocsp_vfy.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags)
+	{
+	X509 *signer, *x;
+	STACK_OF(X509) *chain = NULL;
+	X509_STORE_CTX ctx;
+	int i, ret = 0;
+	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+	if (!ret)
+		{
+		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+		goto end;
+		}
+	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+		flags |= OCSP_NOVERIFY;
+	if (!(flags & OCSP_NOSIGS))
+		{
+		EVP_PKEY *skey;
+		skey = X509_get_pubkey(signer);
+		ret = OCSP_BASICRESP_verify(bs, skey, 0);
+		EVP_PKEY_free(skey);
+		if(ret <= 0)
+			{
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+			goto end;
+			}
+		}
+	if (!(flags & OCSP_NOVERIFY))
+		{
+		int init_res;
+		if(flags & OCSP_NOCHAIN)
+			init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
+		else
+			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+		if(!init_res)
+			{
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+			goto end;
+			}
+
+		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+		ret = X509_verify_cert(&ctx);
+		chain = X509_STORE_CTX_get1_chain(&ctx);
+		X509_STORE_CTX_cleanup(&ctx);
+                if (ret <= 0)
+			{
+			i = X509_STORE_CTX_get_error(&ctx);	
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
+			ERR_add_error_data(2, "Verify error:",
+					X509_verify_cert_error_string(i));
+                        goto end;
+                	}
+		if(flags & OCSP_NOCHECKS)
+			{
+			ret = 1;
+			goto end;
+			}
+		/* At this point we have a valid certificate chain
+		 * need to verify it against the OCSP issuer criteria.
+		 */
+		ret = ocsp_check_issuer(bs, chain, flags);
+
+		/* If fatal error or valid match then finish */
+		if (ret != 0) goto end;
+
+		/* Easy case: explicitly trusted. Get root CA and
+		 * check for explicit trust
+		 */
+		if(flags & OCSP_NOEXPLICIT) goto end;
+
+		x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+		if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
+			{
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
+			goto end;
+			}
+		ret = 1;
+		}
+
+
+
+	end:
+	if(chain) sk_X509_pop_free(chain, X509_free);
+	return ret;
+	}
+
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags)
+	{
+	X509 *signer;
+	OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+	if ((signer = ocsp_find_signer_sk(certs, rid)))
+		{
+		*psigner = signer;
+		return 2;
+		}
+	if(!(flags & OCSP_NOINTERN) &&
+	    (signer = ocsp_find_signer_sk(bs->certs, rid)))
+		{
+		*psigner = signer;
+		return 1;
+		}
+	/* Maybe lookup from store if by subject name */
+
+	*psigner = NULL;
+	return 0;
+	}
+
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+	{
+	int i;
+	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+	X509 *x;
+
+	/* Easy if lookup by name */
+	if (id->type == V_OCSP_RESPID_NAME)
+		return X509_find_by_subject(certs, id->value.byName);
+
+	/* Lookup by key hash */
+
+	/* If key hash isn't SHA1 length then forget it */
+	if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
+	keyhash = id->value.byKey->data;
+	/* Calculate hash of each key and compare */
+	for (i = 0; i < sk_X509_num(certs); i++)
+		{
+		x = sk_X509_value(certs, i);
+		X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+		if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+			return x;
+		}
+	return NULL;
+	}
+
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
+	{
+	STACK_OF(OCSP_SINGLERESP) *sresp;
+	X509 *signer, *sca;
+	OCSP_CERTID *caid = NULL;
+	int i;
+	sresp = bs->tbsResponseData->responses;
+
+	if (sk_X509_num(chain) <= 0)
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+		return -1;
+		}
+
+	/* See if the issuer IDs match. */
+	i = ocsp_check_ids(sresp, &caid);
+
+	/* If ID mismatch or other error then return */
+	if (i <= 0) return i;
+
+	signer = sk_X509_value(chain, 0);
+	/* Check to see if OCSP responder CA matches request CA */
+	if (sk_X509_num(chain) > 1)
+		{
+		sca = sk_X509_value(chain, 1);
+		i = ocsp_match_issuerid(sca, caid, sresp);
+		if (i < 0) return i;
+		if (i)
+			{
+			/* We have a match, if extensions OK then success */
+			if (ocsp_check_delegated(signer, flags)) return 1;
+			return 0;
+			}
+		}
+
+	/* Otherwise check if OCSP request signed directly by request CA */
+	return ocsp_match_issuerid(signer, caid, sresp);
+	}
+
+
+/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
+ * algorithm then there's no point trying to match any certificates against the issuer.
+ * If the issuer IDs all match then we just need to check equality against one of them.
+ */
+	
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+	{
+	OCSP_CERTID *tmpid, *cid;
+	int i, idcount;
+
+	idcount = sk_OCSP_SINGLERESP_num(sresp);
+	if (idcount <= 0)
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+		return -1;
+		}
+
+	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+	*ret = NULL;
+
+	for (i = 1; i < idcount; i++)
+		{
+		tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+		/* Check to see if IDs match */
+		if (OCSP_id_issuer_cmp(cid, tmpid))
+			{
+			/* If algoritm mismatch let caller deal with it */
+			if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
+					cid->hashAlgorithm->algorithm))
+					return 2;
+			/* Else mismatch */
+			return 0;
+			}
+		}
+
+	/* All IDs match: only need to check one ID */
+	*ret = cid;
+	return 1;
+	}
+
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+			STACK_OF(OCSP_SINGLERESP) *sresp)
+	{
+	/* If only one ID to match then do it */
+	if(cid)
+		{
+		const EVP_MD *dgst;
+		X509_NAME *iname;
+		int mdlen;
+		unsigned char md[EVP_MAX_MD_SIZE];
+		if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
+			{
+			OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+			return -1;
+			}
+
+		mdlen = EVP_MD_size(dgst);
+		if ((cid->issuerNameHash->length != mdlen) ||
+		   (cid->issuerKeyHash->length != mdlen))
+			return 0;
+		iname = X509_get_subject_name(cert);
+		if (!X509_NAME_digest(iname, dgst, md, NULL))
+			return -1;
+		if (memcmp(md, cid->issuerNameHash->data, mdlen))
+			return 0;
+		X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+		if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+			return 0;
+
+		return 1;
+
+		}
+	else
+		{
+		/* We have to match the whole lot */
+		int i, ret;
+		OCSP_CERTID *tmpid;
+		for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
+			{
+			tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+			ret = ocsp_match_issuerid(cert, tmpid, NULL);
+			if (ret <= 0) return ret;
+			}
+		return 1;
+		}
+			
+	}
+
+static int ocsp_check_delegated(X509 *x, int flags)
+	{
+	X509_check_purpose(x, -1, 0);
+	if ((x->ex_flags & EXFLAG_XKUSAGE) &&
+	    (x->ex_xkusage & XKU_OCSP_SIGN))
+		return 1;
+	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+	return 0;
+	}
+
+/* Verify an OCSP request. This is fortunately much easier than OCSP
+ * response verify. Just find the signers certificate and verify it
+ * against a given trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
+        {
+	X509 *signer;
+	X509_NAME *nm;
+	GENERAL_NAME *gen;
+	int ret;
+	X509_STORE_CTX ctx;
+	if (!req->optionalSignature) 
+		{
+		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+		return 0;
+		}
+	gen = req->tbsRequest->requestorName;
+	if (gen->type != GEN_DIRNAME)
+		{
+		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+		return 0;
+		}
+	nm = gen->d.directoryName;
+	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+	if (ret <= 0)
+		{
+		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+		return 0;
+		}
+	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+		flags |= OCSP_NOVERIFY;
+	if (!(flags & OCSP_NOSIGS))
+		{
+		EVP_PKEY *skey;
+		skey = X509_get_pubkey(signer);
+		ret = OCSP_REQUEST_verify(req, skey);
+		EVP_PKEY_free(skey);
+		if(ret <= 0)
+			{
+			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+			return 0;
+			}
+		}
+	if (!(flags & OCSP_NOVERIFY))
+		{
+		int init_res;
+		if(flags & OCSP_NOCHAIN)
+			init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
+		else
+			init_res = X509_STORE_CTX_init(&ctx, store, signer,
+					req->optionalSignature->certs);
+		if(!init_res)
+			{
+			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+			return 0;
+			}
+
+		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+		X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
+		ret = X509_verify_cert(&ctx);
+		X509_STORE_CTX_cleanup(&ctx);
+                if (ret <= 0)
+			{
+			ret = X509_STORE_CTX_get_error(&ctx);	
+			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
+			ERR_add_error_data(2, "Verify error:",
+					X509_verify_cert_error_string(ret));
+                        return 0;
+                	}
+		}
+	return 1;
+        }
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags)
+	{
+	X509 *signer;
+	if(!(flags & OCSP_NOINTERN))
+		{
+		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+		*psigner = signer;
+		return 1;
+		}
+
+	signer = X509_find_by_subject(certs, nm);
+	if (signer)
+		{
+		*psigner = signer;
+		return 2;
+		}
+	return 0;
+	}
diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h
index 2c6ddae..492041b 100644
--- a/crypto/openssl/crypto/opensslconf.h
+++ b/crypto/openssl/crypto/opensslconf.h
@@ -2,12 +2,22 @@
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
 /* OpenSSL was configured with the following options: */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-   /* no ciphers excluded */
-#endif
-#ifdef OPENSSL_THREAD_DEFINES
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
 #endif
-#ifdef OPENSSL_OTHER_DEFINES
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
 #endif
 
 /* crypto/opensslconf.h.in */
@@ -21,8 +31,11 @@
 #endif
 #endif
 
+#undef OPENSSL_UNISTD
 #define OPENSSL_UNISTD <unistd.h>
 
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
 #if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
 #define IDEA_INT unsigned int
 #endif
@@ -56,7 +69,7 @@
 #endif
 #endif
 
-#if defined(HEADER_DES_H) && !defined(DES_LONG)
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
  * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
@@ -156,7 +169,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
-#elif defined( i386 )		/* x86 boxes, should be gcc */
+#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
diff --git a/crypto/openssl/crypto/opensslconf.h.in b/crypto/openssl/crypto/opensslconf.h.in
index 1b85ae5..685e83b 100644
--- a/crypto/openssl/crypto/opensslconf.h.in
+++ b/crypto/openssl/crypto/opensslconf.h.in
@@ -9,8 +9,11 @@
 #endif
 #endif
 
+#undef OPENSSL_UNISTD
 #define OPENSSL_UNISTD <unistd.h>
 
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
 #if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
 #define IDEA_INT unsigned int
 #endif
@@ -44,7 +47,7 @@
 #endif
 #endif
 
-#if defined(HEADER_DES_H) && !defined(DES_LONG)
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
  * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
@@ -144,7 +147,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
-#elif defined( i386 )		/* x86 boxes, should be gcc */
+#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index b6ae945..516012f 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x0090607fL
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6g 9 Aug 2002"
+#define OPENSSL_VERSION_NUMBER	0x0090700fL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7 31 Dec 2002"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 
@@ -79,7 +79,7 @@
  * should only keep the versions that are binary compatible with the current.
  */
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.6"
+#define SHLIB_VERSION_NUMBER "0.9.7"
 
 
 #endif /* HEADER_OPENSSLV_H */
diff --git a/crypto/openssl/crypto/ossl_typ.h b/crypto/openssl/crypto/ossl_typ.h
new file mode 100644
index 0000000..285fd0b
--- /dev/null
+++ b/crypto/openssl/crypto/ossl_typ.h
@@ -0,0 +1,122 @@
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+#define HEADER_OPENSSL_TYPES_H
+
+#include <openssl/e_os2.h>
+
+#ifdef NO_ASN1_TYPEDEFS
+#define ASN1_INTEGER		ASN1_STRING
+#define ASN1_ENUMERATED		ASN1_STRING
+#define ASN1_BIT_STRING		ASN1_STRING
+#define ASN1_OCTET_STRING	ASN1_STRING
+#define ASN1_PRINTABLESTRING	ASN1_STRING
+#define ASN1_T61STRING		ASN1_STRING
+#define ASN1_IA5STRING		ASN1_STRING
+#define ASN1_UTCTIME		ASN1_STRING
+#define ASN1_GENERALIZEDTIME	ASN1_STRING
+#define ASN1_TIME		ASN1_STRING
+#define ASN1_GENERALSTRING	ASN1_STRING
+#define ASN1_UNIVERSALSTRING	ASN1_STRING
+#define ASN1_BMPSTRING		ASN1_STRING
+#define ASN1_VISIBLESTRING	ASN1_STRING
+#define ASN1_UTF8STRING		ASN1_STRING
+#define ASN1_BOOLEAN		int
+#define ASN1_NULL		int
+#else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+#undef X509_NAME
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct env_md_st EVP_MD;
+typedef struct env_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct X509_name_st X509_NAME;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+
+typedef struct engine_st ENGINE;
+
+  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
+#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
+
+#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/crypto/openssl/crypto/pem/Makefile.ssl b/crypto/openssl/crypto/pem/Makefile.ssl
index 111dbc1..90eda93 100644
--- a/crypto/openssl/crypto/pem/Makefile.ssl
+++ b/crypto/openssl/crypto/pem/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	pem
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -22,9 +23,11 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
 
-LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
+LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+	pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
 
 SRC= $(LIBSRC)
 
@@ -40,8 +43,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -69,7 +71,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -80,30 +82,33 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
+pem_all.o: ../../e_os.h ../../include/openssl/aes.h
 pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_all.o: ../cryptlib.h
-pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-pem_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
@@ -111,94 +116,221 @@ pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_err.o: ../../include/openssl/x509_vfy.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/aes.h
 pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pem_info.o: ../../include/openssl/opensslconf.h
-pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/aes.h
 pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-pem_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pem_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_lib.o: ../cryptlib.h
+pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/aes.h
+pem_oth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_oth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_oth.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_oth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_oth.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_oth.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_oth.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_oth.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_oth.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pk8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pk8.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pk8.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pk8.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pk8.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pk8.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pk8.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_pk8.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_pk8.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_pk8.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_pk8.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pkey.o: ../cryptlib.h pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/aes.h
 pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pem_seal.o: ../../include/openssl/opensslconf.h
-pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_seal.o: ../cryptlib.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/aes.h
 pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pem_sign.o: ../../include/openssl/opensslconf.h
-pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_sign.o: ../cryptlib.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/aes.h
+pem_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_x509.o: ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/aes.h
+pem_xaux.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_xaux.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_xaux.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_xaux.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_xaux.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_xaux.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_xaux.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_xaux.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_xaux.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_xaux.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_xaux.o: ../cryptlib.h pem_xaux.c
diff --git a/crypto/openssl/crypto/pem/pem.h b/crypto/openssl/crypto/pem/pem.h
index 3867b2b..d330cbf 100644
--- a/crypto/openssl/crypto/pem/pem.h
+++ b/crypto/openssl/crypto/pem/pem.h
@@ -59,15 +59,16 @@
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#ifndef NO_STACK
+#ifndef OPENSSL_NO_STACK
 #include <openssl/stack.h>
 #endif
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem2.h>
+#include <openssl/e_os2.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -126,7 +127,8 @@ extern "C" {
 #define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
 
-
+  /* Note that this structure is initialised by PEM_SealInit and cleaned up
+     by PEM_SealFinal (at least for now) */
 typedef struct PEM_Encode_Seal_st
 	{
 	EVP_ENCODE_CTX encode;
@@ -147,7 +149,7 @@ typedef struct pem_recip_st
 
 	int cipher;
 	int key_enc;
-	char iv[8];
+	/*	char iv[8]; unused and wrong size */
 	} PEM_USER;
 
 typedef struct pem_ctx_st
@@ -163,7 +165,8 @@ typedef struct pem_ctx_st
 
 	struct	{
 		int cipher;
-		unsigned char iv[8];
+	/* unused, and wrong size
+	   unsigned char iv[8]; */
 		} DEK_info;
 		
 	PEM_USER *originator;
@@ -171,7 +174,7 @@ typedef struct pem_ctx_st
 	int num_recipient;
 	PEM_USER **recipient;
 
-#ifndef NO_STACK
+#ifndef OPENSSL_NO_STACK
 	STACK *x509_chain;	/* certificate chain */
 #else
 	char *x509_chain;	/* certificate chain */
@@ -185,7 +188,8 @@ typedef struct pem_ctx_st
 	EVP_CIPHER *dec;	/* date encryption cipher */
 	int key_len;		/* key length */
 	unsigned char *key;	/* key */
-	unsigned char iv[8];	/* the iv */
+	/* unused, and wrong size
+	   unsigned char iv[8]; */
 
 	
 	int  data_enc;		/* is the data encrypted */
@@ -198,7 +202,7 @@ typedef struct pem_ctx_st
  * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
  */
 
-#ifdef NO_FP_API
+#ifdef OPENSSL_NO_FP_API
 
 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
@@ -275,7 +279,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 
 /* These are the same except they are for the declarations */
 
-#if defined(WIN16) || defined(NO_FP_API)
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
 
 #define DECLARE_PEM_read_fp(name, type) /**/
 #define DECLARE_PEM_write_fp(name, type) /**/
@@ -295,7 +299,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #define DECLARE_PEM_read_bio(name, type) \
 	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
 
@@ -483,11 +487,13 @@ int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
 	pem_password_cb *callback,void *u);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int	PEM_read_bio(BIO *bp, char **name, char **header,
 		unsigned char **data,long *len);
 int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
 		long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+	     pem_password_cb *cb, void *u);
 char *	PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
 		pem_password_cb *cb, void *u);
 int	PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
@@ -498,7 +504,7 @@ int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
 		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
 
-#ifndef WIN16
+#ifndef OPENSSL_SYS_WIN16
 int	PEM_read(FILE *fp, char **name, char **header,
 		unsigned char **data,long *len);
 int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
@@ -524,6 +530,7 @@ void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
 int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
 		unsigned int *siglen, EVP_PKEY *pkey);
 
+int	PEM_def_callback(char *buf, int num, int w, void *key);
 void	PEM_proc_type(char *buf, int type);
 void	PEM_dek_info(char *buf, const char *type, int len, char *str);
 
@@ -548,7 +555,7 @@ DECLARE_PEM_rw(PKCS8, X509_SIG)
 
 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 
 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
 
@@ -557,7 +564,7 @@ DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 
 DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 
@@ -567,7 +574,7 @@ DECLARE_PEM_rw(DSAparams, DSA)
 
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 
 DECLARE_PEM_rw(DHparams, DH)
 
diff --git a/crypto/openssl/crypto/pem/pem_all.c b/crypto/openssl/crypto/pem/pem_all.c
index dc9c35b..e72b713 100644
--- a/crypto/openssl/crypto/pem/pem_all.c
+++ b/crypto/openssl/crypto/pem/pem_all.c
@@ -65,17 +65,13 @@
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
 #endif
 
-IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
-
-IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
-
 IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
 IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
@@ -87,11 +83,8 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
 					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 
-IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
-IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
-							 PKCS8_PRIV_KEY_INFO)
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 
 /* We treat RSA or DSA private keys as a special case.
  *
@@ -123,7 +116,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
 	return pkey_get_rsa(pktmp, rsa);
 }
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 
 RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 								void *u)
@@ -141,7 +134,7 @@ IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 
 static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
 {
@@ -168,7 +161,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
 IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 
 DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
 								void *u)
@@ -184,7 +177,7 @@ IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 
 IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 
@@ -197,7 +190,7 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
  * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
  * appropriate.)
  */
-IMPLEMENT_PEM_read(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
 IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
 
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
+
diff --git a/crypto/openssl/crypto/pem/pem_err.c b/crypto/openssl/crypto/pem/pem_err.c
index 8b1789b..3b39b84 100644
--- a/crypto/openssl/crypto/pem/pem_err.c
+++ b/crypto/openssl/crypto/pem/pem_err.c
@@ -63,7 +63,7 @@
 #include <openssl/pem.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PEM_str_functs[]=
 	{
 {ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0),	"d2i_PKCS8PrivateKey_bio"},
@@ -122,7 +122,7 @@ void ERR_load_PEM_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c
index ef02599..9e4af29 100644
--- a/crypto/openssl/crypto/pem/pem_info.c
+++ b/crypto/openssl/crypto/pem/pem_info.c
@@ -64,7 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
 	{
         BIO *b;
@@ -111,7 +111,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
 		i=PEM_read_bio(bp,&name,&header,&data,&len);
 		if (i == 0)
 			{
-			error=ERR_GET_REASON(ERR_peek_error());
+			error=ERR_GET_REASON(ERR_peek_last_error());
 			if (error == PEM_R_NO_START_LINE)
 				{
 				ERR_clear_error();
@@ -155,7 +155,7 @@ start:
 			pp=(char **)&(xi->crl);
 			}
 		else
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			if (strcmp(name,PEM_STRING_RSA) == 0)
 			{
 			d2i=(char *(*)())d2i_RSAPrivateKey;
@@ -179,7 +179,7 @@ start:
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (strcmp(name,PEM_STRING_DSA) == 0)
 			{
 			d2i=(char *(*)())d2i_DSAPrivateKey;
@@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 				}
 
 			/* create the right magic header stuff */
+			OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 			buf[0]='\0';
 			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
 			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
@@ -335,7 +336,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 		else
 			{
 			/* Add DSA/DH */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			/* normal optionally encrypted stuff */
 			if (PEM_write_bio_RSAPrivateKey(bp,
 				xi->x_pkey->dec_pkey->pkey.rsa,
@@ -358,7 +359,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 	ret=1;
 
 err:
-	memset((char *)&ctx,0,sizeof(ctx));
-	memset(buf,0,PEM_BUFSIZE);
+	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+	OPENSSL_cleanse(buf,PEM_BUFSIZE);
 	return(ret);
 	}
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
index 01759f7..70b5446 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -65,7 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
 
@@ -73,21 +73,12 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH	4
 
-static int def_callback(char *buf, int num, int w, void *userdata);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
-				int nid, const EVP_CIPHER *enc,
-				char *kstr, int klen,
-				pem_password_cb *cb, void *u);
-static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
-				int nid, const EVP_CIPHER *enc,
-				char *kstr, int klen,
-				pem_password_cb *cb, void *u);
-
-static int def_callback(char *buf, int num, int w, void *key)
+
+int PEM_def_callback(char *buf, int num, int w, void *key)
 	{
-#ifdef NO_FP_API
+#ifdef OPENSSL_NO_FP_API
 	/* We should not ever call the default callback routine from
 	 * windows. */
 	PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -147,7 +138,7 @@ void PEM_proc_type(char *buf, int type)
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
 	{
-	static unsigned char map[17]="0123456789ABCDEF";
+	static const unsigned char map[17]="0123456789ABCDEF";
 	long i;
 	int j;
 
@@ -164,7 +155,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
 	buf[j+i*2+1]='\0';
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
 	     pem_password_cb *cb, void *u)
 	{
@@ -224,14 +215,14 @@ static int check_pem(const char *nm, const char *name)
 	return 0;
 }
 
-char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
 	     pem_password_cb *cb, void *u)
 	{
 	EVP_CIPHER_INFO cipher;
 	char *nm=NULL,*header=NULL;
-	unsigned char *p=NULL,*data=NULL;
+	unsigned char *data=NULL;
 	long len;
-	char *ret=NULL;
+	int ret = 0;
 
 	for (;;)
 		{
@@ -239,7 +230,7 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
 			if(ERR_GET_REASON(ERR_peek_error()) ==
 				PEM_R_NO_START_LINE)
 				ERR_add_error_data(2, "Expecting: ", name);
-			return(NULL);
+			return 0;
 		}
 		if(check_pem(nm, name)) break;
 		OPENSSL_free(nm);
@@ -248,55 +239,23 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
 		}
 	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
 	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
-	p=data;
-	if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
-		if (strcmp(nm,PEM_STRING_RSA) == 0)
-			ret=d2i(EVP_PKEY_RSA,x,&p,len);
-		else if (strcmp(nm,PEM_STRING_DSA) == 0)
-			ret=d2i(EVP_PKEY_DSA,x,&p,len);
-		else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-			PKCS8_PRIV_KEY_INFO *p8inf;
-			p8inf=d2i_PKCS8_PRIV_KEY_INFO(
-					(PKCS8_PRIV_KEY_INFO **) x, &p, len);
-			if(!p8inf) goto p8err;
-			ret = (char *)EVP_PKCS82PKEY(p8inf);
-			PKCS8_PRIV_KEY_INFO_free(p8inf);
-		} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
-			PKCS8_PRIV_KEY_INFO *p8inf;
-			X509_SIG *p8;
-			int klen;
-			char psbuf[PEM_BUFSIZE];
-			p8 = d2i_X509_SIG(NULL, &p, len);
-			if(!p8) goto p8err;
-			if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-			else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
-			if (klen <= 0) {
-				PEMerr(PEM_F_PEM_ASN1_READ_BIO,
-						PEM_R_BAD_PASSWORD_READ);
-				goto err;
-			}
-			p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
-			X509_SIG_free(p8);
-			if(!p8inf) goto p8err;
-			ret = (char *)EVP_PKCS82PKEY(p8inf);
-			if(x) {
-				if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-				*x = ret;
-			}
-			PKCS8_PRIV_KEY_INFO_free(p8inf);
-		}
-	} else	ret=d2i(x,&p,len);
-p8err:
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+
+	*pdata = data;
+	*plen = len;
+
+	if (pnm)
+		*pnm = nm;
+
+	ret = 1;
+
 err:
-	OPENSSL_free(nm);
+	if (!ret || !pnm) OPENSSL_free(nm);
 	OPENSSL_free(header);
-	OPENSSL_free(data);
-	return(ret);
+	if (!ret) OPENSSL_free(data);
+	return ret;
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
 	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
 	     pem_password_cb *callback, void *u)
@@ -345,6 +304,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 		goto err;
 		}
 	/* dzise + 8 bytes are needed */
+	/* actually it needs the cipher block size extra... */
 	data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
 	if (data == NULL)
 		{
@@ -359,7 +319,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 		if (kstr == NULL)
 			{
 			if (callback == NULL)
-				klen=def_callback(buf,PEM_BUFSIZE,1,u);
+				klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
 			else
 				klen=(*callback)(buf,PEM_BUFSIZE,1,u);
 			if (klen <= 0)
@@ -374,22 +334,27 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 			kstr=(unsigned char *)buf;
 			}
 		RAND_add(data,i,0);/* put in the RSA key. */
+		OPENSSL_assert(enc->iv_len <= sizeof iv);
 		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
 			goto err;
 		/* The 'iv' is used as the iv and as a salt.  It is
 		 * NOT taken from the BytesToKey function */
 		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+
+		OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 
 		buf[0]='\0';
 		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
 		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
 		/* k=strlen(buf); */
-	
-		EVP_EncryptInit(&ctx,enc,key,iv);
+
+		EVP_CIPHER_CTX_init(&ctx);
+		EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
 		EVP_EncryptUpdate(&ctx,data,&j,data,i);
-		EVP_EncryptFinal(&ctx,&(data[j]),&i);
+		EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		i+=j;
 		ret=1;
 		}
@@ -401,12 +366,15 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 	i=PEM_write_bio(bp,name,buf,data,i);
 	if (i <= 0) ret=0;
 err:
-	memset(key,0,sizeof(key));
-	memset(iv,0,sizeof(iv));
-	memset((char *)&ctx,0,sizeof(ctx));
-	memset(buf,0,PEM_BUFSIZE);
-	memset(data,0,(unsigned int)dsize);
-	OPENSSL_free(data);
+	OPENSSL_cleanse(key,sizeof(key));
+	OPENSSL_cleanse(iv,sizeof(iv));
+	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+	if (data != NULL)
+		{
+		OPENSSL_cleanse(data,(unsigned int)dsize);
+		OPENSSL_free(data);
+		}
 	return(ret);
 	}
 
@@ -423,7 +391,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
 
 	if (cipher->cipher == NULL) return(1);
 	if (callback == NULL)
-		klen=def_callback(buf,PEM_BUFSIZE,0,u);
+		klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
 	else
 		klen=callback(buf,PEM_BUFSIZE,0,u);
 	if (klen <= 0)
@@ -440,12 +408,13 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
 		(unsigned char *)buf,klen,1,key,NULL);
 
 	j=(int)len;
-	EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
 	EVP_DecryptUpdate(&ctx,data,&i,data,j);
-	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
-	memset((char *)buf,0,sizeof(buf));
-	memset((char *)key,0,sizeof(key));
+	OPENSSL_cleanse((char *)buf,sizeof(buf));
+	OPENSSL_cleanse((char *)key,sizeof(key));
 	j+=i;
 	if (!o)
 		{
@@ -541,7 +510,7 @@ static int load_iv(unsigned char **fromp, unsigned char *to, int num)
 	return(1);
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
 	     long len)
         {
@@ -615,7 +584,7 @@ err:
 	return(0);
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
 	     long *len)
         {
@@ -726,7 +695,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
 			if (strncmp(buf,"-----END ",9) == 0)
 				break;
 			if (i > 65) break;
-			if (!BUF_MEM_grow(dataB,i+bl+9))
+			if (!BUF_MEM_grow_clean(dataB,i+bl+9))
 				{
 				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -795,170 +764,3 @@ err:
 	BUF_MEM_free(dataB);
 	return(0);
 	}
-
-/* These functions write a private key in PKCS#8 format: it is a "drop in"
- * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
- * is NULL then it uses the unencrypted private key form. The 'nid' versions
- * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
- */
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	X509_SIG *p8;
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	char buf[PEM_BUFSIZE];
-	int ret;
-	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
-		PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
-					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-		return 0;
-	}
-	if(enc || (nid != -1)) {
-		if(!kstr) {
-			if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
-			else klen = cb(buf, PEM_BUFSIZE, 1, u);
-			if(klen <= 0) {
-				PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
-								PEM_R_READ_KEY);
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				return 0;
-			}
-				
-			kstr = buf;
-		}
-		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-		if(kstr == buf) memset(buf, 0, klen);
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-		if(isder) ret = i2d_PKCS8_bio(bp, p8);
-		else ret = PEM_write_bio_PKCS8(bp, p8);
-		X509_SIG_free(p8);
-		return ret;
-	} else {
-		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-		return ret;
-	}
-}
-
-/* Finally the DER version to read PKCS#8 encrypted private keys. It has to be
- * here to access the default callback.
- */
-
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-	X509_SIG *p8 = NULL;
-	int klen;
-	EVP_PKEY *ret;
-	char psbuf[PEM_BUFSIZE];
-	p8 = d2i_PKCS8_bio(bp, NULL);
-	if(!p8) return NULL;
-	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-	else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
-	if (klen <= 0) {
-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
-		X509_SIG_free(p8);
-		return NULL;	
-	}
-	p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
-	X509_SIG_free(p8);
-	if(!p8inf) return NULL;
-	ret = EVP_PKCS82PKEY(p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	if(!ret) return NULL;
-	if(x) {
-		if(*x) EVP_PKEY_free(*x);
-		*x = ret;
-	}
-	return ret;
-}
-
-#ifndef NO_FP_API
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-			      char *kstr, int klen, pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	BIO *bp;
-	int ret;
-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
-                return(0);
-	}
-	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
-	BIO_free(bp);
-	return ret;
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-	BIO *bp;
-	EVP_PKEY *ret;
-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
-                return NULL;
-	}
-	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
-	BIO_free(bp);
-	return ret;
-}
-
-#endif
diff --git a/crypto/openssl/crypto/pem/pem_oth.c b/crypto/openssl/crypto/pem/pem_oth.c
new file mode 100644
index 0000000..8d9064e
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_oth.c
@@ -0,0 +1,85 @@
+/* crypto/pem/pem_oth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* Handle 'other' PEMs: not private keys */
+
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+	     pem_password_cb *cb, void *u)
+	{
+	unsigned char *p=NULL,*data=NULL;
+	long len;
+	char *ret=NULL;
+
+	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+		return NULL;
+	p = data;
+	ret=d2i(x,&p,len);
+	if (ret == NULL)
+		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+	OPENSSL_free(data);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/pem/pem_pk8.c b/crypto/openssl/crypto/pem/pem_pk8.c
new file mode 100644
index 0000000..db38a2a
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_pk8.c
@@ -0,0 +1,243 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+				int nid, const EVP_CIPHER *enc,
+				char *kstr, int klen,
+				pem_password_cb *cb, void *u);
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+				int nid, const EVP_CIPHER *enc,
+				char *kstr, int klen,
+				pem_password_cb *cb, void *u);
+
+/* These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	char buf[PEM_BUFSIZE];
+	int ret;
+	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+		PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+		return 0;
+	}
+	if(enc || (nid != -1)) {
+		if(!kstr) {
+			if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+			else klen = cb(buf, PEM_BUFSIZE, 1, u);
+			if(klen <= 0) {
+				PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+								PEM_R_READ_KEY);
+				PKCS8_PRIV_KEY_INFO_free(p8inf);
+				return 0;
+			}
+				
+			kstr = buf;
+		}
+		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+		if(kstr == buf) OPENSSL_cleanse(buf, klen);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		if(isder) ret = i2d_PKCS8_bio(bp, p8);
+		else ret = PEM_write_bio_PKCS8(bp, p8);
+		X509_SIG_free(p8);
+		return ret;
+	} else {
+		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		return ret;
+	}
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+	X509_SIG *p8 = NULL;
+	int klen;
+	EVP_PKEY *ret;
+	char psbuf[PEM_BUFSIZE];
+	p8 = d2i_PKCS8_bio(bp, NULL);
+	if(!p8) return NULL;
+	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+	else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+	if (klen <= 0) {
+		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+		X509_SIG_free(p8);
+		return NULL;	
+	}
+	p8inf = PKCS8_decrypt(p8, psbuf, klen);
+	X509_SIG_free(p8);
+	if(!p8inf) return NULL;
+	ret = EVP_PKCS82PKEY(p8inf);
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	if(!ret) return NULL;
+	if(x) {
+		if(*x) EVP_PKEY_free(*x);
+		*x = ret;
+	}
+	return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+			      char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	BIO *bp;
+	int ret;
+	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
+                return(0);
+	}
+	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+	BIO_free(bp);
+	return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+	BIO *bp;
+	EVP_PKEY *ret;
+	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
+                return NULL;
+	}
+	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+	BIO_free(bp);
+	return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+							 PKCS8_PRIV_KEY_INFO)
diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/openssl/crypto/pem/pem_pkey.c
new file mode 100644
index 0000000..d96ecf6
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_pkey.c
@@ -0,0 +1,140 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+	{
+	char *nm=NULL;
+	unsigned char *p=NULL,*data=NULL;
+	long len;
+	EVP_PKEY *ret=NULL;
+
+	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+		return NULL;
+	p = data;
+
+	if (strcmp(nm,PEM_STRING_RSA) == 0)
+		ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
+	else if (strcmp(nm,PEM_STRING_DSA) == 0)
+		ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
+	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+		PKCS8_PRIV_KEY_INFO *p8inf;
+		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+		if(!p8inf) goto p8err;
+		ret = EVP_PKCS82PKEY(p8inf);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+		PKCS8_PRIV_KEY_INFO *p8inf;
+		X509_SIG *p8;
+		int klen;
+		char psbuf[PEM_BUFSIZE];
+		p8 = d2i_X509_SIG(NULL, &p, len);
+		if(!p8) goto p8err;
+		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+		else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+		if (klen <= 0) {
+			PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+					PEM_R_BAD_PASSWORD_READ);
+			goto err;
+		}
+		p8inf = PKCS8_decrypt(p8, psbuf, klen);
+		X509_SIG_free(p8);
+		if(!p8inf) goto p8err;
+		ret = EVP_PKCS82PKEY(p8inf);
+		if(x) {
+			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+			*x = ret;
+		}
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+	}
+p8err:
+	if (ret == NULL)
+		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+err:
+	OPENSSL_free(nm);
+	OPENSSL_free(data);
+	return(ret);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+	{
+        BIO *b;
+        EVP_PKEY *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_read_bio_PrivateKey(b,x,cb,u);
+        BIO_free(b);
+        return(ret);
+	}
+#endif
diff --git a/crypto/openssl/crypto/pem/pem_seal.c b/crypto/openssl/crypto/pem/pem_seal.c
index 2a6c513..56e08ab 100644
--- a/crypto/openssl/crypto/pem/pem_seal.c
+++ b/crypto/openssl/crypto/pem/pem_seal.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
@@ -91,10 +91,13 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
 		goto err;
 		}
 
-	EVP_EncodeInit(&(ctx->encode));
-	EVP_SignInit(&(ctx->md),md_type);
+	EVP_EncodeInit(&ctx->encode);
 
-	ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk);
+	EVP_MD_CTX_init(&ctx->md);
+	EVP_SignInit(&ctx->md,md_type);
+
+	EVP_CIPHER_CTX_init(&ctx->cipher);
+	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
 	if (!ret) goto err;
 
 	/* base64 encode the keys */
@@ -109,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
 	ret=npubk;
 err:
 	if (s != NULL) OPENSSL_free(s);
-	memset(key,0,EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
 	return(ret);
 	}
 
@@ -120,7 +123,7 @@ void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
 	int i,j;
 
 	*outl=0;
-	EVP_SignUpdate(&(ctx->md),in,inl);
+	EVP_SignUpdate(&ctx->md,in,inl);
 	for (;;)
 		{
 		if (inl <= 0) break;
@@ -128,8 +131,8 @@ void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
 			i=1200;
 		else
 			i=inl;
-		EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i);
-		EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j);
+		EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
+		EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
 		*outl+=j;
 		out+=j;
 		in+=i;
@@ -158,24 +161,24 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
 		goto err;
 		}
 
-	EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i);
-	EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i);
+	EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
 	*outl=j;
 	out+=j;
-	EVP_EncodeFinal(&(ctx->encode),out,&j);
+	EVP_EncodeFinal(&ctx->encode,out,&j);
 	*outl+=j;
 
-	if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err;
+	if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
 	*sigl=EVP_EncodeBlock(sig,s,i);
 
 	ret=1;
 err:
-	memset((char *)&(ctx->md),0,sizeof(ctx->md));
-	memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher));
+	EVP_MD_CTX_cleanup(&ctx->md);
+	EVP_CIPHER_CTX_cleanup(&ctx->cipher);
 	if (s != NULL) OPENSSL_free(s);
 	return(ret);
 	}
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/crypto/pem/pem_sign.c b/crypto/openssl/crypto/pem/pem_sign.c
index 42d598d..c3b9808 100644
--- a/crypto/openssl/crypto/pem/pem_sign.c
+++ b/crypto/openssl/crypto/pem/pem_sign.c
@@ -66,7 +66,7 @@
 
 void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
-	EVP_DigestInit(ctx,type);
+	EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
 void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
diff --git a/crypto/openssl/crypto/pem/pem_x509.c b/crypto/openssl/crypto/pem/pem_x509.c
new file mode 100644
index 0000000..19f88d8
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_x509.c
@@ -0,0 +1,69 @@
+/* pem_x509.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
+
diff --git a/crypto/openssl/crypto/pem/pem_xaux.c b/crypto/openssl/crypto/pem/pem_xaux.c
new file mode 100644
index 0000000..2f579b5
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_xaux.c
@@ -0,0 +1,68 @@
+/* pem_xaux.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
diff --git a/crypto/openssl/crypto/perlasm/cbc.pl b/crypto/openssl/crypto/perlasm/cbc.pl
index 0145c4f..22149c6 100644
--- a/crypto/openssl/crypto/perlasm/cbc.pl
+++ b/crypto/openssl/crypto/perlasm/cbc.pl
@@ -146,9 +146,15 @@ sub cbc
 	&mov($count,	&wparam(2));	# length
 	&and($count,	7);
 	&jz(&label("finish"));
+	&call(&label("PIC_point"));
+&set_label("PIC_point");
+	&blindpop("edx");
+	&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
+	&mov($count,&DWP(0,"ecx",$count,4))
+	&add($count,"edx");
 	&xor("ecx","ecx");
 	&xor("edx","edx");
-	&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+	#&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
 	&jmp_ptr($count);
 
 &set_label("ej7");
@@ -318,22 +324,23 @@ sub cbc
 
 	&set_label("cbc_enc_jmp_table",1);
 	&data_word("0");
-	&data_word(&label("ej1"));
-	&data_word(&label("ej2"));
-	&data_word(&label("ej3"));
-	&data_word(&label("ej4"));
-	&data_word(&label("ej5"));
-	&data_word(&label("ej6"));
-	&data_word(&label("ej7"));
-	&set_label("cbc_dec_jmp_table",1);
-	&data_word("0");
-	&data_word(&label("dj1"));
-	&data_word(&label("dj2"));
-	&data_word(&label("dj3"));
-	&data_word(&label("dj4"));
-	&data_word(&label("dj5"));
-	&data_word(&label("dj6"));
-	&data_word(&label("dj7"));
+	&data_word(&label("ej1")."-".&label("PIC_point"));
+	&data_word(&label("ej2")."-".&label("PIC_point"));
+	&data_word(&label("ej3")."-".&label("PIC_point"));
+	&data_word(&label("ej4")."-".&label("PIC_point"));
+	&data_word(&label("ej5")."-".&label("PIC_point"));
+	&data_word(&label("ej6")."-".&label("PIC_point"));
+	&data_word(&label("ej7")."-".&label("PIC_point"));
+	# not used
+	#&set_label("cbc_dec_jmp_table",1);
+	#&data_word("0");
+	#&data_word(&label("dj1")."-".&label("PIC_point"));
+	#&data_word(&label("dj2")."-".&label("PIC_point"));
+	#&data_word(&label("dj3")."-".&label("PIC_point"));
+	#&data_word(&label("dj4")."-".&label("PIC_point"));
+	#&data_word(&label("dj5")."-".&label("PIC_point"));
+	#&data_word(&label("dj6")."-".&label("PIC_point"));
+	#&data_word(&label("dj7")."-".&label("PIC_point"));
 
 	&function_end_B($name);
 	
diff --git a/crypto/openssl/crypto/perlasm/x86asm.pl b/crypto/openssl/crypto/perlasm/x86asm.pl
index 81c6e64..9a3d85b 100644
--- a/crypto/openssl/crypto/perlasm/x86asm.pl
+++ b/crypto/openssl/crypto/perlasm/x86asm.pl
@@ -87,6 +87,12 @@ $tmp
 #ifdef OUT
 #define OK	1
 #define ALIGN	4
+#if defined(__CYGWIN__) || defined(__DJGPP__)
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif /* __CYGWIN || __DJGPP */
 #endif
 
 #if defined(BSDI) && !defined(ELF)
diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/openssl/crypto/perlasm/x86ms.pl
index 2064523..abcb7c1 100644
--- a/crypto/openssl/crypto/perlasm/x86ms.pl
+++ b/crypto/openssl/crypto/perlasm/x86ms.pl
@@ -92,6 +92,8 @@ sub get_mem
 		$addr="_$addr";
 		}
 
+	if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	if (($addr ne "") && ($addr ne 0))
@@ -111,6 +113,7 @@ sub get_mem
 		{
 		$ret.="[$reg1$post]"
 		}
+	$ret =~ s/\[\]//;	# in case $addr was the only argument
 	return($ret);
 	}
 
@@ -151,7 +154,7 @@ sub main'push	{ &out1("push",@_); $stack+=4; }
 sub main'pop	{ &out1("pop",@_); $stack-=4; }
 sub main'bswap	{ &out1("bswap",@_); &using486(); }
 sub main'not	{ &out1("not",@_); }
-sub main'call	{ &out1("call",'_'.$_[0]); }
+sub main'call	{ &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 
@@ -338,7 +341,7 @@ sub main'set_label
 	{
 	if (!defined($label{$_[0]}))
 		{
-		$label{$_[0]}="${label}${_[0]}";
+		$label{$_[0]}="\$${label}${_[0]}";
 		$label++;
 		}
 	if((defined $_[2]) && ($_[2] == 1))
@@ -363,3 +366,5 @@ sub out1p
 
 	push(@out,"\t$name\t ".&conv($p1)."\n");
 	}
+
+sub main'blindpop { &out1("pop",@_); }
diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl
index 519d8a5..7965561 100644
--- a/crypto/openssl/crypto/perlasm/x86nasm.pl
+++ b/crypto/openssl/crypto/perlasm/x86nasm.pl
@@ -98,6 +98,8 @@ sub get_mem
 		$addr="_$addr";
 		}
 
+	if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	if (($addr ne "") && ($addr ne 0))
@@ -117,6 +119,7 @@ sub get_mem
 		{
 		$ret.="$reg1$post]"
 		}
+	$ret =~ s/\+\]/]/; # in case $addr was the only argument
 	return($ret);
 	}
 
@@ -160,7 +163,7 @@ sub main'push	{ &out1("push",@_); $stack+=4; }
 sub main'pop	{ &out1("pop",@_); $stack-=4; }
 sub main'bswap	{ &out1("bswap",@_); &using486(); }
 sub main'not	{ &out1("not",@_); }
-sub main'call	{ &out1("call",'_'.$_[0]); }
+sub main'call	{ &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 
@@ -322,7 +325,7 @@ sub main'set_label
 	{
 	if (!defined($label{$_[0]}))
 		{
-		$label{$_[0]}="${label}${_[0]}";
+		$label{$_[0]}="\$${label}${_[0]}";
 		$label++;
 		}
 	push(@out,"$label{$_[0]}:\n");
@@ -340,3 +343,5 @@ sub out1p
 
 	push(@out,"\t$name\t ".&conv($p1)."\n");
 	}
+
+sub main'blindpop { &out1("pop",@_); }
diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/openssl/crypto/perlasm/x86unix.pl
index 10a7af8..3ad889f 100644
--- a/crypto/openssl/crypto/perlasm/x86unix.pl
+++ b/crypto/openssl/crypto/perlasm/x86unix.pl
@@ -3,6 +3,8 @@
 package x86unix;
 
 $label="L000";
+$const="";
+$constl=0;
 
 $align=($main'aout)?"4":"16";
 $under=($main'aout)?"_":"";
@@ -85,12 +87,12 @@ sub main'DWP
 	$ret.=$addr if ($addr ne "") && ($addr ne 0);
 	if ($reg2 ne "")
 		{
-		if($idx ne "")
+		if($idx ne "" && $idx != 0)
 		    { $ret.="($reg1,$reg2,$idx)"; }
 		else
 		    { $ret.="($reg1,$reg2)"; }
 	        }
-	else
+	elsif ($reg1 ne "")
 		{ $ret.="($reg1)" }
 	return($ret);
 	}
@@ -162,8 +164,10 @@ sub main'dec	{ &out1("decl",@_); }
 sub main'inc	{ &out1("incl",@_); }
 sub main'push	{ &out1("pushl",@_); $stack+=4; }
 sub main'pop	{ &out1("popl",@_); $stack-=4; }
+sub main'pushf	{ &out0("pushf"); $stack+=4; }
+sub main'popf	{ &out0("popf"); $stack-=4; }
 sub main'not	{ &out1("notl",@_); }
-sub main'call	{ &out1("call",$under.$_[0]); }
+sub main'call	{ &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 
@@ -344,6 +348,7 @@ sub main'function_end
 .${func}_end:
 EOF
 	push(@out,$tmp);
+
 	if ($main'cpp)
 		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
 	elsif ($main'gaswin)
@@ -453,9 +458,106 @@ sub main'set_label
 
 sub main'file_end
 	{
+	if ($const ne "")
+		{
+		push(@out,".section .rodata\n");
+		push(@out,$const);
+		$const="";
+		}
 	}
 
 sub main'data_word
 	{
 	push(@out,"\t.long $_[0]\n");
 	}
+
+# debug output functions: puts, putx, printf
+
+sub main'puts
+	{
+	&pushvars();
+	&main'push('$Lstring' . ++$constl);
+	&main'call('puts');
+	$stack-=4;
+	&main'add("esp",4);
+	&popvars();
+
+	$const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";
+	}
+
+sub main'putx
+	{
+	&pushvars();
+	&main'push($_[0]);
+	&main'push('$Lstring' . ++$constl);
+	&main'call('printf');
+	&main'add("esp",8);
+	$stack-=8;
+	&popvars();
+
+	$const .= "Lstring$constl:\n\t.string \"\%X\"\n";
+	}
+
+sub main'printf
+	{
+	$ostack = $stack;
+	&pushvars();
+	for ($i = @_ - 1; $i >= 0; $i--)
+		{
+		if ($i == 0) # change this to support %s format strings
+			{
+			&main'push('$Lstring' . ++$constl);
+			$const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";
+			}
+		else
+			{
+			if ($_[$i] =~ /([0-9]*)\(%esp\)/)
+				{
+				&main'push(($1 + $stack - $ostack) . '(%esp)');
+				}
+			else
+				{
+				&main'push($_[$i]);
+				}
+			}
+		}
+	&main'call('printf');
+	$stack-=4*@_;
+	&main'add("esp",4*@_);
+	&popvars();
+	}
+
+sub pushvars
+	{
+	&main'pushf();
+	&main'push("edx");
+	&main'push("ecx");
+	&main'push("eax");
+	}
+
+sub popvars
+	{
+	&main'pop("eax");
+	&main'pop("ecx");
+	&main'pop("edx");
+	&main'popf();
+	}
+
+sub main'picmeup
+	{
+	local($dst,$sym)=@_;
+	local($tmp)=<<___;
+#if (defined(ELF) || defined(SOL)) && defined(PIC)
+	.align	8
+	call	1f
+1:	popl	$regs{$dst}
+	addl	\$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst}
+	movl	$sym\@GOT($regs{$dst}),$regs{$dst}
+#else
+	leal	$sym,$regs{$dst}
+#endif
+___
+	push(@out,$tmp);
+	}
+
+sub main'blindpop { &out1("popl",@_); }
diff --git a/crypto/openssl/crypto/pkcs12/Makefile.ssl b/crypto/openssl/crypto/pkcs12/Makefile.ssl
index c92dd27..b4c5642 100644
--- a/crypto/openssl/crypto/pkcs12/Makefile.ssl
+++ b/crypto/openssl/crypto/pkcs12/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	pkcs12
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -22,12 +23,12 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
-	p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c\
-	p12_sbag.c p12_utl.c p12_npas.c pk12err.c
-LIBOBJ= p12_add.o p12_attr.o p12_bags.o p12_crpt.o p12_crt.o p12_decr.o \
-	p12_init.o p12_key.o p12_kiss.o p12_lib.o p12_mac.o p12_mutl.o\
-	p12_sbag.o p12_utl.o p12_npas.o pk12err.o
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+	p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+	p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+	p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+	p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
 
 SRC= $(LIBSRC)
 
@@ -45,8 +46,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -74,7 +74,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -85,247 +85,232 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
+p12_add.o: ../../e_os.h ../../include/openssl/aes.h
 p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_add.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_add.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_add.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_add.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_add.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_add.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_add.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/aes.h
+p12_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p12_asn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_asn.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_asn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_asn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_asn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_asn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_asn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_asn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/aes.h
 p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_attr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_attr.o: ../../include/openssl/opensslconf.h
-p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_attr.o: ../cryptlib.h
-p12_bags.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p12_bags.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p12_bags.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p12_bags.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p12_bags.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p12_bags.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p12_bags.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p12_bags.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_bags.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p12_bags.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p12_bags.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p12_bags.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_bags.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_bags.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_bags.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_bags.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_bags.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_bags.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_bags.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_bags.o: ../cryptlib.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_attr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/aes.h
 p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_crpt.o: ../../include/openssl/opensslconf.h
-p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_crpt.o: ../cryptlib.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/aes.h
 p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_crt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_crt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_crt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_crt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_crt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_crt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/aes.h
 p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_decr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_decr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_decr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_decr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_decr.o: ../../include/openssl/opensslconf.h
-p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_decr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_decr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_decr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_decr.o: ../cryptlib.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_decr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_decr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/aes.h
 p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_init.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_init.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_init.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_init.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_init.o: ../../include/openssl/opensslconf.h
-p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_init.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_init.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_init.o: ../cryptlib.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_init.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_init.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/aes.h
 p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_key.o: ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/aes.h
 p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_kiss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_kiss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_kiss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_kiss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_kiss.o: ../../include/openssl/opensslconf.h
-p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_kiss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_kiss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_kiss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_kiss.o: ../cryptlib.h
-p12_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p12_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p12_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p12_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p12_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p12_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p12_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p12_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p12_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p12_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p12_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_lib.o: ../cryptlib.h
-p12_mac.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p12_mac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p12_mac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p12_mac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p12_mac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p12_mac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p12_mac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p12_mac.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_mac.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p12_mac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p12_mac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p12_mac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_mac.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_mac.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_mac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_mac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_mac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_mac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_mac.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_mac.o: ../cryptlib.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_kiss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_kiss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/aes.h
 p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_mutl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_mutl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_mutl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
 p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p12_mutl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_mutl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p12_mutl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_mutl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p12_npas.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p12_npas.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p12_mutl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_mutl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_mutl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mutl.o: ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p12_npas.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p12_npas.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
@@ -333,57 +318,87 @@ p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p12_npas.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p12_npas.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-p12_npas.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-p12_npas.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_npas.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_npas.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p12_sbag.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p12_sbag.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p12_sbag.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p12_sbag.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p12_sbag.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_sbag.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p12_sbag.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p12_sbag.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p12_sbag.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_sbag.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_sbag.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_sbag.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_sbag.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_sbag.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_sbag.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_sbag.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_sbag.o: ../cryptlib.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_npas.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_npas.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8e.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8e.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8e.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8e.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8e.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8e.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/aes.h
 p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p12_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p12_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 p12_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-pk12err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-pk12err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk12err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 pk12err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
@@ -391,10 +406,12 @@ pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 pk12err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 pk12err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pk12err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk12err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk12err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_add.c b/crypto/openssl/crypto/pkcs12/p12_add.c
index b563656..1909f28 100644
--- a/crypto/openssl/crypto/pkcs12/p12_add.c
+++ b/crypto/openssl/crypto/pkcs12/p12_add.c
@@ -62,21 +62,21 @@
 
 /* Pack an object into an OCTET STRING and turn into a safebag */
 
-PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
 	     int nid2)
 {
 	PKCS12_BAGS *bag;
 	PKCS12_SAFEBAG *safebag;
-	if (!(bag = PKCS12_BAGS_new ())) {
+	if (!(bag = PKCS12_BAGS_new())) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 	bag->type = OBJ_nid2obj(nid1);
-	if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
+	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	if (!(safebag = PKCS12_SAFEBAG_new ())) {
+	if (!(safebag = PKCS12_SAFEBAG_new())) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -87,7 +87,7 @@ PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
 
 /* Turn PKCS8 object into a keybag */
 
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
 {
 	PKCS12_SAFEBAG *bag;
 	if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -101,14 +101,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
 
 /* Turn PKCS8 object into a shrouded keybag */
 
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
 	     int passlen, unsigned char *salt, int saltlen, int iter,
 	     PKCS8_PRIV_KEY_INFO *p8)
 {
 	PKCS12_SAFEBAG *bag;
 
 	/* Set up the safe bag */
-	if (!(bag = PKCS12_SAFEBAG_new ())) {
+	if (!(bag = PKCS12_SAFEBAG_new())) {
 		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 {
 	PKCS7 *p7;
 	if (!(p7 = PKCS7_new())) {
@@ -138,18 +138,23 @@ PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
 		return NULL;
 	}
 	
-	if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
-					  &p7->d.data->data,
-					  &p7->d.data->length)) {
+	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
 		return NULL;
 	}
 	return p7;
 }
 
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+	if(!PKCS7_type_is_data(p7)) return NULL;
+	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
 
-PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 			      unsigned char *salt, int saltlen, int iter,
 			      STACK_OF(PKCS12_SAFEBAG) *bags)
 {
@@ -164,7 +169,7 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
 				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
 		return NULL;
 	}
-	if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
+	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -172,8 +177,8 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
 	p7->d.encrypted->enc_data->algorithm = pbe;
 	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
 	if (!(p7->d.encrypted->enc_data->enc_data =
-	PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
-				 (char *)bags, 1))) {
+	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
+				 bags, 1))) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
 		return NULL;
 	}
@@ -181,38 +186,30 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
 	return p7;
 }
 
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-			 const char *pass, int passlen,
-			 unsigned char *salt, int saltlen, int iter,
-						PKCS8_PRIV_KEY_INFO *p8inf)
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
 {
-	X509_SIG *p8;
-	X509_ALGOR *pbe;
-
-	if (!(p8 = X509_SIG_new())) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
+	if(!PKCS7_type_is_encrypted(p7)) return NULL;
+	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+				   pass, passlen,
+			           p7->d.encrypted->enc_data->enc_data, 1);
+}
 
-	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
-	if(!pbe) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
-		goto err;
-	}
-	X509_ALGOR_free(p8->algor);
-	p8->algor = pbe;
-	M_ASN1_OCTET_STRING_free(p8->digest);
-	if (!(p8->digest = 
-	PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
-						 (char *)p8inf, 0))) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-		goto err;
-	}
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+								int passlen)
+{
+	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
 
-	return p8;
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
+{
+	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+		&p12->authsafes->d.data)) 
+			return 1;
+	return 0;
+}
 
-	err:
-	X509_SIG_free(p8);
-	return NULL;
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+{
+	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }
diff --git a/crypto/openssl/crypto/pkcs12/p12_asn.c b/crypto/openssl/crypto/pkcs12/p12_asn.c
new file mode 100644
index 0000000..a3739fe
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_asn.c
@@ -0,0 +1,125 @@
+/* p12_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+	ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+	ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+	ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+	ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+	ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+	ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+	ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+	ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+	ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+	ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+	ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+	ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+	ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+	ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+	ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+	ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+	ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
+
diff --git a/crypto/openssl/crypto/pkcs12/p12_attr.c b/crypto/openssl/crypto/pkcs12/p12_attr.c
index a16a97d..026cf38 100644
--- a/crypto/openssl/crypto/pkcs12/p12_attr.c
+++ b/crypto/openssl/crypto/pkcs12/p12_attr.c
@@ -62,156 +62,63 @@
 
 /* Add a local keyid to a safebag */
 
-int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
 	     int namelen)
 {
-	X509_ATTRIBUTE *attrib;
-	ASN1_BMPSTRING *oct;
-	ASN1_TYPE *keyid;
-	if (!(keyid = ASN1_TYPE_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	keyid->type = V_ASN1_OCTET_STRING;
-	if (!(oct = M_ASN1_OCTET_STRING_new())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if (!M_ASN1_OCTET_STRING_set(oct, name, namelen)) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	keyid->value.octet_string = oct;
-	if (!(attrib = X509_ATTRIBUTE_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	attrib->object = OBJ_nid2obj(NID_localKeyID);
-	if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	sk_ASN1_TYPE_push (attrib->value.set,keyid);
-	attrib->set = 1;
-	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+				V_ASN1_OCTET_STRING, name, namelen))
+		return 1;
+	else 
 		return 0;
-	}
-	sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
-	return 1;
 }
 
 /* Add key usage to PKCS#8 structure */
 
-int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
 {
-	X509_ATTRIBUTE *attrib;
-	ASN1_BIT_STRING *bstr;
-	ASN1_TYPE *keyid;
 	unsigned char us_val;
 	us_val = (unsigned char) usage;
-	if (!(keyid = ASN1_TYPE_new ())) {
-		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	keyid->type = V_ASN1_BIT_STRING;
-	if (!(bstr = M_ASN1_BIT_STRING_new())) {
-		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if (!M_ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
-		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	keyid->value.bit_string = bstr;
-	if (!(attrib = X509_ATTRIBUTE_new ())) {
-		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	attrib->object = OBJ_nid2obj(NID_key_usage);
-	if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
-		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+	if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+				V_ASN1_BIT_STRING, &us_val, 1))
+		return 1;
+	else
 		return 0;
-	}
-	sk_ASN1_TYPE_push (attrib->value.set,keyid);
-	attrib->set = 1;
-	if (!p8->attributes
-	    && !(p8->attributes = sk_X509_ATTRIBUTE_new_null ())) {
-		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
-	return 1;
 }
 
 /* Add a friendlyname to a safebag */
 
-int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
 				 int namelen)
 {
-	unsigned char *uniname;
-	int ret, unilen;
-	if (!asc2uni(name, namelen, &uniname, &unilen)) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
-							ERR_R_MALLOC_FAILURE);
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+				MBSTRING_ASC, (unsigned char *)name, namelen))
+		return 1;
+	else
 		return 0;
-	}
-	ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
-	OPENSSL_free(uniname);
-	return ret;
 }
-	
 
-int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
 				 const unsigned char *name, int namelen)
 {
-	X509_ATTRIBUTE *attrib;
-	ASN1_BMPSTRING *bmp;
-	ASN1_TYPE *fname;
-	/* Zap ending double null if included */
-	if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
-	if (!(fname = ASN1_TYPE_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-							ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	fname->type = V_ASN1_BMPSTRING;
-	if (!(bmp = M_ASN1_BMPSTRING_new())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-							ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if (!(bmp->data = OPENSSL_malloc (namelen))) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-							ERR_R_MALLOC_FAILURE);
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+				MBSTRING_BMP, name, namelen))
+		return 1;
+	else
 		return 0;
-	}
-	memcpy (bmp->data, name, namelen);
-	bmp->length = namelen;
-	fname->value.bmpstring = bmp;
-	if (!(attrib = X509_ATTRIBUTE_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-							ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	attrib->object = OBJ_nid2obj(NID_friendlyName);
-	if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
-							ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	sk_ASN1_TYPE_push (attrib->value.set,fname);
-	attrib->set = 1;
-	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
-		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-							ERR_R_MALLOC_FAILURE);
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+				 int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+				MBSTRING_ASC, (unsigned char *)name, namelen))
+		return 1;
+	else
 		return 0;
-	}
-	sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
-	return PKCS12_OK;
 }
 
-ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
 {
 	X509_ATTRIBUTE *attrib;
 	int i;
diff --git a/crypto/openssl/crypto/pkcs12/p12_crpt.c b/crypto/openssl/crypto/pkcs12/p12_crpt.c
index 7b96584..5e89586 100644
--- a/crypto/openssl/crypto/pkcs12/p12_crpt.c
+++ b/crypto/openssl/crypto/pkcs12/p12_crpt.c
@@ -64,19 +64,19 @@
 
 void PKCS12_PBE_add(void)
 {
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
 							 PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
 							 PKCS12_PBE_keyivgen);
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
 		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
 			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
 					EVP_sha1(), PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
@@ -85,7 +85,7 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 }
 
 int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
+		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
 {
 	PBEPARAM *pbe;
 	int saltlen, iter;
@@ -117,8 +117,8 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 		return 0;
 	}
 	PBEPARAM_free(pbe);
-	EVP_CipherInit(ctx, cipher, key, iv, en_de);
-	memset(key, 0, EVP_MAX_KEY_LENGTH);
-	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
 	return 1;
 }
diff --git a/crypto/openssl/crypto/pkcs12/p12_crt.c b/crypto/openssl/crypto/pkcs12/p12_crt.c
index a8f7b48..4c36c64 100644
--- a/crypto/openssl/crypto/pkcs12/p12_crt.c
+++ b/crypto/openssl/crypto/pkcs12/p12_crt.c
@@ -94,7 +94,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	}
 
 	/* Add user certificate */
-	if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL;
+	if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
 	if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
 	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
 	if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
@@ -108,7 +108,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	if(ca) {
 		for(i = 0; i < sk_X509_num(ca); i++) {
 			tcert = sk_X509_value(ca, i);
-			if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
+			if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
 			if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
 				PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 				return NULL;
@@ -152,7 +152,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
 	if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
 
-	if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
+	if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
 
 	sk_PKCS7_pop_free(safes, PKCS7_free);
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_decr.c b/crypto/openssl/crypto/pkcs12/p12_decr.c
index 8cd7e2f..b5684a8 100644
--- a/crypto/openssl/crypto/pkcs12/p12_decr.c
+++ b/crypto/openssl/crypto/pkcs12/p12_decr.c
@@ -68,7 +68,7 @@
  * OPENSSL_malloc'ed buffer
  */
 
-unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
+unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
 	     int passlen, unsigned char *in, int inlen, unsigned char **data,
 	     int *datalen, int en_de)
 {
@@ -76,47 +76,48 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
 	int outlen, i;
 	EVP_CIPHER_CTX ctx;
 
+	EVP_CIPHER_CTX_init(&ctx);
 	/* Decrypt data */
-        if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
+        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
 					 algor->parameter, &ctx, en_de)) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
 		return NULL;
 	}
 
-	if(!(out = OPENSSL_malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+	if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
+		goto err;
 	}
 
-	EVP_CipherUpdate (&ctx, out, &i, in, inlen);
+	EVP_CipherUpdate(&ctx, out, &i, in, inlen);
 	outlen = i;
-	if(!EVP_CipherFinal (&ctx, out + i, &i)) {
-		OPENSSL_free (out);
+	if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+		OPENSSL_free(out);
+		out = NULL;
 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
-		return NULL;
+		goto err;
 	}
 	outlen += i;
 	if (datalen) *datalen = outlen;
 	if (data) *data = out;
+	err:
+	EVP_CIPHER_CTX_cleanup(&ctx);
 	return out;
 
 }
 
 /* Decrypt an OCTET STRING and decode ASN1 structure 
- * if seq & 1 'obj' is a stack of structures to be encoded
- * if seq & 2 zero buffer after use
- * as a sequence.
+ * if zbuf set zero buffer after use.
  */
 
-char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
-	     void (*free_func)(void *), const char *pass, int passlen,
-	     ASN1_OCTET_STRING *oct, int seq)
+void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
 {
 	unsigned char *out, *p;
-	char *ret;
+	void *ret;
 	int outlen;
 
-	if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length,
+	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
 			       &out, &outlen, 0)) {
 		PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
 		return NULL;
@@ -134,53 +135,41 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
 		fclose(op);
 	}
 #endif
-	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
-				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	else ret = d2i(NULL, &p, outlen);
-	if (seq & 2) memset(out, 0, outlen);
+	ret = ASN1_item_d2i(NULL, &p, outlen, it);
+	if (zbuf) OPENSSL_cleanse(out, outlen);
 	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
-	OPENSSL_free (out);
+	OPENSSL_free(out);
 	return ret;
 }
 
 /* Encode ASN1 structure and encrypt, return OCTET STRING 
- * if 'seq' is non-zero 'obj' is a stack of structures to be encoded
- * as a sequence
+ * if zbuf set zero encoding.
  */
 
-ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
 				       const char *pass, int passlen,
-				       char *obj, int seq)
+				       void *obj, int zbuf)
 {
 	ASN1_OCTET_STRING *oct;
-	unsigned char *in, *p;
+	unsigned char *in = NULL;
 	int inlen;
 	if (!(oct = M_ASN1_OCTET_STRING_new ())) {
 		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE,
-						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
-	else inlen = i2d (obj, NULL);
-	if (!inlen) {
+	inlen = ASN1_item_i2d(obj, &in, it);
+	if (!in) {
 		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
 		return NULL;
 	}
-	if (!(in = OPENSSL_malloc (inlen))) {
-		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p = in;
-	if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE,
-						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
-	else i2d (obj, &p);
-	if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
+	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
 				 &oct->length, 1)) {
 		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
 		OPENSSL_free(in);
 		return NULL;
 	}
-	OPENSSL_free (in);
+	if (zbuf) OPENSSL_cleanse(in, inlen);
+	OPENSSL_free(in);
 	return oct;
 }
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_init.c b/crypto/openssl/crypto/pkcs12/p12_init.c
index d5d4884..eb837a7 100644
--- a/crypto/openssl/crypto/pkcs12/p12_init.c
+++ b/crypto/openssl/crypto/pkcs12/p12_init.c
@@ -69,15 +69,7 @@ PKCS12 *PKCS12_init (int mode)
 		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
 	ASN1_INTEGER_set(pkcs12->version, 3);
-	if (!(pkcs12->authsafes = PKCS7_new())) {
-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
 	pkcs12->authsafes->type = OBJ_nid2obj(mode);
 	switch (mode) {
 		case NID_pkcs7_data:
diff --git a/crypto/openssl/crypto/pkcs12/p12_key.c b/crypto/openssl/crypto/pkcs12/p12_key.c
index a4fd5b9..9196a34 100644
--- a/crypto/openssl/crypto/pkcs12/p12_key.c
+++ b/crypto/openssl/crypto/pkcs12/p12_key.c
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
 						 id, iter, n, out, md_type);
 	if(unipass) {
-		memset(unipass, 0, uniplen);	/* Clear password from memory */
+		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
 		OPENSSL_free(unipass);
 	}
 	return ret;
@@ -118,6 +118,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	}
 #endif
 
+	EVP_MD_CTX_init(&ctx);
 #ifdef  DEBUG_KEYGEN
 	fprintf(stderr, "KEYGEN DEBUG\n");
 	fprintf(stderr, "ID %d, ITER %d\n", id, iter);
@@ -147,14 +148,14 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
 	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
 	for (;;) {
-		EVP_DigestInit (&ctx, md_type);
-		EVP_DigestUpdate (&ctx, D, v);
-		EVP_DigestUpdate (&ctx, I, Ilen);
-		EVP_DigestFinal (&ctx, Ai, NULL);
+		EVP_DigestInit_ex(&ctx, md_type, NULL);
+		EVP_DigestUpdate(&ctx, D, v);
+		EVP_DigestUpdate(&ctx, I, Ilen);
+		EVP_DigestFinal_ex(&ctx, Ai, NULL);
 		for (j = 1; j < iter; j++) {
-			EVP_DigestInit (&ctx, md_type);
-			EVP_DigestUpdate (&ctx, Ai, u);
-			EVP_DigestFinal (&ctx, Ai, NULL);
+			EVP_DigestInit_ex(&ctx, md_type, NULL);
+			EVP_DigestUpdate(&ctx, Ai, u);
+			EVP_DigestFinal_ex(&ctx, Ai, NULL);
 		}
 		memcpy (out, Ai, min (n, u));
 		if (u >= n) {
@@ -164,6 +165,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 			OPENSSL_free (I);
 			BN_free (Ij);
 			BN_free (Bpl1);
+			EVP_MD_CTX_cleanup(&ctx);
 #ifdef DEBUG_KEYGEN
 			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
 			h__dump(tmpout, tmpn);
diff --git a/crypto/openssl/crypto/pkcs12/p12_kiss.c b/crypto/openssl/crypto/pkcs12/p12_kiss.c
index 5d67f19..885087a 100644
--- a/crypto/openssl/crypto/pkcs12/p12_kiss.c
+++ b/crypto/openssl/crypto/pkcs12/p12_kiss.c
@@ -151,14 +151,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 	ASN1_OCTET_STRING *keyid = NULL;
 
 	char keymatch = 0;
-	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+	if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
-			bags = M_PKCS12_unpack_p7data(p7);
+			bags = PKCS12_unpack_p7data(p7);
 		} else if (bagnid == NID_pkcs7_encrypted) {
-			bags = M_PKCS12_unpack_p7encdata(p7, pass, passlen);
+			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
 		} else continue;
 		if (!bags) {
 			sk_PKCS7_pop_free(asafes, PKCS7_free);
@@ -237,7 +237,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 
 	case NID_pkcs8ShroudedKeyBag:
 		if (!lkey || !pkey) return 1;	
-		if (!(p8 = M_PKCS12_decrypt_skey(bag, pass, passlen)))
+		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
 				return 0;
 		*pkey = EVP_PKCS82PKEY(p8);
 		PKCS8_PRIV_KEY_INFO_free(p8);
@@ -248,7 +248,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 	case NID_certBag:
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
-		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
 		if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
 		if(fname) {
 			int len;
diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c
index 13d866d..0fb67f7 100644
--- a/crypto/openssl/crypto/pkcs12/p12_mutl.c
+++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c
@@ -56,7 +56,7 @@
  *
  */
 
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/hmac.h>
@@ -71,6 +71,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
 	HMAC_CTX hmac;
 	unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
 	int saltlen, iter;
+
 	salt = p12->mac->salt->data;
 	saltlen = p12->mac->salt->length;
 	if (!p12->mac->iter) iter = 1;
@@ -85,10 +86,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
 		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
 		return 0;
 	}
-	HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
-    	HMAC_Update (&hmac, p12->authsafes->d.data->data,
+	HMAC_CTX_init(&hmac);
+	HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
+    	HMAC_Update(&hmac, p12->authsafes->d.data->data,
 					 p12->authsafes->d.data->length);
-    	HMAC_Final (&hmac, mac, maclen);
+    	HMAC_Final(&hmac, mac, maclen);
+    	HMAC_CTX_cleanup(&hmac);
 	return 1;
 }
 
@@ -113,7 +116,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
 /* Set a mac */
 
 int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
+	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
 {
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
@@ -137,7 +140,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
 
 /* Set up a mac structure */
 int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-	     EVP_MD *md_type)
+	     const EVP_MD *md_type)
 {
 	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
 	if (iter > 1) {
diff --git a/crypto/openssl/crypto/pkcs12/p12_npas.c b/crypto/openssl/crypto/pkcs12/p12_npas.c
index 84e31a7..a549433 100644
--- a/crypto/openssl/crypto/pkcs12/p12_npas.c
+++ b/crypto/openssl/crypto/pkcs12/p12_npas.c
@@ -113,15 +113,15 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
 
-	if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
+	if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
 	if(!(newsafes = sk_PKCS7_new_null())) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value(asafes, i);
 		bagnid = OBJ_obj2nid(p7->type);
 		if (bagnid == NID_pkcs7_data) {
-			bags = M_PKCS12_unpack_p7data(p7);
+			bags = PKCS12_unpack_p7data(p7);
 		} else if (bagnid == NID_pkcs7_encrypted) {
-			bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1);
+			bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
 			alg_get(p7->d.encrypted->enc_data->algorithm,
 				&pbe_nid, &pbe_iter, &pbe_saltlen);
 		} else continue;
@@ -151,7 +151,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 
 	p12_data_tmp = p12->authsafes->d.data;
 	if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
-	if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
+	if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
 
 	if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
 	if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
@@ -194,7 +194,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
 
 	if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
 
-	if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0;
+	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
 	alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
 	if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
 						     p8_iter, p8))) return 0;
diff --git a/crypto/openssl/crypto/pkcs12/p12_p8d.c b/crypto/openssl/crypto/pkcs12/p12_p8d.c
new file mode 100644
index 0000000..3c6f377
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_p8d.c
@@ -0,0 +1,68 @@
+/* p12_p8d.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
+{
+	return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+					passlen, p8->digest, 1);
+}
+
diff --git a/crypto/openssl/crypto/pkcs12/p12_p8e.c b/crypto/openssl/crypto/pkcs12/p12_p8e.c
new file mode 100644
index 0000000..3d47956
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_p8e.c
@@ -0,0 +1,97 @@
+/* p12_p8e.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+			 const char *pass, int passlen,
+			 unsigned char *salt, int saltlen, int iter,
+						PKCS8_PRIV_KEY_INFO *p8inf)
+{
+	X509_SIG *p8 = NULL;
+	X509_ALGOR *pbe;
+
+	if (!(p8 = X509_SIG_new())) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+	if(!pbe) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+		goto err;
+	}
+	X509_ALGOR_free(p8->algor);
+	p8->algor = pbe;
+	M_ASN1_OCTET_STRING_free(p8->digest);
+	p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+					pass, passlen, p8inf, 1);
+	if(!p8->digest) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+		goto err;
+	}
+
+	return p8;
+
+	err:
+	X509_SIG_free(p8);
+	return NULL;
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_utl.c b/crypto/openssl/crypto/pkcs12/p12_utl.c
index 2f1d1e5..243ec76 100644
--- a/crypto/openssl/crypto/pkcs12/p12_utl.c
+++ b/crypto/openssl/crypto/pkcs12/p12_utl.c
@@ -97,26 +97,50 @@ char *uni2asc(unsigned char *uni, int unilen)
 
 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
 {
-	return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
 {
-	return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
 #endif
 
 PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
 {
-	return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new,
-         (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
 {
-        return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new, 
-         (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12));
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
 #endif
 
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+{
+	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+			NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+{
+	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+			NID_x509Crl, NID_crlBag);
+}
+
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+{
+	if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
+	if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
+	return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+{
+	if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
+	if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
+	return ASN1_item_unpack(bag->value.bag->value.octet,
+							ASN1_ITEM_rptr(X509_CRL));
+}
diff --git a/crypto/openssl/crypto/pkcs12/pk12err.c b/crypto/openssl/crypto/pkcs12/pk12err.c
index 12db54f..10ab805 100644
--- a/crypto/openssl/crypto/pkcs12/pk12err.c
+++ b/crypto/openssl/crypto/pkcs12/pk12err.c
@@ -63,7 +63,7 @@
 #include <openssl/pkcs12.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PKCS12_str_functs[]=
 	{
 {ERR_PACK(0,PKCS12_F_PARSE_BAGS,0),	"PARSE_BAGS"},
@@ -130,7 +130,7 @@ void ERR_load_PKCS12_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
 		ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/pkcs12/pkcs12.h b/crypto/openssl/crypto/pkcs12/pkcs12.h
index 08bf15a..dd338f2 100644
--- a/crypto/openssl/crypto/pkcs12/pkcs12.h
+++ b/crypto/openssl/crypto/pkcs12/pkcs12.h
@@ -120,7 +120,6 @@ union {
 	ASN1_TYPE *other;
 }value;
 STACK_OF(X509_ATTRIBUTE) *attrib;
-ASN1_TYPE *rest;
 } PKCS12_SAFEBAG;
 
 DECLARE_STACK_OF(PKCS12_SAFEBAG)
@@ -141,55 +140,25 @@ union {
 #define PKCS12_ERROR	0
 #define PKCS12_OK	1
 
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-#define M_PKCS12_x5092certbag(x509) \
-PKCS12_pack_safebag((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
-
-#define M_PKCS12_x509crl2certbag(crl) \
-PKCS12_pack_safebag((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
+/* Compatibility macros */
 
-#define M_PKCS12_certbag2x509(bg) \
-(X509 *) ASN1_unpack_string((bg)->value.bag->value.octet, \
-(char *(*)())d2i_X509)
+#define M_PKCS12_x5092certbag PKCS12_x5092certbag
+#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
 
-#define M_PKCS12_certbag2x509crl(bg) \
-(X509CRL *) ASN1_unpack_string((bg)->value.bag->value.octet, \
-(char *(*)())d2i_X509CRL)
+#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
+#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 
 
-/*#define M_PKCS12_pkcs82rsa(p8) \
-(RSA *) ASN1_unpack_string((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
+#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
+#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
+#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
+#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
 
-#define M_PKCS12_unpack_p7data(p7) \
-ASN1_seq_unpack_PKCS12_SAFEBAG((p7)->d.data->data, p7->d.data->length, \
-			        d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
+#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
+#define M_PKCS8_decrypt PKCS8_decrypt
 
-#define M_PKCS12_pack_authsafes(p12, safes) \
-ASN1_seq_pack_PKCS7((safes), i2d_PKCS7,\
-	&(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
-
-#define M_PKCS12_unpack_authsafes(p12) \
-ASN1_seq_unpack_PKCS7((p12)->authsafes->d.data->data, \
-		(p12)->authsafes->d.data->length, d2i_PKCS7, PKCS7_free)
-
-#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
-PKCS12_decrypt_d2i_PKCS12_SAFEBAG((p7)->d.encrypted->enc_data->algorithm,\
-			           d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
-				   (pass), (passlen), \
-			           (p7)->d.encrypted->enc_data->enc_data, 3)
-
-#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
-(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i((bag)->value.shkeybag->algor, \
-(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)(void *))PKCS8_PRIV_KEY_INFO_free, \
-						(pass), (passlen), \
-			 (bag)->value.shkeybag->digest, 2)
-
-#define M_PKCS8_decrypt(p8, pass, passlen) \
-(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i((p8)->algor, \
-(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)(void *))PKCS8_PRIV_KEY_INFO_free,\
-			 (pass), (passlen), (p8)->digest, 2)
+#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
 
 #define PKCS12_get_attr(bag, attr_nid) \
 			 PKCS12_get_attr_gen(bag->attrib, attr_nid)
@@ -200,8 +169,17 @@ PKCS12_decrypt_d2i_PKCS12_SAFEBAG((p7)->d.encrypted->enc_data->algorithm,\
 #define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
 
 
-PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2);
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
+	     int nid2);
 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+								int passlen);
 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
 			const char *pass, int passlen,
 			unsigned char *salt, int saltlen, int iter,
@@ -211,12 +189,20 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
 				     int saltlen, int iter,
 				     PKCS8_PRIV_KEY_INFO *p8);
 PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 			     unsigned char *salt, int saltlen, int iter,
 			     STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
 				int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+				int namelen);
 int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
 				int namelen);
 int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
@@ -225,48 +211,38 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
 				int passlen, unsigned char *in, int inlen,
 				unsigned char **data, int *datalen, int en_de);
-char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(),
-			 void (*free_func)(void *), const char *pass, int passlen,
-			 ASN1_STRING *oct, int seq);
-ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(),
-				const char *pass, int passlen, char *obj,
-				int seq);
+void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+				       const char *pass, int passlen,
+				       void *obj, int zbuf);
 PKCS12 *PKCS12_init(int mode);
 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 		       int saltlen, int id, int iter, int n,
 		       unsigned char *out, const EVP_MD *md_type);
 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
 			 int en_de);
 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
 			 unsigned char *mac, unsigned int *maclen);
 int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
 int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 		   unsigned char *salt, int saltlen, int iter,
-		   EVP_MD *md_type);
+		   const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-					 int saltlen, EVP_MD *md_type);
+					 int saltlen, const EVP_MD *md_type);
 unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
-int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
-PKCS12_BAGS *PKCS12_BAGS_new(void);
-PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length);
-void PKCS12_BAGS_free(PKCS12_BAGS *a);
-int i2d_PKCS12(PKCS12 *a, unsigned char **pp);
-PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length);
-PKCS12 *PKCS12_new(void);
-void PKCS12_free(PKCS12 *a);
-int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp);
-PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
-PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
-								 long length);
-void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
-int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp);
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
-PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
-								 long length);
-void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 		 STACK_OF(X509) **ca);
diff --git a/crypto/openssl/crypto/pkcs7/Makefile.ssl b/crypto/openssl/crypto/pkcs7/Makefile.ssl
index da0ff22..69cddb0 100644
--- a/crypto/openssl/crypto/pkcs7/Makefile.ssl
+++ b/crypto/openssl/crypto/pkcs7/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	pkcs7
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -25,8 +26,10 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c
-LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o
+LIBSRC=	pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+	pk7_mime.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+	pk7_mime.o
 
 SRC= $(LIBSRC)
 
@@ -58,8 +61,7 @@ verify: verify.o example.o lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -87,7 +89,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -98,10 +100,33 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-pk7_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_asn1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_asn1.o: ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
@@ -109,79 +134,89 @@ pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pk7_attr.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pk7_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pk7_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pk7_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pk7_attr.o: ../../include/openssl/x509_vfy.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_attr.o: pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h
 pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_doit.o: ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h
 pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-pk7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pk7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_lib.o: ../cryptlib.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h
 pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pk7_mime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-pk7_mime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_mime.o: ../../include/openssl/opensslconf.h
-pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-pk7_mime.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-pk7_mime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pk7_mime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_mime.o: ../cryptlib.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h
 pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
@@ -189,29 +224,20 @@ pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pk7_smime.o: ../../include/openssl/objects.h
 pk7_smime.o: ../../include/openssl/opensslconf.h
-pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pk7_smime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pk7_smime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pk7_smime.o: ../cryptlib.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c
 pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pkcs7err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pkcs7err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-pkcs7err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-pkcs7err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-pkcs7err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pkcs7err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pkcs7err.o: ../../include/openssl/x509_vfy.h
+pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/crypto/openssl/crypto/pkcs7/bio_ber.c b/crypto/openssl/crypto/pkcs7/bio_ber.c
index 5447e69..895a911 100644
--- a/crypto/openssl/crypto/pkcs7/bio_ber.c
+++ b/crypto/openssl/crypto/pkcs7/bio_ber.c
@@ -145,7 +145,7 @@ static int ber_free(BIO *a)
 
 	if (a == NULL) return(0);
 	b=(BIO_BER_CTX *)a->ptr;
-	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
@@ -339,7 +339,7 @@ static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
 	case BIO_CTRL_RESET:
 		ctx->ok=1;
 		ctx->finished=0;
-		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
 			ctx->cipher.berrypt);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
@@ -376,7 +376,7 @@ again:
 			{
 			ctx->finished=1;
 			ctx->buf_off=0;
-			ret=EVP_CipherFinal(&(ctx->cipher),
+			ret=EVP_CipherFinal_ex(&(ctx->cipher),
 				(unsigned char *)ctx->buf,
 				&(ctx->buf_len));
 			ctx->ok=(int)ret;
@@ -458,7 +458,7 @@ void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
 
 	b->init=1;
 	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
 	
 	if (b->callback != NULL)
 		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
diff --git a/crypto/openssl/crypto/pkcs7/enc.c b/crypto/openssl/crypto/pkcs7/enc.c
index 2b56c2e..7417f8a 100644
--- a/crypto/openssl/crypto/pkcs7/enc.c
+++ b/crypto/openssl/crypto/pkcs7/enc.c
@@ -128,7 +128,7 @@ char *argv[];
 	PKCS7_set_type(p7,NID_pkcs7_enveloped);
 #endif
 	if(!cipher)	{
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		cipher = EVP_des_ede3_cbc();
 #else
 		fprintf(stderr, "No cipher selected\n");
diff --git a/crypto/openssl/crypto/pkcs7/example.c b/crypto/openssl/crypto/pkcs7/example.c
index f6656be..c993947 100644
--- a/crypto/openssl/crypto/pkcs7/example.c
+++ b/crypto/openssl/crypto/pkcs7/example.c
@@ -3,6 +3,7 @@
 #include <string.h>
 #include <openssl/pkcs7.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
 int add_signed_time(PKCS7_SIGNER_INFO *si)
 	{
diff --git a/crypto/openssl/crypto/pkcs7/pk7_asn1.c b/crypto/openssl/crypto/pkcs7/pk7_asn1.c
new file mode 100644
index 0000000..46f0fc9
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,213 @@
+/* pk7_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+	ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)),
+	ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+	ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+	ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS7) = {
+	ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(PKCS7)
+}ASN1_SEQUENCE_END(PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_SEQUENCE(PKCS7_SIGNED) = {
+	ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+	ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+	ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+		EVP_PKEY_free(si->pkey);
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+	/* NB this should be a SET OF but we use a SEQUENCE OF so the
+	 * original order * is retained when the structure is reencoded.
+	 * Since the attributes are implicitly tagged this will not affect
+	 * the encoding.
+	 */
+	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
+	ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+	ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+	ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+		X509_free(ri->cert);
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = {
+	ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+	ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_SEQUENCE(PKCS7_ENCRYPT) = {
+	ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_SEQUENCE(PKCS7_DIGEST) = {
+	ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+	ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/* When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/* When verifying attributes we need to use the received order. So 
+ * we use SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+				V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c
index a45cf76..0060a2e 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -197,7 +197,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 			goto err;
 		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
 		if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
-		EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+		EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
 
 		if (ivlen > 0) {
 			if (xalg->parameter == NULL) 
@@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
 			}
 		OPENSSL_free(tmp);
-		memset(key, 0, keylen);
+		OPENSSL_cleanse(key, keylen);
 
 		if (out == NULL)
 			out=btmp;
@@ -251,7 +251,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		}
 
 	if (bio == NULL) {
-		if (p7->detached)
+		if (PKCS7_is_detached(p7))
 			bio=BIO_new(BIO_s_null());
 		else {
 			if (PKCS7_type_is_signed(p7) ) { 
@@ -430,7 +430,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 
 		evp_ctx=NULL;
 		BIO_get_cipher_ctx(etmp,&evp_ctx);
-		EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+		EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
 		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
 			goto err;
 
@@ -446,9 +446,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 				goto err;
 				}
 		} 
-		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+		EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
 
-		memset(tmp,0,jj);
+		OPENSSL_cleanse(tmp,jj);
 
 		if (out == NULL)
 			out=etmp;
@@ -458,7 +458,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 		}
 
 #if 1
-	if (p7->detached || (in_bio != NULL))
+	if (PKCS7_is_detached(p7) || (in_bio != NULL))
 		{
 		bio=in_bio;
 		}
@@ -510,10 +510,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 	EVP_MD_CTX *mdc,ctx_tmp;
 	STACK_OF(X509_ATTRIBUTE) *sk;
 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-	unsigned char *p,*pp=NULL;
-	int x;
 	ASN1_OCTET_STRING *os=NULL;
 
+	EVP_MD_CTX_init(&ctx_tmp);
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
 
@@ -567,7 +566,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				BIO_get_md_ctx(btmp,&mdc);
 				if (mdc == NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
 					goto err;
 					}
 				if (EVP_MD_CTX_type(mdc) == j)
@@ -578,8 +577,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			
 			/* We now have the EVP_MD_CTX, lets do the
 			 * signing. */
-			memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
-			if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
+			if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
 				{
 				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
 				goto err;
@@ -591,8 +590,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			 * attribute and only sign the attributes */
 			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 				{
-				unsigned char md_data[EVP_MAX_MD_SIZE];
-				unsigned int md_len;
+				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
+				unsigned int md_len, alen;
 				ASN1_OCTET_STRING *digest;
 				ASN1_UTCTIME *sign_time;
 				const EVP_MD *md_tmp;
@@ -609,29 +608,23 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
 				/* Add digest */
 				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
-				EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
+				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
 				digest=M_ASN1_OCTET_STRING_new();
 				M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
 				PKCS7_add_signed_attribute(si,
 					NID_pkcs9_messageDigest,
 					V_ASN1_OCTET_STRING,digest);
 
-				/* Now sign the mess */
-				EVP_SignInit(&ctx_tmp,md_tmp);
-				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
-					   i2d_X509_ATTRIBUTE,
-					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-				if (!(pp=(unsigned char *)OPENSSL_malloc(x))) goto err;
-				p=pp;
-				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
-				           i2d_X509_ATTRIBUTE,
-					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-				EVP_SignUpdate(&ctx_tmp,pp,x);
-				OPENSSL_free(pp);
-				pp=NULL;
+				/* Now sign the attributes */
+				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
+				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
+							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+				if(!abuf) goto err;
+				EVP_SignUpdate(&ctx_tmp,abuf,alen);
+				OPENSSL_free(abuf);
 				}
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (si->pkey->type == EVP_PKEY_DSA)
 				ctx_tmp.digest=EVP_dss1();
 #endif
@@ -651,7 +644,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			}
 		}
 
-	if (!p7->detached)
+	if (!PKCS7_is_detached(p7))
 		{
 		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
 		if (btmp == NULL)
@@ -672,11 +665,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			(unsigned char *)buf_mem->data,buf_mem->length);
 #endif
 		}
-	if (pp != NULL) OPENSSL_free(pp);
-	pp=NULL;
-
 	ret=1;
 err:
+	EVP_MD_CTX_cleanup(&ctx_tmp);
 	if (buf != NULL) BUF_MEM_free(buf);
 	return(ret);
 	}
@@ -715,7 +706,11 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
 		}
 
 	/* Lets verify */
-	X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+	if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+		goto err;
+		}
 	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
 	i=X509_verify_cert(ctx);
 	if (i <= 0) 
@@ -736,13 +731,14 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 	{
 	ASN1_OCTET_STRING *os;
 	EVP_MD_CTX mdc_tmp,*mdc;
-	unsigned char *pp,*p;
 	int ret=0,i;
 	int md_type;
 	STACK_OF(X509_ATTRIBUTE) *sk;
 	BIO *btmp;
 	EVP_PKEY *pkey;
 
+	EVP_MD_CTX_init(&mdc_tmp);
+
 	if (!PKCS7_type_is_signed(p7) && 
 				!PKCS7_type_is_signedAndEnveloped(p7)) {
 		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
@@ -766,7 +762,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 		if (mdc == NULL)
 			{
 			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							PKCS7_R_INTERNAL_ERROR);
+							ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		if (EVP_MD_CTX_type(mdc) == md_type)
@@ -776,16 +772,16 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 
 	/* mdc is the digest ctx that we want, unless there are attributes,
 	 * in which case the digest is the signed attributes */
-	memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
+	EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
 
 	sk=si->auth_attr;
 	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 		{
-		unsigned char md_dat[EVP_MAX_MD_SIZE];
-                unsigned int md_len;
+		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+                unsigned int md_len, alen;
 		ASN1_OCTET_STRING *message_digest;
 
-		EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
+		EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
 		message_digest=PKCS7_digest_from_attributes(sk);
 		if (!message_digest)
 			{
@@ -810,20 +806,13 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 			goto err;
 			}
 
-		EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
-		/* Note: when forming the encoding of the attributes we
-		 * shouldn't reorder them or this will break the signature.
-		 * This is done by using the IS_SEQUENCE flag.
-		 */
-		i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
-		if (!(pp=OPENSSL_malloc(i))) goto err;
-		p=pp;
-		i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
-		EVP_VerifyUpdate(&mdc_tmp,pp,i);
+		EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
+
+		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+		EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
 
-		OPENSSL_free(pp);
+		OPENSSL_free(abuf);
 		}
 
 	os=si->enc_digest;
@@ -833,7 +822,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 		ret = -1;
 		goto err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
 #endif
 
@@ -849,6 +838,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 	else
 		ret=1;
 err:
+	EVP_MD_CTX_cleanup(&mdc_tmp);
 	return(ret);
 	}
 
@@ -890,7 +880,7 @@ static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
 		xa=sk_X509_ATTRIBUTE_value(sk,i);
 		if (OBJ_cmp(xa->object,o) == 0)
 			{
-			if (xa->set && sk_ASN1_TYPE_num(xa->value.set))
+			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
 				return(sk_ASN1_TYPE_value(xa->value.set,0));
 			else
 				return(NULL);
diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/openssl/crypto/pkcs7/pk7_lib.c
index 45973fe..985b072 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_lib.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_lib.c
@@ -74,6 +74,13 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 		if (nid == NID_pkcs7_signed)
 			{
 			ret=p7->detached=(int)larg;
+			if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+					{
+					ASN1_OCTET_STRING *os;
+					os=p7->d.sign->contents->d.data;
+					ASN1_OCTET_STRING_free(os);
+					p7->d.sign->contents->d.data = NULL;
+					}
 			}
 		else
 			{
@@ -84,7 +91,11 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 	case PKCS7_OP_GET_DETACHED_SIGNATURE:
 		if (nid == NID_pkcs7_signed)
 			{
-			ret=p7->detached;
+			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
+				ret = 1;
+			else ret = 0;
+				
+			p7->detached = ret;
 			}
 		else
 			{
@@ -144,7 +155,7 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 	{
 	ASN1_OBJECT *obj;
 
-	PKCS7_content_free(p7);
+	/*PKCS7_content_free(p7);*/
 	obj=OBJ_nid2obj(type); /* will not fail */
 
 	switch (type)
@@ -165,18 +176,24 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+		p7->d.signed_and_enveloped->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_enveloped:
 		p7->type=obj;
 		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.enveloped->version,0);
+		p7->d.enveloped->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_encrypted:
 		p7->type=obj;
 		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.encrypted->version,0);
+		p7->d.encrypted->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 
 	case NID_pkcs7_digest:
@@ -295,7 +312,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 	}
 
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	     EVP_MD *dgst)
+	     const EVP_MD *dgst)
 	{
 	char is_dsa;
 	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
@@ -343,7 +360,7 @@ err:
 	}
 
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-	     EVP_MD *dgst)
+	     const EVP_MD *dgst)
 	{
 	PKCS7_SIGNER_INFO *si;
 
@@ -415,9 +432,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
 		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
 
 	X509_ALGOR_free(p7i->key_enc_algor);
-	p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
-		(char *(*)())d2i_X509_ALGOR,
-		(char *)x509->cert_info->key->algor);
+	p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
 
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
 	p7i->cert=x509;
diff --git a/crypto/openssl/crypto/pkcs7/pk7_smime.c b/crypto/openssl/crypto/pkcs7/pk7_smime.c
index 3d3214f..f0d071e 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_smime.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_smime.c
@@ -115,17 +115,17 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
 			return NULL;
 		}
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 		PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
 		PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 		PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
 #endif
 		PKCS7_add_attrib_smimecap (si, smcap);
@@ -201,11 +201,20 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
 		signer = sk_X509_value (signers, k);
 		if (!(flags & PKCS7_NOCHAIN)) {
-			X509_STORE_CTX_init(&cert_ctx, store, signer,
-							p7->d.sign->cert);
+			if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
+							p7->d.sign->cert))
+				{
+				PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+				sk_X509_free(signers);
+				return 0;
+				}
 			X509_STORE_CTX_set_purpose(&cert_ctx,
 						X509_PURPOSE_SMIME_SIGN);
-		} else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+		} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+			sk_X509_free(signers);
+			return 0;
+		}
 		i = X509_verify_cert(&cert_ctx);
 		if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
 		X509_STORE_CTX_cleanup(&cert_ctx);
@@ -327,7 +336,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 
 /* Build a complete PKCS#7 enveloped data */
 
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 								int flags)
 {
 	PKCS7 *p7;
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h
index 5baaa78..5819700 100644
--- a/crypto/openssl/crypto/pkcs7/pkcs7.h
+++ b/crypto/openssl/crypto/pkcs7/pkcs7.h
@@ -59,16 +59,18 @@
 #ifndef HEADER_PKCS7_H
 #define HEADER_PKCS7_H
 
+#include <openssl/asn1.h>
 #include <openssl/bio.h>
-#include <openssl/x509.h>
+#include <openssl/e_os2.h>
 
 #include <openssl/symhacks.h>
+#include <openssl/ossl_typ.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 /* Under Win32 thes are defined in wincrypt.h */
 #undef PKCS7_ISSUER_AND_SERIAL
 #undef PKCS7_SIGNER_INFO
@@ -225,6 +227,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_get_attributes(si)	((si)->unauth_attr)
 
 #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
 #define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
 #define PKCS7_type_is_signedAndEnveloped(a) \
 		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
@@ -235,6 +238,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_get_detached(p) \
 		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
 
+#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
 #ifdef SSLEAY_MACROS
 #ifndef PKCS7_ISSUER_AND_SERIAL_digest
 #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
@@ -268,19 +273,12 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define SMIME_BINARY	PKCS7_BINARY
 #define SMIME_NOATTR	PKCS7_NOATTR
 
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
-void			PKCS7_ISSUER_AND_SERIAL_free(
-				PKCS7_ISSUER_AND_SERIAL *a);
-int 			i2d_PKCS7_ISSUER_AND_SERIAL(
-				PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp);
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
-				PKCS7_ISSUER_AND_SERIAL **a,
-				unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
 
 #ifndef SSLEAY_MACROS
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
 	unsigned char *md,unsigned int *len);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 #endif
@@ -289,69 +287,18 @@ PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 #endif
 
-PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new(void);
-void			PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
-int 			i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a,
-				unsigned char **pp);
-PKCS7_SIGNER_INFO	*d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
-				unsigned char **pp,long length);
-
-PKCS7_RECIP_INFO	*PKCS7_RECIP_INFO_new(void);
-void			PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
-int 			i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a,
-				unsigned char **pp);
-PKCS7_RECIP_INFO	*d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
-				unsigned char **pp,long length);
-
-PKCS7_SIGNED		*PKCS7_SIGNED_new(void);
-void			PKCS7_SIGNED_free(PKCS7_SIGNED *a);
-int 			i2d_PKCS7_SIGNED(PKCS7_SIGNED *a,
-				unsigned char **pp);
-PKCS7_SIGNED		*d2i_PKCS7_SIGNED(PKCS7_SIGNED **a,
-				unsigned char **pp,long length);
-
-PKCS7_ENC_CONTENT	*PKCS7_ENC_CONTENT_new(void);
-void			PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
-int 			i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a,
-				unsigned char **pp);
-PKCS7_ENC_CONTENT	*d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
-				unsigned char **pp,long length);
-
-PKCS7_ENVELOPE		*PKCS7_ENVELOPE_new(void);
-void			PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
-int 			i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a,
-				unsigned char **pp);
-PKCS7_ENVELOPE		*d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a,
-				unsigned char **pp,long length);
-
-PKCS7_SIGN_ENVELOPE	*PKCS7_SIGN_ENVELOPE_new(void);
-void			PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
-int 			i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a,
-				unsigned char **pp);
-PKCS7_SIGN_ENVELOPE	*d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
-				unsigned char **pp,long length);
-
-PKCS7_DIGEST		*PKCS7_DIGEST_new(void);
-void			PKCS7_DIGEST_free(PKCS7_DIGEST *a);
-int 			i2d_PKCS7_DIGEST(PKCS7_DIGEST *a,
-				unsigned char **pp);
-PKCS7_DIGEST		*d2i_PKCS7_DIGEST(PKCS7_DIGEST **a,
-				unsigned char **pp,long length);
-
-PKCS7_ENCRYPT		*PKCS7_ENCRYPT_new(void);
-void			PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
-int 			i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a,
-				unsigned char **pp);
-PKCS7_ENCRYPT		*d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a,
-				unsigned char **pp,long length);
-
-PKCS7			*PKCS7_new(void);
-void			PKCS7_free(PKCS7 *a);
-void			PKCS7_content_free(PKCS7 *a);
-int 			i2d_PKCS7(PKCS7 *a,
-				unsigned char **pp);
-PKCS7			*d2i_PKCS7(PKCS7 **a,
-				unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
+
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
 
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
@@ -359,7 +306,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 int PKCS7_set_type(PKCS7 *p7, int type);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	EVP_MD *dgst);
+	const EVP_MD *dgst);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
@@ -375,7 +322,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
 
 
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-	EVP_PKEY *pkey, EVP_MD *dgst);
+	EVP_PKEY *pkey, const EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 
@@ -402,7 +349,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 					BIO *indata, BIO *out, int flags);
 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 								int flags);
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
 
@@ -461,7 +408,6 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_DIGEST_FAILURE				 101
 #define PKCS7_R_ERROR_ADDING_RECIPIENT			 120
 #define PKCS7_R_ERROR_SETTING_CIPHER			 121
-#define PKCS7_R_INTERNAL_ERROR				 102
 #define PKCS7_R_INVALID_MIME_TYPE			 131
 #define PKCS7_R_INVALID_NULL_POINTER			 143
 #define PKCS7_R_MIME_NO_CONTENT_TYPE			 132
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7err.c b/crypto/openssl/crypto/pkcs7/pkcs7err.c
index 8ded891..5e51527a 100644
--- a/crypto/openssl/crypto/pkcs7/pkcs7err.c
+++ b/crypto/openssl/crypto/pkcs7/pkcs7err.c
@@ -63,7 +63,7 @@
 #include <openssl/pkcs7.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PKCS7_str_functs[]=
 	{
 {ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0),	"B64_READ_PKCS7"},
@@ -105,7 +105,6 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
 {PKCS7_R_ERROR_ADDING_RECIPIENT          ,"error adding recipient"},
 {PKCS7_R_ERROR_SETTING_CIPHER            ,"error setting cipher"},
-{PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
 {PKCS7_R_INVALID_MIME_TYPE               ,"invalid mime type"},
 {PKCS7_R_INVALID_NULL_POINTER            ,"invalid null pointer"},
 {PKCS7_R_MIME_NO_CONTENT_TYPE            ,"mime no content type"},
@@ -152,7 +151,7 @@ void ERR_load_PKCS7_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/pkcs7/sign.c b/crypto/openssl/crypto/pkcs7/sign.c
index 22290e1..8b59885 100644
--- a/crypto/openssl/crypto/pkcs7/sign.c
+++ b/crypto/openssl/crypto/pkcs7/sign.c
@@ -76,16 +76,16 @@ char *argv[];
 	int i;
 	int nodetach=0;
 
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA1
 	EVP_add_digest(EVP_sha1());
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 	EVP_add_digest(EVP_mdc2());
 #endif
 
diff --git a/crypto/openssl/crypto/pkcs7/verify.c b/crypto/openssl/crypto/pkcs7/verify.c
index bd27006..b40f260 100644
--- a/crypto/openssl/crypto/pkcs7/verify.c
+++ b/crypto/openssl/crypto/pkcs7/verify.c
@@ -85,16 +85,16 @@ char *argv[];
 
 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA1
 	EVP_add_digest(EVP_sha1());
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 	EVP_add_digest(EVP_mdc2());
 #endif
 
diff --git a/crypto/openssl/crypto/rand/Makefile.ssl b/crypto/openssl/crypto/rand/Makefile.ssl
index e9a6876..b25421e 100644
--- a/crypto/openssl/crypto/rand/Makefile.ssl
+++ b/crypto/openssl/crypto/rand/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -22,8 +23,10 @@ TEST= randtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o rand_win.o
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+	rand_win.c rand_unix.c rand_os2.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+	rand_win.o rand_unix.o rand_os2.o
 
 SRC= $(LIBSRC)
 
@@ -39,8 +42,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +70,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,30 +81,114 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-md_rand.o: ../../include/openssl/symhacks.h rand_lcl.h
-rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+md_rand.o: ../../e_os.h ../../include/openssl/aes.h
+md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
 rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rand_err.o: ../../include/openssl/symhacks.h
-rand_lib.o: ../../include/openssl/rand.h
-rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rand_lib.o: ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_os2.o: ../../e_os.h ../../include/openssl/aes.h
+rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/aes.h
+rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/aes.h
+rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rand_win.o: ../cryptlib.h rand_lcl.h
-randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/crypto.h
 randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-randfile.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-randfile.o: ../../include/openssl/symhacks.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c
index 349629c..eeffc0d 100644
--- a/crypto/openssl/crypto/rand/md_rand.c
+++ b/crypto/openssl/crypto/rand/md_rand.c
@@ -119,7 +119,7 @@
 #include <stdio.h>
 #include <string.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/rand.h>
 #include "rand_lcl.h"
@@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
 
 static void ssleay_rand_cleanup(void)
 	{
-	memset(state,0,sizeof(state));
+	OPENSSL_cleanse(state,sizeof(state));
 	state_num=0;
 	state_index=0;
-	memset(md,0,MD_DIGEST_LENGTH);
+	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
 	md_count[0]=0;
 	md_count[1]=0;
 	entropy=0;
@@ -192,7 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 	int i,j,k,st_idx;
 	long md_c[2];
 	unsigned char local_md[MD_DIGEST_LENGTH];
-	MD_CTX m;
+	EVP_MD_CTX m;
 	int do_not_lock;
 
 	/*
@@ -254,6 +254,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 
 	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
+	EVP_MD_CTX_init(&m);
 	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
 		{
 		j=(num-i);
@@ -272,7 +273,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 			
 		MD_Update(&m,buf,j);
 		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-		MD_Final(local_md,&m);
+		MD_Final(&m,local_md);
 		md_c[1]++;
 
 		buf=(const char *)buf + j;
@@ -292,7 +293,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 				st_idx=0;
 			}
 		}
-	memset((char *)&m,0,sizeof(m));
+	EVP_MD_CTX_cleanup(&m);
 
 	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	/* Don't just copy back local_md into md -- this could mean that
@@ -307,7 +308,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 	    entropy += add;
 	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 	
-#if !defined(THREADS) && !defined(WIN32)
+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
 	assert(md_c[1] == md_count[1]);
 #endif
 	}
@@ -325,7 +326,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	int ok;
 	long md_c[2];
 	unsigned char local_md[MD_DIGEST_LENGTH];
-	MD_CTX m;
+	EVP_MD_CTX m;
 #ifndef GETPID_IS_MEANINGLESS
 	pid_t curr_pid = getpid();
 #endif
@@ -344,7 +345,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 
 	if (num <= 0)
 		return 1;
-	
+
+	EVP_MD_CTX_init(&m);
 	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
 	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
 
@@ -473,7 +475,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 			}
 		else
 			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
-		MD_Final(local_md,&m);
+		MD_Final(&m,local_md);
 
 		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
 			{
@@ -490,10 +492,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(md,&m);
+	MD_Final(&m,md);
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
-	memset(&m,0,sizeof(m));
+	EVP_MD_CTX_cleanup(&m);
 	if (ok)
 		return(1);
 	else
diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/openssl/crypto/rand/rand.h
index b00d972..66e3999 100644
--- a/crypto/openssl/crypto/rand/rand.h
+++ b/crypto/openssl/crypto/rand/rand.h
@@ -60,6 +60,12 @@
 #define HEADER_RAND_H
 
 #include <stdlib.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_WINDOWS)
+#include <windows.h>
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
@@ -79,8 +85,9 @@ typedef struct rand_meth_st
 extern int rand_predictable;
 #endif
 
-void RAND_set_rand_method(RAND_METHOD *meth);
-RAND_METHOD *RAND_get_rand_method(void );
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+int RAND_set_rand_engine(ENGINE *engine);
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
 int  RAND_bytes(unsigned char *buf,int num);
@@ -91,31 +98,16 @@ int  RAND_load_file(const char *file,long max_bytes);
 int  RAND_write_file(const char *file);
 const char *RAND_file_name(char *file,size_t num);
 int RAND_status(void);
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 int RAND_poll(void);
 
-#ifdef  __cplusplus
-}
-#endif
-
-#if defined(WINDOWS) || defined(WIN32)
-#include <windows.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 
 void RAND_screen(void);
 int RAND_event(UINT, WPARAM, LPARAM);
 
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
 #endif
 
 /* BEGIN ERROR CODES */
@@ -127,6 +119,7 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 
 /* Function codes. */
+#define RAND_F_RAND_GET_RAND_METHOD			 101
 #define RAND_F_SSLEAY_RAND_BYTES			 100
 
 /* Reason codes. */
diff --git a/crypto/openssl/crypto/rand/rand_egd.c b/crypto/openssl/crypto/rand/rand_egd.c
index a660169..1f16822 100644
--- a/crypto/openssl/crypto/rand/rand_egd.c
+++ b/crypto/openssl/crypto/rand/rand_egd.c
@@ -1,5 +1,5 @@
 /* crypto/rand/rand_egd.c */
-/* Written by Ulf Moeller for the OpenSSL project. */
+/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -54,12 +54,51 @@
  *
  */
 
+#include <openssl/e_os2.h>
 #include <openssl/rand.h>
 
-/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+/*
+ * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ *
+ * This module supplies three routines:
+ *
+ * RAND_query_egd_bytes(path, buf, bytes)
+ *   will actually query "bytes" bytes of entropy form the egd-socket located
+ *   at path and will write them to buf (if supplied) or will directly feed
+ *   it to RAND_seed() if buf==NULL.
+ *   The number of bytes is not limited by the maximum chunk size of EGD,
+ *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
+ *   of entropy bytes are requested. The connection is left open until the
+ *   query is competed.
+ *   RAND_query_egd_bytes() returns with
+ *     -1  if an error occured during connection or communication.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *   This routine does not touch any RAND_status(). This is necessary, since
+ *   PRNG functions may call it during initialization.
+ *
+ * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
+ *   used to seed the PRNG.
+ *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
+ *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
+ *   seed status so that the return value can reflect the seed state:
+ *     -1  if an error occured during connection or communication _or_
+ *         if the PRNG has still not received the required seeding.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *
+ * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
+ *   the PRNG.
+ *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
  */
 
-#if defined(WIN32) || defined(VMS) || defined(__VMS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+	{
+	return(-1);
+	}
 int RAND_egd(const char *path)
 	{
 	return(-1);
@@ -75,7 +114,7 @@ int RAND_egd_bytes(const char *path,int bytes)
 #include <sys/types.h>
 #include <sys/socket.h>
 #ifndef NO_SYS_UN_H
-# ifdef VXWORKS
+# ifdef OPENSSL_SYS_VXWORKS
 #   include <streams/un.h>
 # else
 #   include <sys/un.h>
@@ -87,87 +126,149 @@ struct	sockaddr_un {
 };
 #endif /* NO_SYS_UN_H */
 #include <string.h>
+#include <errno.h>
 
 #ifndef offsetof
 #  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
 #endif
 
-int RAND_egd(const char *path)
-	{
-	int ret = -1;
-	struct sockaddr_un addr;
-	int len, num;
-	int fd = -1;
-	unsigned char buf[256];
-
-	memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	if (strlen(path) > sizeof(addr.sun_path))
-		return (-1);
-	strcpy(addr.sun_path,path);
-	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
-	fd = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (fd == -1) return (-1);
-	if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err;
-	buf[0] = 1;
-	buf[1] = 255;
-	write(fd, buf, 2);
-	if (read(fd, buf, 1) != 1) goto err;
-	if (buf[0] == 0) goto err;
-	num = read(fd, buf, 255);
-	if (num < 1) goto err;
-	RAND_seed(buf, num);
-	if (RAND_status() == 1)
-		ret = num;
- err:
-	if (fd != -1) close(fd);
-	return(ret);
-	}
-
-int RAND_egd_bytes(const char *path,int bytes)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 	{
 	int ret = 0;
 	struct sockaddr_un addr;
-	int len, num;
+	int len, num, numbytes;
 	int fd = -1;
-	unsigned char buf[255];
+	int success;
+	unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
-	if (strlen(path) > sizeof(addr.sun_path))
+	if (strlen(path) >= sizeof(addr.sun_path))
 		return (-1);
 	strcpy(addr.sun_path,path);
 	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
 	fd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (fd == -1) return (-1);
-	if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err;
+	success = 0;
+	while (!success)
+	    {
+	    if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+	       success = 1;
+	    else
+		{
+		switch (errno)
+		    {
+#ifdef EINTR
+		    case EINTR:
+#endif
+#ifdef EAGAIN
+		    case EAGAIN:
+#endif
+#ifdef EINPROGRESS
+		    case EINPROGRESS:
+#endif
+#ifdef EALREADY
+		    case EALREADY:
+#endif
+			/* No error, try again */
+			break;
+#ifdef EISCONN
+		    case EISCONN:
+			success = 1;
+			break;
+#endif
+		    default:
+			goto err;	/* failure */
+		    }
+		}
+	    }
 
 	while(bytes > 0)
 	    {
-	    buf[0] = 1;
-	    buf[1] = bytes < 255 ? bytes : 255;
-	    write(fd, buf, 2);
-	    if (read(fd, buf, 1) != 1)
+	    egdbuf[0] = 1;
+	    egdbuf[1] = bytes < 255 ? bytes : 255;
+	    numbytes = 0;
+	    while (numbytes != 2)
 		{
-		ret=-1;
-		goto err;
+	        num = write(fd, egdbuf + numbytes, 2 - numbytes);
+	        if (num >= 0)
+		    numbytes += num;
+	    	else
+		    {
+		    switch (errno)
+		    	{
+#ifdef EINTR
+		    	case EINTR:
+#endif
+#ifdef EAGAIN
+		    	case EAGAIN:
+#endif
+			    /* No error, try again */
+			    break;
+		    	default:
+			    ret = -1;
+			    goto err;	/* failure */
+			}
+		    }
 		}
-	    if(buf[0] == 0)
-		goto err;
-	    num = read(fd, buf, buf[0]);
-	    if (num < 1)
+	    numbytes = 0;
+	    while (numbytes != 1)
 		{
-		ret=-1;
-		goto err;
+	        num = read(fd, egdbuf, 1);
+	        if (num >= 0)
+		    numbytes += num;
+	    	else
+		    {
+		    switch (errno)
+		    	{
+#ifdef EINTR
+		    	case EINTR:
+#endif
+#ifdef EAGAIN
+		    	case EAGAIN:
+#endif
+			    /* No error, try again */
+			    break;
+		    	default:
+			    ret = -1;
+			    goto err;	/* failure */
+			}
+		    }
 		}
-	    RAND_seed(buf, num);
-	    if (RAND_status() != 1)
-		{
-		ret=-1;
+	    if(egdbuf[0] == 0)
 		goto err;
+	    if (buf)
+		retrievebuf = buf + ret;
+	    else
+		retrievebuf = tempbuf;
+	    numbytes = 0;
+	    while (numbytes != egdbuf[0])
+		{
+	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+	        if (num >= 0)
+		    numbytes += num;
+	    	else
+		    {
+		    switch (errno)
+		    	{
+#ifdef EINTR
+		    	case EINTR:
+#endif
+#ifdef EAGAIN
+		    	case EAGAIN:
+#endif
+			    /* No error, try again */
+			    break;
+		    	default:
+			    ret = -1;
+			    goto err;	/* failure */
+			}
+		    }
 		}
-	    ret += num;
-	    bytes-=num;
+	    ret += egdbuf[0];
+	    bytes -= egdbuf[0];
+	    if (!buf)
+		RAND_seed(tempbuf, egdbuf[0]);
 	    }
  err:
 	if (fd != -1) close(fd);
@@ -175,4 +276,23 @@ int RAND_egd_bytes(const char *path,int bytes)
 	}
 
 
+int RAND_egd_bytes(const char *path, int bytes)
+	{
+	int num, ret = 0;
+
+	num = RAND_query_egd_bytes(path, NULL, bytes);
+	if (num < 1) goto err;
+	if (RAND_status() == 1)
+	    ret = num;
+ err:
+	return(ret);
+	}
+
+
+int RAND_egd(const char *path)
+	{
+	return (RAND_egd_bytes(path, 255));
+	}
+
+
 #endif
diff --git a/crypto/openssl/crypto/rand/rand_err.c b/crypto/openssl/crypto/rand/rand_err.c
index 1af0aa0..b77267e 100644
--- a/crypto/openssl/crypto/rand/rand_err.c
+++ b/crypto/openssl/crypto/rand/rand_err.c
@@ -63,9 +63,10 @@
 #include <openssl/rand.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA RAND_str_functs[]=
 	{
+{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0),	"RAND_get_rand_method"},
 {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
 	};
@@ -85,7 +86,7 @@ void ERR_load_RAND_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
 		ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/rand/rand_lcl.h b/crypto/openssl/crypto/rand/rand_lcl.h
index 120e936..618a8ec 100755
--- a/crypto/openssl/crypto/rand/rand_lcl.h
+++ b/crypto/openssl/crypto/rand/rand_lcl.h
@@ -1,4 +1,4 @@
-/* crypto/rand/md_rand.c */
+/* crypto/rand/rand_lcl.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -112,72 +112,46 @@
 #ifndef HEADER_RAND_LCL_H
 #define HEADER_RAND_LCL_H
 
-#define ENTROPY_NEEDED 20  /* require 160 bits = 20 bytes of randomness */
+#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
 
 
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(NO_SHA) && !defined(NO_SHA1)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 #define USE_SHA1_RAND
-#elif !defined(NO_MD5)
+#elif !defined(OPENSSL_NO_MD5)
 #define USE_MD5_RAND
-#elif !defined(NO_MDC2) && !defined(NO_DES)
+#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
 #define USE_MDC2_RAND
-#elif !defined(NO_MD2)
+#elif !defined(OPENSSL_NO_MD2)
 #define USE_MD2_RAND
 #else
 #error No message digest algorithm available
 #endif
 #endif
 
+#include <openssl/evp.h>
+#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
+#define	MD_Final(a,b)		EVP_DigestFinal_ex(a,b,NULL)
 #if defined(USE_MD5_RAND)
 #include <openssl/md5.h>
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define	MD(a,b,c)		MD5(a,b,c)
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md5(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
 #elif defined(USE_SHA1_RAND)
 #include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define	MD(a,b,c)		SHA1(a,b,c)
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
 #elif defined(USE_MDC2_RAND)
 #include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define	MD(a,b,c)		MDC2(a,b,c)
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
 #elif defined(USE_MD2_RAND)
 #include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define	MD(a,b,c)		MD2(a,b,c)
-#endif
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_CTX			MD5_CTX
-#define MD_Init(a)		MD5_Init(a)
-#define MD_Update(a,b,c)	MD5_Update(a,b,c)
-#define	MD_Final(a,b)		MD5_Final(a,b)
-#define	MD(a,b,c)		MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_CTX			SHA_CTX
-#define MD_Init(a)		SHA1_Init(a)
-#define MD_Update(a,b,c)	SHA1_Update(a,b,c)
-#define	MD_Final(a,b)		SHA1_Final(a,b)
-#define	MD(a,b,c)		SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_CTX			MDC2_CTX
-#define MD_Init(a)		MDC2_Init(a)
-#define MD_Update(a,b,c)	MDC2_Update(a,b,c)
-#define	MD_Final(a,b)		MDC2_Final(a,b)
-#define	MD(a,b,c)		MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_CTX			MD2_CTX
-#define MD_Init(a)		MD2_Init(a)
-#define MD_Update(a,b,c)	MD2_Update(a,b,c)
-#define	MD_Final(a,b)		MD2_Final(a,b)
-#define	MD(a,b,c)		MD2(a,b,c)
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md2(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
 #endif
 
 
diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c
index 7da74aa..5cf5dc1 100644
--- a/crypto/openssl/crypto/rand/rand_lib.c
+++ b/crypto/openssl/crypto/rand/rand_lib.c
@@ -58,60 +58,109 @@
 
 #include <stdio.h>
 #include <time.h>
+#include "cryptlib.h"
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
-#ifdef NO_RAND
-static RAND_METHOD *rand_meth=NULL;
-#else
-extern RAND_METHOD rand_ssleay_meth;
-static RAND_METHOD *rand_meth= &rand_ssleay_meth;
-#endif
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+static const RAND_METHOD *default_RAND_meth = NULL;
 
-void RAND_set_rand_method(RAND_METHOD *meth)
+int RAND_set_rand_method(const RAND_METHOD *meth)
 	{
-	rand_meth=meth;
+	if(funct_ref)
+		{
+		ENGINE_finish(funct_ref);
+		funct_ref = NULL;
+		}
+	default_RAND_meth = meth;
+	return 1;
 	}
 
-RAND_METHOD *RAND_get_rand_method(void)
+const RAND_METHOD *RAND_get_rand_method(void)
 	{
-	return(rand_meth);
+	if (!default_RAND_meth)
+		{
+		ENGINE *e = ENGINE_get_default_RAND();
+		if(e)
+			{
+			default_RAND_meth = ENGINE_get_RAND(e);
+			if(!default_RAND_meth)
+				{
+				ENGINE_finish(e);
+				e = NULL;
+				}
+			}
+		if(e)
+			funct_ref = e;
+		else
+			default_RAND_meth = RAND_SSLeay();
+		}
+	return default_RAND_meth;
+	}
+
+int RAND_set_rand_engine(ENGINE *engine)
+	{
+	const RAND_METHOD *tmp_meth = NULL;
+	if(engine)
+		{
+		if(!ENGINE_init(engine))
+			return 0;
+		tmp_meth = ENGINE_get_RAND(engine);
+		if(!tmp_meth)
+			{
+			ENGINE_finish(engine);
+			return 0;
+			}
+		}
+	/* This function releases any prior ENGINE so call it first */
+	RAND_set_rand_method(tmp_meth);
+	funct_ref = engine;
+	return 1;
 	}
 
 void RAND_cleanup(void)
 	{
-	if (rand_meth != NULL)
-		rand_meth->cleanup();
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->cleanup)
+		meth->cleanup();
+	RAND_set_rand_method(NULL);
 	}
 
 void RAND_seed(const void *buf, int num)
 	{
-	if (rand_meth != NULL)
-		rand_meth->seed(buf,num);
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->seed)
+		meth->seed(buf,num);
 	}
 
 void RAND_add(const void *buf, int num, double entropy)
 	{
-	if (rand_meth != NULL)
-		rand_meth->add(buf,num,entropy);
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->add)
+		meth->add(buf,num,entropy);
 	}
 
 int RAND_bytes(unsigned char *buf, int num)
 	{
-	if (rand_meth != NULL)
-		return rand_meth->bytes(buf,num);
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->bytes)
+		return meth->bytes(buf,num);
 	return(-1);
 	}
 
 int RAND_pseudo_bytes(unsigned char *buf, int num)
 	{
-	if (rand_meth != NULL)
-		return rand_meth->pseudorand(buf,num);
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->pseudorand)
+		return meth->pseudorand(buf,num);
 	return(-1);
 	}
 
 int RAND_status(void)
 	{
-	if (rand_meth != NULL)
-		return rand_meth->status();
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->status)
+		return meth->status();
 	return 0;
 	}
diff --git a/crypto/openssl/crypto/rand/rand_os2.c b/crypto/openssl/crypto/rand/rand_os2.c
new file mode 100644
index 0000000..c3e36d4
--- /dev/null
+++ b/crypto/openssl/crypto/rand/rand_os2.c
@@ -0,0 +1,147 @@
+/* crypto/rand/rand_os2.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#ifdef OPENSSL_SYS_OS2
+
+#define INCL_DOSPROCESS
+#define INCL_DOSPROFILE
+#define INCL_DOSMISC
+#define INCL_DOSMODULEMGR
+#include <os2.h>
+
+#define   CMD_KI_RDCNT    (0x63)
+
+typedef struct _CPUUTIL {
+    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */
+    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */
+    ULONG ulIdleLow;            /* Low 32 bits of idle time       */
+    ULONG ulIdleHigh;           /* High 32 bits of idle time      */
+    ULONG ulBusyLow;            /* Low 32 bits of busy time       */
+    ULONG ulBusyHigh;           /* High 32 bits of busy time      */
+    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */
+    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
+} CPUUTIL;
+
+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+HMODULE hDoscalls = 0;
+
+int RAND_poll(void)
+{
+    char failed_module[20];
+    QWORD qwTime;
+    ULONG SysVars[QSV_FOREGROUND_PROCESS];
+
+    if (hDoscalls == 0) {
+        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+
+        if (rc == 0) {
+            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
+
+            if (rc)
+                DosPerfSysCall = NULL;
+
+            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
+
+            if (rc)
+                DosQuerySysState = NULL;
+        }
+    }
+
+    /* Sample the hi-res timer, runs at around 1.1 MHz */
+    DosTmrQueryTime(&qwTime);
+    RAND_add(&qwTime, sizeof(qwTime), 2);
+
+    /* Sample a bunch of system variables, includes various process & memory statistics */
+    DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
+    RAND_add(SysVars, sizeof(SysVars), 4);
+
+    /* If available, sample CPU registers that count at CPU MHz
+     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
+     */
+    if (DosPerfSysCall) {
+        CPUUTIL util;
+
+        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
+            RAND_add(&util, sizeof(util), 10);
+        }
+        else {
+            DosPerfSysCall = NULL;
+        }
+    }
+
+    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
+    if (DosQuerySysState) {
+        char *buffer = OPENSSL_malloc(256 * 1024);
+
+        if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
+            /* First 4 bytes in buffer is a pointer to the thread count
+             * there should be at least 1 byte of entropy per thread
+             */
+            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
+        }
+
+        OPENSSL_free(buffer);
+        return 1;
+    }
+
+    return 0;
+}
+
+#endif /* OPENSSL_SYS_OS2 */
diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c
new file mode 100644
index 0000000..a776e52
--- /dev/null
+++ b/crypto/openssl/crypto/rand/rand_unix.c
@@ -0,0 +1,245 @@
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define USE_SOCKETS
+#include "e_os.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS))
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/times.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <time.h>
+
+int RAND_poll(void)
+{
+	unsigned long l;
+	pid_t curr_pid = getpid();
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+	unsigned char tmpbuf[ENTROPY_NEEDED];
+	int n = 0;
+#endif
+#ifdef DEVRANDOM
+	static const char *randomfiles[] = { DEVRANDOM, NULL };
+	const char **randomfile = NULL;
+	int fd;
+#endif
+#ifdef DEVRANDOM_EGD
+	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+	const char **egdsocket = NULL;
+#endif
+
+#ifdef DEVRANDOM
+	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+	 * have this. Use /dev/urandom if you can as /dev/random may block
+	 * if it runs out of random entries.  */
+
+	for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++)
+		{
+		if ((fd = open(*randomfile, O_RDONLY|O_NONBLOCK
+#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
+		   our controlling tty */
+			|O_NOCTTY
+#endif
+#ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */
+			|O_NOFOLLOW
+#endif
+			)) >= 0)
+			{
+			struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
+							      each file. */
+			int r;
+			fd_set fset;
+
+			do
+				{
+				FD_ZERO(&fset);
+				FD_SET(fd, &fset);
+				r = -1;
+
+				if (select(fd+1,&fset,NULL,NULL,&t) < 0)
+					t.tv_usec=0;
+				else if (FD_ISSET(fd, &fset))
+					{
+					r=read(fd,(unsigned char *)tmpbuf+n,
+					       ENTROPY_NEEDED-n);
+					if (r > 0)
+						n += r;
+					}
+
+				/* Some Unixen will update t, some
+				   won't.  For those who won't, give
+				   up here, otherwise, we will do
+				   this once again for the remaining
+				   time. */
+				if (t.tv_usec == 10*1000)
+					t.tv_usec=0;
+				}
+			while ((r > 0 || (errno == EINTR || errno == EAGAIN))
+				&& t.tv_usec != 0 && n < ENTROPY_NEEDED);
+
+			close(fd);
+			}
+		}
+#endif
+
+#ifdef DEVRANDOM_EGD
+	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+	 * collecting daemon. */
+
+	for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
+		{
+		int r;
+
+		r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
+					 ENTROPY_NEEDED-n);
+		if (r > 0)
+			n += r;
+		}
+#endif
+
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+	if (n > 0)
+		{
+		RAND_add(tmpbuf,sizeof tmpbuf,n);
+		OPENSSL_cleanse(tmpbuf,n);
+		}
+#endif
+
+	/* put in some default random data, we need more than just this */
+	l=curr_pid;
+	RAND_add(&l,sizeof(l),0);
+	l=getuid();
+	RAND_add(&l,sizeof(l),0);
+
+	l=time(NULL);
+	RAND_add(&l,sizeof(l),0);
+
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+	return 1;
+#else
+	return 0;
+#endif
+}
+
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+{
+    return 0;
+}
+#endif
diff --git a/crypto/openssl/crypto/rand/rand_vms.c b/crypto/openssl/crypto/rand/rand_vms.c
new file mode 100644
index 0000000..29b2d7a
--- /dev/null
+++ b/crypto/openssl/crypto/rand/rand_vms.c
@@ -0,0 +1,135 @@
+/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+
+#include <descrip.h>
+#include <jpidef.h>
+#include <ssdef.h>
+#include <starlet.h>
+#ifdef __DECC
+# pragma message disable DOLLARID
+#endif
+
+static struct items_data_st
+	{
+	short length, code;	/* length is amount of bytes */
+	} items_data[] =
+		{ { 4, JPI$_BUFIO },
+		  { 4, JPI$_CPUTIM },
+		  { 4, JPI$_DIRIO },
+		  { 8, JPI$_LOGINTIM },
+		  { 4, JPI$_PAGEFLTS },
+		  { 4, JPI$_PID },
+		  { 4, JPI$_WSSIZE },
+		  { 0, 0 }
+		};
+		  
+int RAND_poll(void)
+	{
+	long pid, iosb[2];
+	int status = 0;
+	struct
+		{
+		short length, code;
+		long *buffer;
+		int *retlen;
+		} item[32], *pitem;
+	unsigned char data_buffer[256];
+	short total_length = 0;
+	struct items_data_st *pitems_data;
+
+	pitems_data = items_data;
+	pitem = item;
+
+	/* Setup */
+	while (pitems_data->length)
+		{
+		pitem->length = pitems_data->length;
+		pitem->code = pitems_data->code;
+		pitem->buffer = (long *)data_buffer[total_length];
+		pitem->retlen = 0;
+		total_length += pitems_data->length;
+		pitems_data++;
+		pitem++;
+		}
+	pitem->length = pitem->code = 0;
+
+	/*
+	 * Scan through all the processes in the system and add entropy with
+	 * results from the processes that were possible to look at.
+	 * However, view the information as only half trustable.
+	 */
+	pid = -1;			/* search context */
+	while ((status = sys$getjpiw(0, &pid,  0, item, iosb, 0, 0))
+		!= SS$_NOMOREPROC)
+		{
+		if (status == SS$_NORMAL)
+			{
+			RAND_add(data_buffer, total_length, total_length/2);
+			}
+		}
+	sys$gettim(iosb);
+	RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);
+	return 1;
+}
+
+#endif
diff --git a/crypto/openssl/crypto/rand/rand_win.c b/crypto/openssl/crypto/rand/rand_win.c
index 2b4b144..113b586 100644
--- a/crypto/openssl/crypto/rand/rand_win.c
+++ b/crypto/openssl/crypto/rand/rand_win.c
@@ -113,7 +113,7 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#if defined(WINDOWS) || defined(WIN32)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 #include <windows.h>
 #ifndef _WIN32_WINNT
 # define _WIN32_WINNT 0x0400
@@ -125,7 +125,7 @@
  * http://developer.intel.com/design/security/rng/redist_license.htm
  */
 #define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
+#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider")
 
 static void readtimer(void);
 static void readscreen(void);
@@ -170,7 +170,9 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
 typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 
 #include <lmcons.h>
+#ifndef OPENSSL_SYS_WINCE
 #include <lmstats.h>
+#endif
 #if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
        * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
        * was added to the Platform SDK to allow the NET API to be used in
@@ -209,20 +211,32 @@ int RAND_poll(void)
         osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
         GetVersionEx( &osverinfo ) ;
 
+#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO
+	/* poll the CryptoAPI PRNG */
+	/* The CryptoAPI returns sizeof(buf) bytes of randomness */
+	if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+		{
+		if (CryptGenRandom(hProvider, sizeof(buf), buf))
+			RAND_add(buf, sizeof(buf), sizeof(buf));
+		CryptReleaseContext(hProvider, 0); 
+		}
+#endif
+
 	/* load functions dynamically - not available on all systems */
-	advapi = LoadLibrary("ADVAPI32.DLL");
-	kernel = LoadLibrary("KERNEL32.DLL");
-	user = LoadLibrary("USER32.DLL");
-	netapi = LoadLibrary("NETAPI32.DLL");
+	advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+	kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+	user = LoadLibrary(TEXT("USER32.DLL"));
+	netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
 
+#ifndef OPENSSL_SYS_WINCE
 #if 1 /* There was previously a problem with NETSTATGET.  Currently, this
        * section is still experimental, but if all goes well, this conditional
        * will be removed
        */
 	if (netapi)
 		{
-		netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
-		netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+		netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet"));
+		netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree"));
 		}
 
 	if (netstatget && netfree)
@@ -249,11 +263,17 @@ int RAND_poll(void)
 	if (netapi)
 		FreeLibrary(netapi);
 #endif /* 1 */
+#endif /* !OPENSSL_SYS_WINCE */
  
+#ifndef OPENSSL_SYS_WINCE
         /* It appears like this can cause an exception deep within ADVAPI32.DLL
          * at random times on Windows 2000.  Reported by Jeffrey Altman.  
          * Only use it on NT.
 	 */
+	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+	 * So we don't use this at all for now. */
+#if 0
         if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
 		osverinfo.dwMajorVersion < 5)
 		{
@@ -276,29 +296,40 @@ int RAND_poll(void)
 			bufsz += 8192;
 
 			length = bufsz;
-			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
 				NULL, NULL, buf, &length);
 			}
 		if (rc == ERROR_SUCCESS)
 			{
                         /* For entropy count assume only least significant
 			 * byte of each DWORD is random.
-                         */
+			 */
 			RAND_add(&length, sizeof(length), 0);
 			RAND_add(buf, length, length / 4.0);
+
+			/* Close the Registry Key to allow Windows to cleanup/close
+			 * the open handle
+			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+			 *       when the RegQueryValueEx above is done.  However, if
+			 *       it is not explicitly closed, it can cause disk
+			 *       partition manipulation problems.
+			 */
+			RegCloseKey(HKEY_PERFORMANCE_DATA);
 			}
 		if (buf)
 			free(buf);
 		}
+#endif
+#endif /* !OPENSSL_SYS_WINCE */
 
 	if (advapi)
 		{
 		acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
-			"CryptAcquireContextA");
+			TEXT("CryptAcquireContextA"));
 		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
-			"CryptGenRandom");
+			TEXT("CryptGenRandom"));
 		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-			"CryptReleaseContext");
+			TEXT("CryptReleaseContext"));
 		}
 
 	if (acquire && gen && release)
@@ -310,7 +341,7 @@ int RAND_poll(void)
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
-				RAND_add(buf, sizeof(buf), sizeof(buf));
+				RAND_add(buf, sizeof(buf), 0);
 #if 0
 				printf("randomness from PROV_RSA_FULL\n");
 #endif
@@ -352,9 +383,9 @@ int RAND_poll(void)
 		GETFOREGROUNDWINDOW win;
 		GETQUEUESTATUS queue;
 
-		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
-		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow"));
+		cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo"));
+		queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus"));
 
 		if (win)
 			{
@@ -425,17 +456,17 @@ int RAND_poll(void)
 		MODULEENTRY32 m;
 
 		snap = (CREATETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
-		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
-		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
-		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+			GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
+		heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
+		heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
+		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
+		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext"));
+		process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First"));
+		process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next"));
+		thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First"));
+		thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next"));
+		module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First"));
+		module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next"));
 
 		if (snap && heap_first && heap_next && heaplist_first &&
 			heaplist_next && process_first && process_next &&
@@ -461,7 +492,7 @@ int RAND_poll(void)
 						hlist.th32ProcessID,
 						hlist.th32HeapID))
 						{
-						int entrycnt = 50;
+						int entrycnt = 80;
 						do
 							RAND_add(&hentry,
 								hentry.dwSize, 5);
@@ -570,7 +601,7 @@ static void readtimer(void)
 	DWORD w;
 	LARGE_INTEGER l;
 	static int have_perfc = 1;
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
 	static int have_tsc = 1;
 	DWORD cyclecount;
 
@@ -623,6 +654,7 @@ static void readtimer(void)
 
 static void readscreen(void)
 {
+#ifndef OPENSSL_SYS_WINCE
   HDC		hScrDC;		/* screen DC */
   HDC		hMemDC;		/* memory DC */
   HBITMAP	hBitmap;	/* handle for our bitmap */
@@ -636,7 +668,7 @@ static void readscreen(void)
   int		n = 16;		/* number of screen lines to grab at a time */
 
   /* Create a screen DC and a memory DC compatible to screen DC */
-  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
   hMemDC = CreateCompatibleDC(hScrDC);
 
   /* Get screen resolution */
@@ -683,52 +715,7 @@ static void readscreen(void)
   DeleteObject(hBitmap);
   DeleteDC(hMemDC);
   DeleteDC(hScrDC);
-}
-
-#else /* Unix version */
-
-#include <time.h>
-
-int RAND_poll(void)
-{
-	unsigned long l;
-	pid_t curr_pid = getpid();
-#ifdef DEVRANDOM
-	FILE *fh;
-#endif
-
-#ifdef DEVRANDOM
-	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
-	 * have this. Use /dev/urandom if you can as /dev/random may block
-	 * if it runs out of random entries.  */
-
-	if ((fh = fopen(DEVRANDOM, "r")) != NULL)
-		{
-		unsigned char tmpbuf[ENTROPY_NEEDED];
-		int n;
-		
-		setvbuf(fh, NULL, _IONBF, 0);
-		n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
-		fclose(fh);
-		RAND_add(tmpbuf,sizeof tmpbuf,n);
-		memset(tmpbuf,0,n);
-		}
-#endif
-
-	/* put in some default random data, we need more than just this */
-	l=curr_pid;
-	RAND_add(&l,sizeof(l),0);
-	l=getuid();
-	RAND_add(&l,sizeof(l),0);
-
-	l=time(NULL);
-	RAND_add(&l,sizeof(l),0);
-
-#ifdef DEVRANDOM
-	return 1;
-#else
-	return 0;
-#endif
+#endif /* !OPENSSL_SYS_WINCE */
 }
 
 #endif
diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c
index c2ae28c..4157476 100644
--- a/crypto/openssl/crypto/rand/randfile.c
+++ b/crypto/openssl/crypto/rand/randfile.c
@@ -61,7 +61,11 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef VMS
+#include "e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+
+#ifdef OPENSSL_SYS_VMS
 #include <unixio.h>
 #endif
 #ifndef NO_SYS_TYPES_H
@@ -73,10 +77,6 @@
 # include <sys/stat.h>
 #endif
 
-#include "openssl/e_os.h"
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-
 #undef BUFSIZE
 #define BUFSIZE	1024
 #define RAND_DATA 1024
@@ -124,7 +124,7 @@ int RAND_load_file(const char *file, long bytes)
 			}
 		}
 	fclose(in);
-	memset(buf,0,BUFSIZE);
+	OPENSSL_cleanse(buf,BUFSIZE);
 err:
 	return(ret);
 	}
@@ -136,7 +136,7 @@ int RAND_write_file(const char *file)
 	FILE *out = NULL;
 	int n;
 	
-#if defined(O_CREAT) && !defined(WIN32)
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
 	/* For some reason Win32 can't write to files created this way */
 	
 	/* chmod(..., 0600) is too late to protect the file,
@@ -168,7 +168,7 @@ int RAND_write_file(const char *file)
 		ret+=i;
 		if (n <= 0) break;
                 }
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	/* Try to delete older versions of the file, until there aren't
 	   any */
 	{
@@ -186,10 +186,10 @@ int RAND_write_file(const char *file)
 				      some point... */
 		}
 	}
-#endif /* VMS */
+#endif /* OPENSSL_SYS_VMS */
 
 	fclose(out);
-	memset(buf,0,BUFSIZE);
+	OPENSSL_cleanse(buf,BUFSIZE);
 err:
 	return (rand_err ? -1 : ret);
 	}
@@ -203,8 +203,9 @@ const char *RAND_file_name(char *buf, size_t size)
 		s=getenv("RANDFILE");
 	if (s != NULL)
 		{
-		strncpy(buf,s,size-1);
-		buf[size-1]='\0';
+		if(strlen(s) >= size)
+			return NULL;
+		strcpy(buf,s);
 		ret=buf;
 		}
 	else
@@ -220,7 +221,7 @@ const char *RAND_file_name(char *buf, size_t size)
 		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
 			{
 			strcpy(buf,s);
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
 			strcat(buf,"/");
 #endif
 			strcat(buf,RFILE);
diff --git a/crypto/openssl/crypto/rand/randtest.c b/crypto/openssl/crypto/rand/randtest.c
index da96e3f..701932e 100644
--- a/crypto/openssl/crypto/rand/randtest.c
+++ b/crypto/openssl/crypto/rand/randtest.c
@@ -60,6 +60,8 @@
 #include <stdlib.h>
 #include <openssl/rand.h>
 
+#include "../e_os.h"
+
 /* some FIPS 140-1 random number test */
 /* some simple tests */
 
@@ -73,7 +75,13 @@ int main()
 	/*double d; */
 	long d;
 
-	RAND_pseudo_bytes(buf,2500);
+	i = RAND_pseudo_bytes(buf,2500);
+	if (i < 0)
+		{
+		printf ("init failed, the rand method is not properly installed\n");
+		err++;
+		goto err;
+		}
 
 	n1=0;
 	for (i=0; i<16; i++) n2[i]=0;
@@ -201,7 +209,8 @@ int main()
 		err++;
 		}
 	printf("test 4 done\n");
+ err:
 	err=((err)?1:0);
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
diff --git a/crypto/openssl/crypto/rc2/Makefile.ssl b/crypto/openssl/crypto/rc2/Makefile.ssl
index 6966e01..aa73dea 100644
--- a/crypto/openssl/crypto/rc2/Makefile.ssl
+++ b/crypto/openssl/crypto/rc2/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -80,12 +80,12 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
-rc2_cbc.o: rc2_locl.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rc2_ecb.o: ../../include/openssl/rc2.h rc2_locl.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
 rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
-rc2_skey.o: rc2_locl.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
-rc2cfb64.o: rc2_locl.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
 rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
-rc2ofb64.o: rc2_locl.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/crypto/openssl/crypto/rc2/rc2.h b/crypto/openssl/crypto/rc2/rc2.h
index 076c0a0..7816b45 100644
--- a/crypto/openssl/crypto/rc2/rc2.h
+++ b/crypto/openssl/crypto/rc2/rc2.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_RC2_H
 #define HEADER_RC2_H
 
-#ifdef NO_RC2
+#ifdef OPENSSL_NO_RC2
 #error RC2 is disabled.
 #endif
 
diff --git a/crypto/openssl/crypto/rc2/rc2speed.c b/crypto/openssl/crypto/rc2/rc2speed.c
index 9f7f5cc..47d34b4 100644
--- a/crypto/openssl/crypto/rc2/rc2speed.c
+++ b/crypto/openssl/crypto/rc2/rc2speed.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -268,7 +268,7 @@ int main(int argc, char **argv)
 	printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/rc2/rc2test.c b/crypto/openssl/crypto/rc2/rc2test.c
index 521269d..b67bafb 100644
--- a/crypto/openssl/crypto/rc2/rc2test.c
+++ b/crypto/openssl/crypto/rc2/rc2test.c
@@ -63,7 +63,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_RC2
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC2
 int main(int argc, char *argv[])
 {
     printf("No RC2 support\n");
@@ -203,7 +205,7 @@ int main(int argc, char *argv[])
 		printf("ok\n");
 #endif
 
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
 
diff --git a/crypto/openssl/crypto/rc4/Makefile.ssl b/crypto/openssl/crypto/rc4/Makefile.ssl
index 8ffff0a..a1eb79f 100644
--- a/crypto/openssl/crypto/rc4/Makefile.ssl
+++ b/crypto/openssl/crypto/rc4/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -47,8 +48,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -97,7 +97,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -109,7 +109,7 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
-rc4_enc.o: rc4_locl.h
+rc4_enc.o: rc4_enc.c rc4_locl.h
 rc4_skey.o: ../../include/openssl/opensslconf.h
 rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
-rc4_skey.o: rc4_locl.h
+rc4_skey.o: rc4_locl.h rc4_skey.c
diff --git a/crypto/openssl/crypto/rc4/rc4.c b/crypto/openssl/crypto/rc4/rc4.c
index 709b7af..b39c070 100644
--- a/crypto/openssl/crypto/rc4/rc4.c
+++ b/crypto/openssl/crypto/rc4/rc4.c
@@ -113,7 +113,7 @@ int main(int argc, char *argv[])
 		{
 bad:
 		for (pp=usage; (*pp != NULL); pp++)
-			fprintf(stderr,*pp);
+			fprintf(stderr,"%s",*pp);
 		exit(1);
 		}
 
@@ -141,7 +141,7 @@ bad:
 			}
 		}
 		
-#ifdef MSDOS
+#ifdef OPENSSL_SYS_MSDOS
 	/* This should set the file to binary mode. */
 	{
 #include <fcntl.h>
@@ -155,15 +155,15 @@ bad:
 		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
 		if (i != 0)
 			{
-			memset(buf,0,BUFSIZ);
+			OPENSSL_cleanse(buf,BUFSIZ);
 			fprintf(stderr,"bad password read\n");
 			exit(1);
 			}
 		keystr=buf;
 		}
 
-	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
-	memset(keystr,0,strlen(keystr));
+	EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
+	OPENSSL_cleanse(keystr,strlen(keystr));
 	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
 	
 	for(;;)
diff --git a/crypto/openssl/crypto/rc4/rc4.h b/crypto/openssl/crypto/rc4/rc4.h
index 4025102..8722091 100644
--- a/crypto/openssl/crypto/rc4/rc4.h
+++ b/crypto/openssl/crypto/rc4/rc4.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_RC4_H
 #define HEADER_RC4_H
 
-#ifdef NO_RC4
+#ifdef OPENSSL_NO_RC4
 #error RC4 is disabled.
 #endif
 
diff --git a/crypto/openssl/crypto/rc4/rc4speed.c b/crypto/openssl/crypto/rc4/rc4speed.c
index b448f4a..ced98c5 100644
--- a/crypto/openssl/crypto/rc4/rc4speed.c
+++ b/crypto/openssl/crypto/rc4/rc4speed.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -243,7 +243,7 @@ int main(int argc, char **argv)
 	printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
 	printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/rc4/rc4test.c b/crypto/openssl/crypto/rc4/rc4test.c
index 3914eb6..b9d8f20 100644
--- a/crypto/openssl/crypto/rc4/rc4test.c
+++ b/crypto/openssl/crypto/rc4/rc4test.c
@@ -60,7 +60,9 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef NO_RC4
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC4
 int main(int argc, char *argv[])
 {
     printf("No RC4 support\n");
@@ -195,7 +197,7 @@ int main(int argc, char *argv[])
 			}
 		}
 	printf("done\n");
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 #endif
diff --git a/crypto/openssl/crypto/rc5/Makefile.ssl b/crypto/openssl/crypto/rc5/Makefile.ssl
index cf5d176..bb4704d 100644
--- a/crypto/openssl/crypto/rc5/Makefile.ssl
+++ b/crypto/openssl/crypto/rc5/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -44,8 +45,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -94,7 +94,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -106,8 +106,8 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
-rc5_ecb.o: rc5_locl.h
-rc5_enc.o: ../../include/openssl/rc5.h rc5_locl.h
-rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h
-rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h
-rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5_ecb.o: rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c
diff --git a/crypto/openssl/crypto/rc5/rc5.h b/crypto/openssl/crypto/rc5/rc5.h
index fc4cea5..4adfd2d 100644
--- a/crypto/openssl/crypto/rc5/rc5.h
+++ b/crypto/openssl/crypto/rc5/rc5.h
@@ -63,7 +63,7 @@
 extern "C" {
 #endif
 
-#ifdef NO_RC5
+#ifdef OPENSSL_NO_RC5
 #error RC5 is disabled.
 #endif
 
diff --git a/crypto/openssl/crypto/rc5/rc5_ecb.c b/crypto/openssl/crypto/rc5/rc5_ecb.c
index 1841892..e72b535 100644
--- a/crypto/openssl/crypto/rc5/rc5_ecb.c
+++ b/crypto/openssl/crypto/rc5/rc5_ecb.c
@@ -60,7 +60,7 @@
 #include "rc5_locl.h"
 #include <openssl/opensslv.h>
 
-char *RC5_version="RC5" OPENSSL_VERSION_PTEXT;
+const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;
 
 void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
 			RC5_32_KEY *ks, int encrypt)
diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/openssl/crypto/rc5/rc5_locl.h
index ec33829..d2dccce 100644
--- a/crypto/openssl/crypto/rc5/rc5_locl.h
+++ b/crypto/openssl/crypto/rc5/rc5_locl.h
@@ -146,11 +146,31 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
-#if defined(WIN32) && defined(_MSC_VER)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define ROTATE_l32(a,n)     _lrotl(a,n)
 #define ROTATE_r32(a,n)     _lrotr(a,n)
-#else
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE_l32(a,n)	({ register unsigned int ret;	\
+					asm ("roll %%cl,%0"	\
+						: "=r"(ret)	\
+						: "c"(n),"0"(a)	\
+						: "cc");	\
+					ret;			\
+				})
+#  define ROTATE_r32(a,n)	({ register unsigned int ret;	\
+					asm ("rorl %%cl,%0"	\
+						: "=r"(ret)	\
+						: "c"(n),"0"(a)	\
+						: "cc");	\
+					ret;			\
+				})
+# endif
+#endif
+#ifndef ROTATE_l32
 #define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))
+#endif
+#ifndef ROTATE_r32
 #define ROTATE_r32(a,n)     (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))
 #endif
 
diff --git a/crypto/openssl/crypto/rc5/rc5speed.c b/crypto/openssl/crypto/rc5/rc5speed.c
index 05f5e0f..7d490d5 100644
--- a/crypto/openssl/crypto/rc5/rc5speed.c
+++ b/crypto/openssl/crypto/rc5/rc5speed.c
@@ -59,7 +59,7 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
@@ -82,7 +82,7 @@ OPENSSL_DECLARE_EXIT
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -268,7 +268,7 @@ int main(int argc, char **argv)
 	printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/openssl/crypto/rc5/rc5test.c b/crypto/openssl/crypto/rc5/rc5test.c
index 634ceac..ce3d0cc 100644
--- a/crypto/openssl/crypto/rc5/rc5test.c
+++ b/crypto/openssl/crypto/rc5/rc5test.c
@@ -63,7 +63,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_RC5
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC5
 int main(int argc, char *argv[])
 {
     printf("No RC5 support\n");
@@ -318,7 +320,7 @@ int main(int argc, char *argv[])
 		}
 	if (err == 0) printf("cbc RC5 ok\n");
 
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
 
diff --git a/crypto/openssl/crypto/ripemd/Makefile.ssl b/crypto/openssl/crypto/ripemd/Makefile.ssl
index 0b1cd73..6f1a9c5 100644
--- a/crypto/openssl/crypto/ripemd/Makefile.ssl
+++ b/crypto/openssl/crypto/ripemd/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -42,8 +43,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -92,7 +92,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -103,7 +103,11 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rmd_dgst.o: ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
-rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
-rmd_one.o: ../../include/openssl/ripemd.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rmd_one.o: rmd_one.c
diff --git a/crypto/openssl/crypto/ripemd/ripemd.h b/crypto/openssl/crypto/ripemd/ripemd.h
index dd1627c..78d5f36 100644
--- a/crypto/openssl/crypto/ripemd/ripemd.h
+++ b/crypto/openssl/crypto/ripemd/ripemd.h
@@ -59,17 +59,19 @@
 #ifndef HEADER_RIPEMD_H
 #define HEADER_RIPEMD_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef NO_RIPEMD
+#ifdef OPENSSL_NO_RIPEMD
 #error RIPEMD is disabled.
 #endif
 
-#if defined(WIN16) || defined(__LP32__)
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
 #define RIPEMD160_LONG unsigned long
-#elif defined(_CRAY) || defined(__ILP64__)
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define RIPEMD160_LONG unsigned long
 #define RIPEMD160_LONG_LOG2 3
 #else
@@ -88,9 +90,9 @@ typedef struct RIPEMD160state_st
 	int num;
 	} RIPEMD160_CTX;
 
-void RIPEMD160_Init(RIPEMD160_CTX *c);
-void RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
-void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
 	unsigned char *md);
 void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
diff --git a/crypto/openssl/crypto/ripemd/rmd_dgst.c b/crypto/openssl/crypto/ripemd/rmd_dgst.c
index bdfae27..f351f00 100644
--- a/crypto/openssl/crypto/ripemd/rmd_dgst.c
+++ b/crypto/openssl/crypto/ripemd/rmd_dgst.c
@@ -69,7 +69,7 @@ const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
      void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
 #  endif
 
-void RIPEMD160_Init(RIPEMD160_CTX *c)
+int RIPEMD160_Init(RIPEMD160_CTX *c)
 	{
 	c->A=RIPEMD160_A;
 	c->B=RIPEMD160_B;
@@ -79,6 +79,7 @@ void RIPEMD160_Init(RIPEMD160_CTX *c)
 	c->Nl=0;
 	c->Nh=0;
 	c->num=0;
+	return 1;
 	}
 
 #ifndef ripemd160_block_host_order
@@ -89,8 +90,8 @@ void RIPEMD160_Init(RIPEMD160_CTX *c)
 void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num)
 	{
 	const RIPEMD160_LONG *XX=p;
-	register unsigned long A,B,C,D,E;
-	register unsigned long a,b,c,d,e;
+	register unsigned MD32_REG_T A,B,C,D,E;
+	register unsigned MD32_REG_T a,b,c,d,e;
 
 	for (;num--;XX+=HASH_LBLOCK)
 		{
@@ -289,12 +290,12 @@ void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num)
 void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num)
 	{
 	const unsigned char *data=p;
-	register unsigned long A,B,C,D,E;
-	unsigned long a,b,c,d,e,l;
+	register unsigned MD32_REG_T A,B,C,D,E;
+	unsigned MD32_REG_T a,b,c,d,e,l;
 #ifndef MD32_XARRAY
 	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
 # define X(i)	XX##i
 #else
 	RIPEMD160_LONG	XX[16];
diff --git a/crypto/openssl/crypto/ripemd/rmd_one.c b/crypto/openssl/crypto/ripemd/rmd_one.c
index efdf2dd..f8b580c 100644
--- a/crypto/openssl/crypto/ripemd/rmd_one.c
+++ b/crypto/openssl/crypto/ripemd/rmd_one.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/ripemd.h>
+#include <openssl/crypto.h>
 
 unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
 	     unsigned char *md)
@@ -70,7 +71,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
 	RIPEMD160_Init(&c);
 	RIPEMD160_Update(&c,d,n);
 	RIPEMD160_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/openssl/crypto/ripemd/rmdtest.c b/crypto/openssl/crypto/ripemd/rmdtest.c
index 5d79c99..d4c709e 100644
--- a/crypto/openssl/crypto/ripemd/rmdtest.c
+++ b/crypto/openssl/crypto/ripemd/rmdtest.c
@@ -60,7 +60,9 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_RIPEMD
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RIPEMD
 int main(int argc, char *argv[])
 {
     printf("No ripemd support\n");
@@ -68,6 +70,7 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/ripemd.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -102,6 +105,7 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[RIPEMD160_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
@@ -111,7 +115,8 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
 #endif
-		p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating RIPEMD160 on '%s'\n",*P);
@@ -124,7 +129,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
diff --git a/crypto/openssl/crypto/rsa/Makefile.ssl b/crypto/openssl/crypto/rsa/Makefile.ssl
index 1be9a1c..605d488 100644
--- a/crypto/openssl/crypto/rsa/Makefile.ssl
+++ b/crypto/openssl/crypto/rsa/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	rsa
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -23,9 +24,11 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
-	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c
+	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+	rsa_asn1.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
-	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o
+	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+	rsa_asn1.o
 
 SRC= $(LIBSRC)
 
@@ -41,8 +44,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -70,7 +72,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -81,120 +83,161 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rsa_chk.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_chk.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_chk.o: ../../include/openssl/symhacks.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
-rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_eay.o: ../../include/openssl/ui.h ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_err.o: ../../include/openssl/symhacks.h
+rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_err.o: rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_gen.o: ../cryptlib.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_lib.o: ../cryptlib.h
+rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_none.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_none.o: ../../include/openssl/opensslconf.h
-rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_none.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_none.o: ../cryptlib.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_null.o: ../../include/openssl/opensslconf.h
-rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-rsa_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_null.o: ../cryptlib.h
-rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 rsa_oaep.o: ../../include/openssl/opensslconf.h
-rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_oaep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_oaep.o: ../../include/openssl/symhacks.h ../cryptlib.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_pk1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
 rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 rsa_saos.o: ../../include/openssl/opensslconf.h
-rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_saos.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-rsa_saos.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h
 rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_sign.o: ../../include/openssl/opensslconf.h
-rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_ssl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h
index 8f39111..b2e25e4 100644
--- a/crypto/openssl/crypto/rsa/rsa.h
+++ b/crypto/openssl/crypto/rsa/rsa.h
@@ -59,13 +59,16 @@
 #ifndef HEADER_RSA_H
 #define HEADER_RSA_H
 
-#ifndef NO_BIO
+#include <openssl/asn1.h>
+
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
 
-#ifdef NO_RSA
+#ifdef OPENSSL_NO_RSA
 #error RSA is disabled.
 #endif
 
@@ -78,16 +81,20 @@ typedef struct rsa_st RSA;
 typedef struct rsa_meth_st
 	{
 	const char *name;
-	int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_pub_enc)(int flen,const unsigned char *from,
+			   unsigned char *to,
 			   RSA *rsa,int padding);
-	int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_pub_dec)(int flen,const unsigned char *from,
+			   unsigned char *to,
 			   RSA *rsa,int padding);
-	int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_priv_enc)(int flen,const unsigned char *from,
+			    unsigned char *to,
 			    RSA *rsa,int padding);
-	int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_priv_dec)(int flen,const unsigned char *from,
+			    unsigned char *to,
 			    RSA *rsa,int padding);
-	int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */
-	int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
+	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			  const BIGNUM *m, BN_CTX *ctx,
 			  BN_MONT_CTX *m_ctx); /* Can be null */
 	int (*init)(RSA *rsa);		/* called at new */
@@ -101,15 +108,12 @@ typedef struct rsa_meth_st
  * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
  * option is set in 'flags'.
  */
-
-/* changed m_len to m_length to avoid a conflict with a #define in
-   vxworks for m_len for the mbuf code.  This only shows up in apps
-   that have USE_SOCKETS defined */
-
-	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_length,
-             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_length,
-             unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+	int (*rsa_sign)(int type,
+		const unsigned char *m, unsigned int m_length,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+	int (*rsa_verify)(int dtype,
+		const unsigned char *m, unsigned int m_length,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
 
 	} RSA_METHOD;
 
@@ -118,8 +122,10 @@ struct rsa_st
 	/* The first parameter is used to pickup errors where
 	 * this is passed instead of aEVP_PKEY, it is set to 0 */
 	int pad;
-	int version;
-	RSA_METHOD *meth;
+	long version;
+	const RSA_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
+	ENGINE *engine;
 	BIGNUM *n;
 	BIGNUM *e;
 	BIGNUM *d;
@@ -169,110 +175,111 @@ struct rsa_st
 #define RSA_NO_PADDING		3
 #define RSA_PKCS1_OAEP_PADDING	4
 
+#define RSA_PKCS1_PADDING_SIZE	11
+
 #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 RSA *	RSA_new(void);
-RSA *	RSA_new_method(RSA_METHOD *method);
-int	RSA_size(RSA *);
+RSA *	RSA_new_method(ENGINE *engine);
+int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
-int	RSA_check_key(RSA *);
+int	RSA_check_key(const RSA *);
 	/* next 4 return -1 on error */
-int	RSA_public_encrypt(int flen, unsigned char *from,
+int	RSA_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_encrypt(int flen, unsigned char *from,
+int	RSA_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_public_decrypt(int flen, unsigned char *from, 
+int	RSA_public_decrypt(int flen, const unsigned char *from, 
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_decrypt(int flen, unsigned char *from, 
+int	RSA_private_decrypt(int flen, const unsigned char *from, 
 		unsigned char *to, RSA *rsa,int padding);
 void	RSA_free (RSA *r);
+/* "up" the RSA object's reference count */
+int	RSA_up_ref(RSA *r);
 
-int	RSA_flags(RSA *r);
+int	RSA_flags(const RSA *r);
 
-void RSA_set_default_method(RSA_METHOD *meth);
-RSA_METHOD *RSA_get_default_method(void);
-RSA_METHOD *RSA_get_method(RSA *rsa);
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
 /* This function needs the memory locking malloc callbacks to be installed */
 int RSA_memory_lock(RSA *r);
 
-/* If you have RSAref compiled in. */
-RSA_METHOD *RSA_PKCS1_RSAref(void);
-
 /* these are the actual SSLeay RSA functions */
-RSA_METHOD *RSA_PKCS1_SSLeay(void);
+const RSA_METHOD *RSA_PKCS1_SSLeay(void);
+
+const RSA_METHOD *RSA_null_method(void);
 
-RSA_METHOD *RSA_null_method(void);
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
 
-RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
-int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
-RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
-int 	i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
-#ifndef NO_FP_API
-int	RSA_print_fp(FILE *fp, RSA *r,int offset);
+#ifndef OPENSSL_NO_FP_API
+int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
 #endif
 
-#ifndef NO_BIO
-int	RSA_print(BIO *bp, RSA *r,int offset);
+#ifndef OPENSSL_NO_BIO
+int	RSA_print(BIO *bp, const RSA *r,int offset);
 #endif
 
-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
 
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-/* Naughty internal function required elsewhere, to handle a MS structure
- * that is the same as the netscape one :-) */
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 
 /* The following 2 functions sign and verify a X509_SIG ASN1 object
  * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, unsigned char *m, unsigned int m_length,
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, unsigned char *m, unsigned int m_length,
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
  * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_length,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
+int RSA_verify_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_length,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
 void RSA_blinding_off(RSA *rsa);
 
 int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
-			       unsigned char *f,int fl,unsigned char *p,
-			       int pl);
+	const unsigned char *f,int fl,
+	const unsigned char *p,int pl);
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
-				 unsigned char *f,int fl,int rsa_len,
-				 unsigned char *p,int pl);
+	const unsigned char *f,int fl,int rsa_len,
+	const unsigned char *p,int pl);
 int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int RSA_set_ex_data(RSA *r,int idx,void *arg);
-void *RSA_get_ex_data(RSA *r, int idx);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/crypto/openssl/crypto/rsa/rsa_asn1.c b/crypto/openssl/crypto/rsa/rsa_asn1.c
new file mode 100644
index 0000000..1455a7e
--- /dev/null
+++ b/crypto/openssl/crypto/rsa/rsa_asn1.c
@@ -0,0 +1,121 @@
+/* rsa_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/asn1t.h>
+
+static ASN1_METHOD method={
+        (int (*)())  i2d_RSAPrivateKey,
+        (char *(*)())d2i_RSAPrivateKey,
+        (char *(*)())RSA_new,
+        (void (*)()) RSA_free};
+
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
+	{
+	return(&method);
+	}
+
+/* Override the default free and new methods */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_PRE) {
+		*pval = (ASN1_VALUE *)RSA_new();
+		if(*pval) return 2;
+		return 0;
+	} else if(operation == ASN1_OP_FREE_PRE) {
+		RSA_free((RSA *)*pval);
+		*pval = NULL;
+		return 2;
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+	ASN1_SIMPLE(RSA, version, LONG),
+	ASN1_SIMPLE(RSA, n, BIGNUM),
+	ASN1_SIMPLE(RSA, e, BIGNUM),
+	ASN1_SIMPLE(RSA, d, BIGNUM),
+	ASN1_SIMPLE(RSA, p, BIGNUM),
+	ASN1_SIMPLE(RSA, q, BIGNUM),
+	ASN1_SIMPLE(RSA, dmp1, BIGNUM),
+	ASN1_SIMPLE(RSA, dmq1, BIGNUM),
+	ASN1_SIMPLE(RSA, iqmp, BIGNUM)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+	ASN1_SIMPLE(RSA, n, BIGNUM),
+	ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+	{
+	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+	}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+	{
+	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+	}
diff --git a/crypto/openssl/crypto/rsa/rsa_chk.c b/crypto/openssl/crypto/rsa/rsa_chk.c
index 91b9115..002f2cb 100644
--- a/crypto/openssl/crypto/rsa/rsa_chk.c
+++ b/crypto/openssl/crypto/rsa/rsa_chk.c
@@ -53,7 +53,7 @@
 #include <openssl/rsa.h>
 
 
-int RSA_check_key(RSA *key)
+int RSA_check_key(const RSA *key)
 	{
 	BIGNUM *i, *j, *k, *l, *m;
 	BN_CTX *ctx;
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 0112b5c..ce93c40 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -61,18 +61,19 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
 #ifndef RSA_NULL
 
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
 static RSA_METHOD rsa_pkcs1_eay_meth={
@@ -82,19 +83,21 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
 	RSA_eay_private_encrypt, /* signing */
 	RSA_eay_private_decrypt,
 	RSA_eay_mod_exp,
-	BN_mod_exp_mont,
+	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
 	RSA_eay_init,
 	RSA_eay_finish,
-	0,
+	0, /* flags */
 	NULL,
+	0, /* rsa_sign */
+	0  /* rsa_verify */
 	};
 
-RSA_METHOD *RSA_PKCS1_SSLeay(void)
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	{
 	return(&rsa_pkcs1_eay_meth);
 	}
 
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
@@ -117,7 +120,7 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
 	case RSA_PKCS1_PADDING:
 		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
 		break;
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	case RSA_PKCS1_OAEP_PADDING:
 	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
 		break;
@@ -184,14 +187,14 @@ err:
 	BN_clear_free(&ret);
 	if (buf != NULL) 
 		{
-		memset(buf,0,num);
+		OPENSSL_cleanse(buf,num);
 		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
 /* signing */
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
@@ -268,13 +271,13 @@ err:
 	BN_clear_free(&f);
 	if (buf != NULL)
 		{
-		memset(buf,0,num);
+		OPENSSL_cleanse(buf,num);
 		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
@@ -343,7 +346,7 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 	case RSA_PKCS1_PADDING:
 		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
 		break;
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
         case RSA_PKCS1_OAEP_PADDING:
 	        r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
                 break;
@@ -367,14 +370,14 @@ err:
 	BN_clear_free(&ret);
 	if (buf != NULL)
 		{
-		memset(buf,0,num);
+		OPENSSL_cleanse(buf,num);
 		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
 /* signature verification */
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
@@ -464,13 +467,13 @@ err:
 	BN_clear_free(&ret);
 	if (buf != NULL)
 		{
-		memset(buf,0,num);
+		OPENSSL_cleanse(buf,num);
 		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
 	BIGNUM r1,m1,vrfy;
 	int ret=0;
@@ -563,10 +566,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	if (rsa->e && rsa->n)
 		{
 		if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
-		if (BN_cmp(I, &vrfy) != 0)
-			{
+		/* If 'I' was greater than (or equal to) rsa->n, the operation
+		 * will be equivalent to using 'I mod n'. However, the result of
+		 * the verify will *always* be less than 'n' so we don't check
+		 * for absolute equality, just congruency. */
+		if (!BN_sub(&vrfy, &vrfy, I)) goto err;
+		if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
+		if (vrfy.neg)
+			if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
+		if (!BN_is_zero(&vrfy))
+			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
+			 * miscalculated CRT output, just do a raw (slower)
+			 * mod_exp and return that instead. */
 			if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
-			}
 		}
 	ret=1;
 err:
diff --git a/crypto/openssl/crypto/rsa/rsa_err.c b/crypto/openssl/crypto/rsa/rsa_err.c
index bff7cf5..a7766c3 100644
--- a/crypto/openssl/crypto/rsa/rsa_err.c
+++ b/crypto/openssl/crypto/rsa/rsa_err.c
@@ -63,7 +63,7 @@
 #include <openssl/rsa.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
 {ERR_PACK(0,RSA_F_MEMORY_LOCK,0),	"MEMORY_LOCK"},
@@ -140,7 +140,7 @@ void ERR_load_RSA_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index 422643e..9323574 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -62,31 +62,30 @@
 #include <openssl/lhash.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/engine.h>
 
 const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
-static RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
+static const RSA_METHOD *default_RSA_meth=NULL;
 
 RSA *RSA_new(void)
 	{
 	return(RSA_new_method(NULL));
 	}
 
-void RSA_set_default_method(RSA_METHOD *meth)
+void RSA_set_default_method(const RSA_METHOD *meth)
 	{
-	default_RSA_meth=meth;
+	default_RSA_meth = meth;
 	}
 
-RSA_METHOD *RSA_get_default_method(void)
-{
+const RSA_METHOD *RSA_get_default_method(void)
+	{
 	if (default_RSA_meth == NULL)
 		{
 #ifdef RSA_NULL
 		default_RSA_meth=RSA_null_method();
 #else
-#ifdef RSAref
+#if 0 /* was: #ifdef RSAref */
 		default_RSA_meth=RSA_PKCS1_RSAref();
 #else
 		default_RSA_meth=RSA_PKCS1_SSLeay();
@@ -95,24 +94,31 @@ RSA_METHOD *RSA_get_default_method(void)
 		}
 
 	return default_RSA_meth;
-}
+	}
 
-RSA_METHOD *RSA_get_method(RSA *rsa)
-{
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+	{
 	return rsa->meth;
-}
+	}
 
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
-{
-	RSA_METHOD *mtmp;
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+	const RSA_METHOD *mtmp;
 	mtmp = rsa->meth;
 	if (mtmp->finish) mtmp->finish(rsa);
+	if (rsa->engine)
+		{
+		ENGINE_finish(rsa->engine);
+		rsa->engine = NULL;
+		}
 	rsa->meth = meth;
 	if (meth->init) meth->init(rsa);
-	return mtmp;
-}
+	return 1;
+	}
 
-RSA *RSA_new_method(RSA_METHOD *meth)
+RSA *RSA_new_method(ENGINE *engine)
 	{
 	RSA *ret;
 
@@ -120,13 +126,34 @@ RSA *RSA_new_method(RSA_METHOD *meth)
 	if (ret == NULL)
 		{
 		RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
+		return NULL;
 		}
 
-	if (meth == NULL)
-		ret->meth=RSA_get_default_method();
+	ret->meth = RSA_get_default_method();
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
 	else
-		ret->meth=meth;
+		ret->engine = ENGINE_get_default_RSA();
+	if(ret->engine)
+		{
+		ret->meth = ENGINE_get_RSA(ret->engine);
+		if(!ret->meth)
+			{
+			RSAerr(RSA_F_RSA_NEW_METHOD,
+				ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
 
 	ret->pad=0;
 	ret->version=0;
@@ -145,10 +172,12 @@ RSA *RSA_new_method(RSA_METHOD *meth)
 	ret->blinding=NULL;
 	ret->bignum_data=NULL;
 	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
-		CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data);
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
@@ -174,10 +203,12 @@ void RSA_free(RSA *r)
 		}
 #endif
 
-	if (r->meth->finish != NULL)
+	if (r->meth->finish)
 		r->meth->finish(r);
+	if (r->engine)
+		ENGINE_finish(r->engine);
 
-	CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
 	if (r->n != NULL) BN_clear_free(r->n);
 	if (r->e != NULL) BN_clear_free(r->e);
@@ -192,12 +223,27 @@ void RSA_free(RSA *r)
 	OPENSSL_free(r);
 	}
 
+int RSA_up_ref(RSA *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+	REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "RSA_up_ref, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	rsa_meth_num++;
-	return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
-		&rsa_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+				new_func, dup_func, free_func);
         }
 
 int RSA_set_ex_data(RSA *r, int idx, void *arg)
@@ -205,41 +251,41 @@ int RSA_set_ex_data(RSA *r, int idx, void *arg)
 	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
 	}
 
-void *RSA_get_ex_data(RSA *r, int idx)
+void *RSA_get_ex_data(const RSA *r, int idx)
 	{
 	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}
 
-int RSA_size(RSA *r)
+int RSA_size(const RSA *r)
 	{
 	return(BN_num_bytes(r->n));
 	}
 
-int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
 	}
 
-int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
 	}
 
-int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
 	}
 
-int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
 	}
 
-int RSA_flags(RSA *r)
+int RSA_flags(const RSA *r)
 	{
 	return((r == NULL)?0:r->meth->flags);
 	}
@@ -331,4 +377,3 @@ int RSA_memory_lock(RSA *r)
 	r->bignum_data=p;
 	return(1);
 	}
-
diff --git a/crypto/openssl/crypto/rsa/rsa_none.c b/crypto/openssl/crypto/rsa/rsa_none.c
index f22fce5..e6f3e62 100644
--- a/crypto/openssl/crypto/rsa/rsa_none.c
+++ b/crypto/openssl/crypto/rsa/rsa_none.c
@@ -62,8 +62,8 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 
-int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from,
-	     int flen)
+int RSA_padding_add_none(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
 	if (flen > tlen)
 		{
@@ -81,8 +81,8 @@ int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from,
 	return(1);
 	}
 
-int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from,
-	     int flen, int num)
+int RSA_padding_check_none(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{
 
 	if (flen > tlen)
diff --git a/crypto/openssl/crypto/rsa/rsa_null.c b/crypto/openssl/crypto/rsa/rsa_null.c
index 7b58a0e..64057fb 100644
--- a/crypto/openssl/crypto/rsa/rsa_null.c
+++ b/crypto/openssl/crypto/rsa/rsa_null.c
@@ -69,16 +69,16 @@
  * operations (like storing RSA keys) are permitted.
  */
 
-static int RSA_null_public_encrypt(int flen, unsigned char *from,
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_encrypt(int flen, unsigned char *from,
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_public_decrypt(int flen, unsigned char *from,
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_decrypt(int flen, unsigned char *from,
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
 #if 0 /* not currently used */
-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 #endif
 static int RSA_null_init(RSA *rsa);
 static int RSA_null_finish(RSA *rsa);
@@ -88,40 +88,41 @@ static RSA_METHOD rsa_null_meth={
 	RSA_null_public_decrypt,
 	RSA_null_private_encrypt,
 	RSA_null_private_decrypt,
-	NULL, NULL,
+	NULL,
+	NULL,
 	RSA_null_init,
 	RSA_null_finish,
 	0,
 	NULL,
 	};
 
-RSA_METHOD *RSA_null_method(void)
+const RSA_METHOD *RSA_null_method(void)
 	{
 	return(&rsa_null_meth);
 	}
 
-static int RSA_null_public_encrypt(int flen, unsigned char *from,
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
 	return -1;
 	}
 
-static int RSA_null_private_encrypt(int flen, unsigned char *from,
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
 	return -1;
 	}
 
-static int RSA_null_private_decrypt(int flen, unsigned char *from,
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
 	return -1;
 	}
 
-static int RSA_null_public_decrypt(int flen, unsigned char *from,
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c
index 742b3a1..e3f7c60 100644
--- a/crypto/openssl/crypto/rsa/rsa_oaep.c
+++ b/crypto/openssl/crypto/rsa/rsa_oaep.c
@@ -19,20 +19,21 @@
  */
 
 
-#if !defined(NO_SHA) && !defined(NO_SHA1)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/rand.h>
+#include <openssl/sha.h>
 
 int MGF1(unsigned char *mask, long len,
-	unsigned char *seed, long seedlen);
+	const unsigned char *seed, long seedlen);
 
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-	unsigned char *from, int flen,
-	unsigned char *param, int plen)
+	const unsigned char *from, int flen,
+	const unsigned char *param, int plen)
 	{
 	int i, emlen = tlen - 1;
 	unsigned char *db, *seed;
@@ -62,7 +63,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	seed = to + 1;
 	db = to + SHA_DIGEST_LENGTH + 1;
 
-	SHA1(param, plen, db);
+	EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
 	memset(db + SHA_DIGEST_LENGTH, 0,
 		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
 	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -88,11 +89,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	}
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, int num, unsigned char *param,
-	     int plen)
+	const unsigned char *from, int flen, int num,
+	const unsigned char *param, int plen)
 	{
 	int i, dblen, mlen = -1;
-	unsigned char *maskeddb;
+	const unsigned char *maskeddb;
 	int lzero;
 	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
 	int bad = 0;
@@ -128,12 +129,12 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
 	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
 		seed[i] ^= from[i - lzero];
-
+  
 	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
 	for (i = 0; i < dblen; i++)
 		db[i] ^= maskeddb[i];
 
-	SHA1(param, plen, phash);
+	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
 
 	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
 		goto decoding_err;
@@ -169,34 +170,37 @@ decoding_err:
 	return -1;
 	}
 
-int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
+int MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen)
 	{
 	long i, outlen = 0;
 	unsigned char cnt[4];
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
+	EVP_MD_CTX_init(&c);
 	for (i = 0; outlen < len; i++)
 		{
 		cnt[0] = (unsigned char)((i >> 24) & 255);
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		SHA1_Init(&c);
-		SHA1_Update(&c, seed, seedlen);
-		SHA1_Update(&c, cnt, 4);
+		EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+		EVP_DigestUpdate(&c, seed, seedlen);
+		EVP_DigestUpdate(&c, cnt, 4);
 		if (outlen + SHA_DIGEST_LENGTH <= len)
 			{
-			SHA1_Final(mask + outlen, &c);
+			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
 			outlen += SHA_DIGEST_LENGTH;
 			}
 		else
 			{
-			SHA1_Final(md, &c);
+			EVP_DigestFinal_ex(&c, md, NULL);
 			memcpy(mask + outlen, md, len - outlen);
 			outlen = len;
 			}
 		}
+	EVP_MD_CTX_cleanup(&c);
 	return 0;
 	}
 #endif
diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c
index 48a32bc..8560755 100644
--- a/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/crypto/openssl/crypto/rsa/rsa_pk1.c
@@ -63,12 +63,12 @@
 #include <openssl/rand.h>
 
 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-	     unsigned char *from, int flen)
+	     const unsigned char *from, int flen)
 	{
 	int j;
 	unsigned char *p;
 
-	if (flen > (tlen-11))
+	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		return(0);
@@ -89,10 +89,10 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
 	}
 
 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, int num)
+	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if ((num != (flen+1)) || (*(p++) != 01))
@@ -141,7 +141,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
 	}
 
 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-	     unsigned char *from, int flen)
+	     const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -179,10 +179,10 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
 	}
 
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, int num)
+	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if ((num != (flen+1)) || (*(p++) != 02))
diff --git a/crypto/openssl/crypto/rsa/rsa_saos.c b/crypto/openssl/crypto/rsa/rsa_saos.c
index c77f438..f462716 100644
--- a/crypto/openssl/crypto/rsa/rsa_saos.c
+++ b/crypto/openssl/crypto/rsa/rsa_saos.c
@@ -63,8 +63,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_len,
+	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	ASN1_OCTET_STRING sig;
 	int i,j,ret=1;
@@ -72,11 +73,11 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 
 	sig.type=V_ASN1_OCTET_STRING;
 	sig.length=m_len;
-	sig.data=m;
+	sig.data=(unsigned char *)m;
 
 	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
@@ -95,14 +96,15 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 	else
 		*siglen=i;
 
-	memset(s,0,(unsigned int)j+1);
+	OPENSSL_cleanse(s,(unsigned int)j+1);
 	OPENSSL_free(s);
 	return(ret);
 	}
 
-int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
-	     unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-	     RSA *rsa)
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+	const unsigned char *m,
+	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+	RSA *rsa)
 	{
 	int i,ret=0;
 	unsigned char *p,*s;
@@ -137,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
 		ret=1;
 err:
 	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-	memset(s,0,(unsigned int)siglen);
+	OPENSSL_cleanse(s,(unsigned int)siglen);
 	OPENSSL_free(s);
 	return(ret);
 	}
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 31049b9..4ac2de3 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -62,21 +62,25 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/engine.h>
 
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH	36
 
-int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	X509_SIG sig;
 	ASN1_TYPE parameter;
 	int i,j,ret=1;
-	unsigned char *p,*s = NULL;
+	unsigned char *p, *tmps = NULL;
+	const unsigned char *s = NULL;
 	X509_ALGOR algor;
 	ASN1_OCTET_STRING digest;
-	if(rsa->flags & RSA_FLAG_SIGN_VER)
-	      return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+	if((rsa->flags & RSA_FLAG_SIGN_VER)
+	      && ENGINE_get_RSA(rsa->engine)->rsa_sign)
+	      return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+			m, m_len, sigret, siglen, rsa);
 	/* Special case: SSL signature, just check the length */
 	if(type == NID_md5_sha1) {
 		if(m_len != SSL_SIG_LENGTH) {
@@ -103,26 +107,27 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 		sig.algor->parameter= &parameter;
 
 		sig.digest= &digest;
-		sig.digest->data=m;
+		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
 		sig.digest->length=m_len;
 
 		i=i2d_X509_SIG(&sig,NULL);
 	}
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
 		}
 	if(type != NID_md5_sha1) {
-		s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-		if (s == NULL)
+		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
+		if (tmps == NULL)
 			{
 			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
 			return(0);
 			}
-		p=s;
+		p=tmps;
 		i2d_X509_SIG(&sig,&p);
+		s=tmps;
 	}
 	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
 	if (i <= 0)
@@ -131,13 +136,13 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 		*siglen=i;
 
 	if(type != NID_md5_sha1) {
-		memset(s,0,(unsigned int)j+1);
-		OPENSSL_free(s);
+		OPENSSL_cleanse(tmps,(unsigned int)j+1);
+		OPENSSL_free(tmps);
 	}
 	return(ret);
 	}
 
-int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
 	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 	{
 	int i,ret=0,sigtype;
@@ -150,8 +155,10 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
 		return(0);
 		}
 
-	if(rsa->flags & RSA_FLAG_SIGN_VER)
-	    return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
+	if((rsa->flags & RSA_FLAG_SIGN_VER)
+	    && ENGINE_get_RSA(rsa->engine)->rsa_verify)
+	    return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+			m, m_len, sigbuf, siglen, rsa);
 
 	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
 	if (s == NULL)
@@ -193,9 +200,9 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
 				(sigtype == NID_md2WithRSAEncryption)))
 				{
 				/* ok, we will let it through */
-	#if !defined(NO_STDIO) && !defined(WIN16)
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
 				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
-	#endif
+#endif
 				}
 			else
 				{
@@ -214,7 +221,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
 	}
 err:
 	if (sig != NULL) X509_SIG_free(sig);
-	memset(s,0,(unsigned int)siglen);
+	OPENSSL_cleanse(s,(unsigned int)siglen);
 	OPENSSL_free(s);
 	return(ret);
 	}
diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c
index 482f4a8..ea72629 100644
--- a/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ssl.c
@@ -62,8 +62,8 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
-	     int flen)
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -102,11 +102,11 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 	return(1);
 	}
 
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
-	     int flen, int num)
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{
 	int i,j,k;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if (flen < 10)
diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c
index e5ae0c1..b8b462d 100644
--- a/crypto/openssl/crypto/rsa/rsa_test.c
+++ b/crypto/openssl/crypto/rsa/rsa_test.c
@@ -3,12 +3,12 @@
 #include <stdio.h>
 #include <string.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifdef NO_RSA
+#ifdef OPENSSL_NO_RSA
 int main(int argc, char *argv[])
 {
     printf("No RSA support\n");
@@ -16,6 +16,7 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/rsa.h>
+#include <openssl/engine.h>
 
 #define SetKey \
   key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
@@ -219,10 +220,12 @@ int main(int argc, char *argv[])
     int clen = 0;
     int num;
 
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
     RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
 
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	
     plen = sizeof(ptext_ex) - 1;
 
     for (v = 0; v < 3; v++)
@@ -305,9 +308,10 @@ int main(int argc, char *argv[])
 	RSA_free(key);
 	}
 
+    CRYPTO_cleanup_all_ex_data();
     ERR_remove_state(0);
 
-    CRYPTO_mem_leaks_fp(stdout);
+    CRYPTO_mem_leaks_fp(stderr);
 
     return err;
     }
diff --git a/crypto/openssl/crypto/sha/Makefile.ssl b/crypto/openssl/crypto/sha/Makefile.ssl
index 75d3e0b..6487397 100644
--- a/crypto/openssl/crypto/sha/Makefile.ssl
+++ b/crypto/openssl/crypto/sha/Makefile.ssl
@@ -12,7 +12,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -42,8 +43,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
@@ -92,7 +92,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -103,11 +103,19 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-sha1_one.o: ../../include/openssl/sha.h
-sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
-sha1dgst.o: ../md32_common.h sha_locl.h
-sha_dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
-sha_dgst.o: ../md32_common.h sha_locl.h
-sha_one.o: ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha_one.o: sha_one.c
diff --git a/crypto/openssl/crypto/sha/sha.h b/crypto/openssl/crypto/sha/sha.h
index 77f6d96..3fd54a1 100644
--- a/crypto/openssl/crypto/sha/sha.h
+++ b/crypto/openssl/crypto/sha/sha.h
@@ -59,11 +59,13 @@
 #ifndef HEADER_SHA_H
 #define HEADER_SHA_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#if defined(NO_SHA) || (defined(NO_SHA0) && defined(NO_SHA1))
+#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
 #error SHA is disabled.
 #endif
 
@@ -74,9 +76,9 @@ extern "C" {
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
 
-#if defined(WIN16) || defined(__LP32__)
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
 #define SHA_LONG unsigned long
-#elif defined(_CRAY) || defined(__ILP64__)
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define SHA_LONG unsigned long
 #define SHA_LONG_LOG2 3
 #else
@@ -98,17 +100,17 @@ typedef struct SHAstate_st
 	int num;
 	} SHA_CTX;
 
-#ifndef NO_SHA0
-void SHA_Init(SHA_CTX *c);
-void SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
-void SHA_Final(unsigned char *md, SHA_CTX *c);
+#ifndef OPENSSL_NO_SHA0
+int SHA_Init(SHA_CTX *c);
+int SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
+int SHA_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
-#ifndef NO_SHA1
-void SHA1_Init(SHA_CTX *c);
-void SHA1_Update(SHA_CTX *c, const void *data, unsigned long len);
-void SHA1_Final(unsigned char *md, SHA_CTX *c);
+#ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
diff --git a/crypto/openssl/crypto/sha/sha1_one.c b/crypto/openssl/crypto/sha/sha1_one.c
index 861752e..20e660c 100644
--- a/crypto/openssl/crypto/sha/sha1_one.c
+++ b/crypto/openssl/crypto/sha/sha1_one.c
@@ -59,8 +59,9 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/sha.h>
+#include <openssl/crypto.h>
 
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	SHA_CTX c;
@@ -70,7 +71,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
 	SHA1_Init(&c);
 	SHA1_Update(&c,d,n);
 	SHA1_Final(md,&c);
-	memset(&c,0,sizeof(c));
+	OPENSSL_cleanse(&c,sizeof(c));
 	return(md);
 	}
 #endif
diff --git a/crypto/openssl/crypto/sha/sha1dgst.c b/crypto/openssl/crypto/sha/sha1dgst.c
index c09edb4..182f659 100644
--- a/crypto/openssl/crypto/sha/sha1dgst.c
+++ b/crypto/openssl/crypto/sha/sha1dgst.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#if !defined(NO_SHA1) && !defined(NO_SHA)
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0
 #define SHA_1
diff --git a/crypto/openssl/crypto/sha/sha1test.c b/crypto/openssl/crypto/sha/sha1test.c
index 688d06c..4f2e4ad 100644
--- a/crypto/openssl/crypto/sha/sha1test.c
+++ b/crypto/openssl/crypto/sha/sha1test.c
@@ -60,13 +60,16 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_SHA
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
 int main(int argc, char *argv[])
 {
     printf("No SHA support\n");
     return(0);
 }
 #else
+#include <openssl/evp.h>
 #include <openssl/sha.h>
 
 #ifdef CHARSET_EBCDIC
@@ -106,7 +109,7 @@ int main(int argc, char *argv[])
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -114,12 +117,14 @@ int main(int argc, char *argv[])
 	ebcdic2ascii(test[1], test[1], strlen(test[1]));
 #endif
 
+	EVP_MD_CTX_init(&c);
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA1 on '%s'\n",*P);
@@ -137,10 +142,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	SHA1_Init(&c);
+	EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
 	for (i=0; i<1000; i++)
-		SHA1_Update(&c,buf,1000);
-	SHA1_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;
@@ -152,7 +157,8 @@ int main(int argc, char *argv[])
 		}
 	else
 		printf("test 3 ok\n");
-	exit(err);
+	EXIT(err);
+	EVP_MD_CTX_cleanup(&c);
 	return(0);
 	}
 
diff --git a/crypto/openssl/crypto/sha/sha_dgst.c b/crypto/openssl/crypto/sha/sha_dgst.c
index 894a962..5a4b3ab 100644
--- a/crypto/openssl/crypto/sha/sha_dgst.c
+++ b/crypto/openssl/crypto/sha/sha_dgst.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#if !defined(NO_SHA0) && !defined(NO_SHA)
+#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_1
 #define SHA_0
diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/openssl/crypto/sha/sha_locl.h
index 631ba73..2dd63a6 100644
--- a/crypto/openssl/crypto/sha/sha_locl.h
+++ b/crypto/openssl/crypto/sha/sha_locl.h
@@ -138,7 +138,7 @@
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
 
-void HASH_INIT (SHA_CTX *c)
+int HASH_INIT (SHA_CTX *c)
 	{
 	c->h0=INIT_DATA_h0;
 	c->h1=INIT_DATA_h1;
@@ -148,6 +148,7 @@ void HASH_INIT (SHA_CTX *c)
 	c->Nl=0;
 	c->Nh=0;
 	c->num=0;
+	return 1;
 	}
 
 #define K_00_19	0x5a827999UL
@@ -223,10 +224,10 @@ void HASH_INIT (SHA_CTX *c)
 void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
 	{
 	const SHA_LONG *W=d;
-	register unsigned long A,B,C,D,E,T;
+	register unsigned MD32_REG_T A,B,C,D,E,T;
 #ifndef MD32_XARRAY
-	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
 #else
 	SHA_LONG	XX[16];
 #endif
@@ -348,10 +349,10 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
 void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num)
 	{
 	const unsigned char *data=p;
-	register unsigned long A,B,C,D,E,T,l;
+	register unsigned MD32_REG_T A,B,C,D,E,T,l;
 #ifndef MD32_XARRAY
-	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
 #else
 	SHA_LONG	XX[16];
 #endif
diff --git a/crypto/openssl/crypto/sha/sha_one.c b/crypto/openssl/crypto/sha/sha_one.c
index 2d955de..e61c63f 100644
--- a/crypto/openssl/crypto/sha/sha_one.c
+++ b/crypto/openssl/crypto/sha/sha_one.c
@@ -59,8 +59,9 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/sha.h>
+#include <openssl/crypto.h>
 
-#ifndef NO_SHA0
+#ifndef OPENSSL_NO_SHA0
 unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	SHA_CTX c;
@@ -70,7 +71,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
 	SHA_Init(&c);
 	SHA_Update(&c,d,n);
 	SHA_Final(md,&c);
-	memset(&c,0,sizeof(c));
+	OPENSSL_cleanse(&c,sizeof(c));
 	return(md);
 	}
 #endif
diff --git a/crypto/openssl/crypto/sha/shatest.c b/crypto/openssl/crypto/sha/shatest.c
index a5786bb..5d2b1d3 100644
--- a/crypto/openssl/crypto/sha/shatest.c
+++ b/crypto/openssl/crypto/sha/shatest.c
@@ -60,13 +60,16 @@
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef NO_SHA
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
 int main(int argc, char *argv[])
 {
     printf("No SHA support\n");
     return(0);
 }
 #else
+#include <openssl/evp.h>
 #include <openssl/sha.h>
 
 #ifdef CHARSET_EBCDIC
@@ -106,7 +109,7 @@ int main(int argc, char *argv[])
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -114,12 +117,14 @@ int main(int argc, char *argv[])
 	ebcdic2ascii(test[1], test[1], strlen(test[1]));
 #endif
 
+	EVP_MD_CTX_init(&c);
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA on '%s'\n",*P);
@@ -137,10 +142,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	SHA_Init(&c);
+	EVP_DigestInit_ex(&c,EVP_sha(), NULL);
 	for (i=0; i<1000; i++)
-		SHA_Update(&c,buf,1000);
-	SHA_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;
@@ -152,7 +157,8 @@ int main(int argc, char *argv[])
 		}
 	else
 		printf("test 3 ok\n");
-	exit(err);
+	EVP_MD_CTX_cleanup(&c);
+	EXIT(err);
 	return(0);
 	}
 
diff --git a/crypto/openssl/crypto/stack/Makefile.ssl b/crypto/openssl/crypto/stack/Makefile.ssl
index 2027d39..e4acfe6 100644
--- a/crypto/openssl/crypto/stack/Makefile.ssl
+++ b/crypto/openssl/crypto/stack/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,10 +79,10 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-stack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+stack.o: ../../e_os.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-stack.o: ../cryptlib.h
+stack.o: ../cryptlib.h stack.c
diff --git a/crypto/openssl/crypto/stack/safestack.h b/crypto/openssl/crypto/stack/safestack.h
index 9fa63e1..ed9ed2c 100644
--- a/crypto/openssl/crypto/stack/safestack.h
+++ b/crypto/openssl/crypto/stack/safestack.h
@@ -224,6 +224,26 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
 
+#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
+#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
+#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
+#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
+#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
+#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
+#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
+#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
+#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
+#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
+
 #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
 #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
@@ -304,6 +324,26 @@ STACK_OF(type) \
 #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
 
+#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
+#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
+#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
+#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
+#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
+#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
+#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
+#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
+#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
+#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
+
 #define sk_BIO_new(st) SKM_sk_new(BIO, (st))
 #define sk_BIO_new_null() SKM_sk_new_null(BIO)
 #define sk_BIO_free(st) SKM_sk_free(BIO, (st))
@@ -324,6 +364,46 @@ STACK_OF(type) \
 #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
 
+#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
+#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
+#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
+#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
+#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
+#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
+#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
+#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
+
+#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
+#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
+#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
+#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
+#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
+#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
+#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
+#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
+#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
+#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
+#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
+#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
+#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
+
 #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
 #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
 #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
@@ -404,6 +484,46 @@ STACK_OF(type) \
 #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
 #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
 
+#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
+#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
+#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
+#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
+#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
+#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
+#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
+#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
+#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
+#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
+#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
+#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
+#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
+#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
+#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
+#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
+#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
+#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
+#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
+
+#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
+#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
+#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
+#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
+#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
+#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
+#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
+#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
+#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
+#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
+
 #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
 #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
@@ -424,6 +544,166 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
 
+#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
+#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
+#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
+#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
+#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
+#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
+#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
+#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
+#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
+#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
+
+#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
+#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
+#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
+#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
+#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
+#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
+#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
+#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
+#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
+#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
+
+#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
+#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
+#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
+#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
+#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
+#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
+#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
+#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
+#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
+#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
+
+#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
+#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
+#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
+#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
+#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
+#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
+#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
+#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
+#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
+#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
+
+#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
+#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
+#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
+#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
+#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
+#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
+#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
+#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
+#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
+#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
+
+#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
+#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
+#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
+#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
+#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
+#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
+#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
+#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
+#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
+#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
+
+#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
+#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
+#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
+#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
+#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
+#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
+#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
+#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
+#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
+#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
+
+#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
+#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
+#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
+#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
+#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
+#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
+#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
+#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
+#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
+#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
+
 #define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
 #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
 #define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
@@ -484,6 +764,66 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
 
+#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
+#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
+#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
+#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
+#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
+#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
+#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
+#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
+
+#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+
+#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+
 #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
 #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
@@ -664,6 +1004,26 @@ STACK_OF(type) \
 #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
 #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
 
+#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
+#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
+#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
+#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
+#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
+#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
+#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
+#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
+#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
+#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
+#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
+#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
+#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
+#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
+#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
+#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
+#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
+#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
+#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
+
 #define sk_X509_new(st) SKM_sk_new(X509, (st))
 #define sk_X509_new_null() SKM_sk_new_null(X509)
 #define sk_X509_free(st) SKM_sk_free(X509, (st))
@@ -998,6 +1358,24 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
 	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
 
+#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
 #define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
diff --git a/crypto/openssl/crypto/stack/stack.c b/crypto/openssl/crypto/stack/stack.c
index 02857f0..2496f28 100644
--- a/crypto/openssl/crypto/stack/stack.c
+++ b/crypto/openssl/crypto/stack/stack.c
@@ -106,6 +106,8 @@ STACK *sk_dup(STACK *sk)
 	ret->comp=sk->comp;
 	return(ret);
 err:
+	if(ret)
+		sk_free(ret);
 	return(NULL);
 	}
 
@@ -120,9 +122,9 @@ STACK *sk_new(int (*c)(const char * const *, const char * const *))
 	int i;
 
 	if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
-		goto err0;
+		goto err;
 	if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
-		goto err1;
+		goto err;
 	for (i=0; i<MIN_NODES; i++)
 		ret->data[i]=NULL;
 	ret->comp=c;
@@ -130,9 +132,9 @@ STACK *sk_new(int (*c)(const char * const *, const char * const *))
 	ret->num=0;
 	ret->sorted=0;
 	return(ret);
-err1:
-	OPENSSL_free(ret);
-err0:
+err:
+	if(ret)
+		OPENSSL_free(ret);
 	return(NULL);
 	}
 
@@ -316,7 +318,7 @@ char *sk_set(STACK *st, int i, char *value)
 
 void sk_sort(STACK *st)
 	{
-	if (!st->sorted)
+	if (st && !st->sorted)
 		{
 		int (*comp_func)(const void *,const void *);
 
diff --git a/crypto/openssl/crypto/symhacks.h b/crypto/openssl/crypto/symhacks.h
index 6b472b2..774162f 100644
--- a/crypto/openssl/crypto/symhacks.h
+++ b/crypto/openssl/crypto/symhacks.h
@@ -55,10 +55,18 @@
 #ifndef HEADER_SYMHACKS_H
 #define HEADER_SYMHACKS_H
 
+#include <openssl/e_os2.h>
+
 /* Hacks to solve the problem with linkers incapable of handling very long
    symbol names.  In the case of VMS, the limit is 31 characters on VMS for
    VAX. */
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
+
+/* Hack a long name in crypto/ex_data.c */
+#undef CRYPTO_get_ex_data_implementation
+#define CRYPTO_get_ex_data_implementation	CRYPTO_get_ex_data_impl
+#undef CRYPTO_set_ex_data_implementation
+#define CRYPTO_set_ex_data_implementation	CRYPTO_set_ex_data_impl
 
 /* Hack a long name in crypto/asn1/a_mbstr.c */
 #undef ASN1_STRING_set_default_mask_asc
@@ -121,33 +129,146 @@
 #define X509_REVOKED_get_ext_by_critical	X509_REVOKED_get_ext_by_critic
 
 /* Hack some long CRYPTO names */
+#undef CRYPTO_set_dynlock_destroy_callback
 #define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
+#undef CRYPTO_set_dynlock_create_callback
 #define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
+#undef CRYPTO_set_dynlock_lock_callback
 #define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_lock_callback
 #define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_destroy_callback
 #define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
+#undef CRYPTO_get_dynlock_create_callback
 #define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
+#undef CRYPTO_set_locked_mem_ex_functions
+#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
+#undef CRYPTO_get_locked_mem_ex_functions
+#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
 
 /* Hack some long SSL names */
+#undef SSL_CTX_set_default_verify_paths
 #define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#undef SSL_get_ex_data_X509_STORE_CTX_idx
 #define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
+#undef SSL_add_file_cert_subjects_to_stack
 #define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
+#if 0 /* This function is not defined i VMS. */
+#undef SSL_add_dir_cert_subjects_to_stack
 #define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
+#endif
+#undef SSL_CTX_use_certificate_chain_file
 #define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
+#undef SSL_CTX_set_cert_verify_callback
 #define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#undef SSL_CTX_set_default_passwd_cb_userdata
 #define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
 
 /* Hack some long ENGINE names */
+#undef ENGINE_get_default_BN_mod_exp_crt
 #define ENGINE_get_default_BN_mod_exp_crt	ENGINE_get_def_BN_mod_exp_crt
+#undef ENGINE_set_default_BN_mod_exp_crt
 #define ENGINE_set_default_BN_mod_exp_crt	ENGINE_set_def_BN_mod_exp_crt
+#undef ENGINE_set_load_privkey_function
+#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
+#undef ENGINE_get_load_privkey_function
+#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+
+/* Hack some long OCSP names */
+#undef OCSP_REQUEST_get_ext_by_critical
+#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
+#undef OCSP_BASICRESP_get_ext_by_critical
+#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
+#undef OCSP_SINGLERESP_get_ext_by_critical
+#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
+
+/* Hack some long DES names */
+#undef _ossl_old_des_ede3_cfb64_encrypt
+#define _ossl_old_des_ede3_cfb64_encrypt	_ossl_odes_ede3_cfb64_encrypt
+#undef _ossl_old_des_ede3_ofb64_encrypt
+#define _ossl_old_des_ede3_ofb64_encrypt	_ossl_odes_ede3_ofb64_encrypt
 
-#endif /* defined VMS */
+/* Hack some long EVP names */
+#undef OPENSSL_add_all_algorithms_noconf
+#define OPENSSL_add_all_algorithms_noconf	OPENSSL_add_all_algo_noconf
+#undef OPENSSL_add_all_algorithms_conf
+#define OPENSSL_add_all_algorithms_conf		OPENSSL_add_all_algo_conf
+
+/* Hack some long EC names */
+#undef EC_POINT_set_Jprojective_coordinates_GFp
+#define EC_POINT_set_Jprojective_coordinates_GFp \
+                                                EC_POINT_set_Jproj_coords_GFp
+#undef EC_POINT_get_Jprojective_coordinates_GFp
+#define EC_POINT_get_Jprojective_coordinates_GFp \
+                                                EC_POINT_get_Jproj_coords_GFp
+#undef EC_POINT_set_affine_coordinates_GFp
+#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
+#undef EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
+#undef EC_POINT_set_compressed_coordinates_GFp
+#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
+#undef ec_GFp_simple_group_set_curve_GFp
+#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_group_clear_finish
+#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
+#undef ec_GFp_simple_group_set_generator
+#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
+#undef ec_GFp_simple_group_get0_generator
+#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
+#undef ec_GFp_simple_group_get_cofactor
+#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
+#undef ec_GFp_simple_point_clear_finish
+#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
+#undef ec_GFp_simple_point_set_to_infinity
+#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
+#undef ec_GFp_simple_points_make_affine
+#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_set_Jproj_coords_GFp
+#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
+#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_get_Jproj_coords_GFp
+#undef ec_GFp_simple_point_set_affine_coordinates_GFp
+#define ec_GFp_simple_point_set_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_set_af_coords_GFp
+#undef ec_GFp_simple_point_get_affine_coordinates_GFp
+#define ec_GFp_simple_point_get_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_get_af_coords_GFp
+#undef ec_GFp_simple_set_compressed_coordinates_GFp
+#define ec_GFp_simple_set_compressed_coordinates_GFp \
+                                                ec_GFp_smp_set_compr_coords_GFp
+
+#endif /* defined OPENSSL_SYS_VMS */
 
 
 /* Case insensiteve linking causes problems.... */
-#if defined(WIN16) || defined(VMS)
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
 #undef ERR_load_CRYPTO_strings
 #define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings
+#undef OCSP_crlID_new
+#define OCSP_crlID_new                          OCSP_crlID2_new
+
+/* These functions do not seem to exist!  However, I'm paranoid...
+   Original command in x509v3.h:
+   These functions are being redefined in another directory,
+   and clash when the linker is case-insensitive, so let's
+   hide them a little, by giving them an extra 'o' at the
+   beginning of the name... */
+#undef X509v3_cleanup_extensions
+#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#undef X509v3_add_extension
+#define X509v3_add_extension                    oX509v3_add_extension
+#undef X509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#undef X509v3_add_standard_extensions
+#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+
+
 #endif
 
 
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c
index 1001659..7142e4e 100644
--- a/crypto/openssl/crypto/threads/mttest.c
+++ b/crypto/openssl/crypto/threads/mttest.c
@@ -63,7 +63,7 @@
 #ifdef LINUX
 #include <typedefs.h>
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #include <windows.h>
 #endif
 #ifdef SOLARIS
@@ -86,7 +86,7 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
-#ifdef NO_FP_API
+#ifdef OPENSSL_NO_FP_API
 #define APPS_WIN16
 #include "../buffer/bss_file.c"
 #endif
@@ -691,7 +691,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 
 #define THREAD_STACK_SIZE (16*1024)
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 
 static HANDLE *lock_cs;
 
@@ -782,7 +782,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	printf("win32 threads done - %.3f seconds\n",ret);
 	}
 
-#endif /* WIN32 */
+#endif /* OPENSSL_SYS_WIN32 */
 
 #ifdef SOLARIS
 
diff --git a/crypto/openssl/crypto/threads/th-lock.c b/crypto/openssl/crypto/threads/th-lock.c
index 553d221..a6a79b9 100644
--- a/crypto/openssl/crypto/threads/th-lock.c
+++ b/crypto/openssl/crypto/threads/th-lock.c
@@ -63,7 +63,7 @@
 #ifdef LINUX
 #include <typedefs.h>
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #include <windows.h>
 #endif
 #ifdef SOLARIS
@@ -105,7 +105,7 @@ static unsigned long pthreads_thread_id(void );
 
 #define THREAD_STACK_SIZE (16*1024)
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 
 static HANDLE *lock_cs;
 
@@ -146,7 +146,7 @@ void win32_locking_callback(int mode, int type, char *file, int line)
 		}
 	}
 
-#endif /* WIN32 */
+#endif /* OPENSSL_SYS_WIN32 */
 
 #ifdef SOLARIS
 
diff --git a/crypto/openssl/crypto/tmdiff.c b/crypto/openssl/crypto/tmdiff.c
index 8300922..307523e 100644
--- a/crypto/openssl/crypto/tmdiff.c
+++ b/crypto/openssl/crypto/tmdiff.c
@@ -59,20 +59,17 @@
 #include <stdlib.h>
 #include "cryptlib.h"
 #include <openssl/tmdiff.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
 
 #ifdef TIMEB
-#undef WIN32
+#undef OPENSSL_SYS_WIN32
 #undef TIMES
 #endif
 
-#ifndef MSDOS
-#  ifndef WIN32
-#   ifndef VXWORKS
-#    if !defined(VMS) || defined(__DECC)
-#      define TIMES
-#    endif
-#   endif
-#  endif
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS)
+# define TIMES
 #endif
 
 #ifndef _IRIX
@@ -87,7 +84,7 @@
    The __TMS macro will show if it was.  If it wasn't defined, we should
    undefine TIMES, since that tells the rest of the program how things
    should be handled.				-- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
 #undef TIMES
 #endif
 
@@ -97,24 +94,29 @@
 #include <sys/param.h>
 #endif
 
-#if !defined(TIMES) && !defined(VXWORKS)
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
 #include <sys/timeb.h>
 #endif
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #include <windows.h>
 #endif
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   define HZ  100.0
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
+# if defined(_SC_CLK_TCK) \
+     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#    define HZ  100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
+#   endif
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
 #  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
 # endif
 #endif
 
@@ -123,11 +125,11 @@ typedef struct ms_tm
 #ifdef TIMES
 	struct tms ms_tms;
 #else
-#  ifdef WIN32
+#  ifdef OPENSSL_SYS_WIN32
 	HANDLE thread_id;
 	FILETIME ms_win32;
 #  else
-#    ifdef VXWORKS
+#    ifdef OPENSSL_SYS_VXWORKS
           unsigned long ticks;
 #    else
 	struct timeb ms_timeb;
@@ -144,7 +146,7 @@ char *ms_time_new(void)
 	if (ret == NULL)
 		return(NULL);
 	memset(ret,0,sizeof(MS_TM));
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	ret->thread_id=GetCurrentThread();
 #endif
 	return((char *)ret);
@@ -159,17 +161,17 @@ void ms_time_free(char *a)
 void ms_time_get(char *a)
 	{
 	MS_TM *tm=(MS_TM *)a;
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	FILETIME tmpa,tmpb,tmpc;
 #endif
 
 #ifdef TIMES
 	times(&tm->ms_tms);
 #else
-#  ifdef WIN32
+#  ifdef OPENSSL_SYS_WIN32
 	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
 #  else
-#    ifdef VXWORKS
+#    ifdef OPENSSL_SYS_VXWORKS
         tm->ticks = tickGet();
 #    else
 	ftime(&tm->ms_timeb);
@@ -187,7 +189,7 @@ double ms_time_diff(char *ap, char *bp)
 #ifdef TIMES
 	ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
 #else
-# ifdef WIN32
+# ifdef OPENSSL_SYS_WIN32
 	{
 #ifdef __GNUC__
 	signed long long la,lb;
@@ -203,7 +205,7 @@ double ms_time_diff(char *ap, char *bp)
 	ret=((double)(lb-la))/1e7;
 	}
 # else
-#  ifdef VXWORKS
+#  ifdef OPENSSL_SYS_VXWORKS
         ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
 #  else
 	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
@@ -224,11 +226,11 @@ int ms_time_cmp(char *ap, char *bp)
 #ifdef TIMES
 	d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
 #else
-# ifdef WIN32
+# ifdef OPENSSL_SYS_WIN32
 	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
 	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
 # else
-#  ifdef VXWORKS
+#  ifdef OPENSSL_SYS_VXWORKS
         d = (b->ticks - a->ticks);
 #  else
 	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
diff --git a/crypto/openssl/crypto/txt_db/Makefile.ssl b/crypto/openssl/crypto/txt_db/Makefile.ssl
index 567202a..313f753 100644
--- a/crypto/openssl/crypto/txt_db/Makefile.ssl
+++ b/crypto/openssl/crypto/txt_db/Makefile.ssl
@@ -11,7 +11,8 @@ INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -39,8 +40,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,10 +79,10 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-txt_db.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-txt_db.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c
diff --git a/crypto/openssl/crypto/txt_db/txt_db.c b/crypto/openssl/crypto/txt_db/txt_db.c
index 92fcbde..58b300b 100644
--- a/crypto/openssl/crypto/txt_db/txt_db.c
+++ b/crypto/openssl/crypto/txt_db/txt_db.c
@@ -108,7 +108,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
 		if (offset != 0)
 			{
 			size+=BUFSIZE;
-			if (!BUF_MEM_grow(buf,size)) goto err;
+			if (!BUF_MEM_grow_clean(buf,size)) goto err;
 			}
 		buf->data[offset]='\0';
 		BIO_gets(in,&(buf->data[offset]),size-offset);
@@ -155,7 +155,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
 		*(p++)='\0';
 		if ((n != num) || (*f != '\0'))
 			{
-#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */
 			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
 #endif
 			er=2;
@@ -164,7 +164,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
 		pp[n]=p;
 		if (!sk_push(ret->data,(char *)pp))
 			{
-#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */
 			fprintf(stderr,"failure in sk_push\n");
 #endif
 			er=2;
@@ -176,7 +176,7 @@ err:
 	BUF_MEM_free(buf);
 	if (er)
 		{
-#if !defined(NO_STDIO) && !defined(WIN16)
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
 		if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
 #endif
 		if (ret->data != NULL) sk_free(ret->data);
@@ -211,7 +211,7 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
 	}
 
 int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
-	     unsigned long (*hash)(), int (*cmp)())
+		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
 	{
 	LHASH *idx;
 	char *r;
@@ -268,7 +268,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
 			if (pp[j] != NULL)
 				l+=strlen(pp[j]);
 			}
-		if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err;
+		if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
 
 		p=buf->data;
 		for (j=0; j<nn; j++)
diff --git a/crypto/openssl/crypto/txt_db/txt_db.h b/crypto/openssl/crypto/txt_db/txt_db.h
index 342533d..563392a 100644
--- a/crypto/openssl/crypto/txt_db/txt_db.h
+++ b/crypto/openssl/crypto/txt_db/txt_db.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_TXT_DB_H
 #define HEADER_TXT_DB_H
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/stack.h>
@@ -88,7 +88,7 @@ typedef struct txt_db_st
 	char **arg_row;
 	} TXT_DB;
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 TXT_DB *TXT_DB_read(BIO *in, int num);
 long TXT_DB_write(BIO *out, TXT_DB *db);
 #else
@@ -96,7 +96,7 @@ TXT_DB *TXT_DB_read(char *in, int num);
 long TXT_DB_write(char *out, TXT_DB *db);
 #endif
 int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
-	 unsigned long (*hash)(),int (*cmp)());
+		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
 void TXT_DB_free(TXT_DB *db);
 char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
 int TXT_DB_insert(TXT_DB *db,char **value);
diff --git a/crypto/openssl/crypto/ui/Makefile.ssl b/crypto/openssl/crypto/ui/Makefile.ssl
new file mode 100644
index 0000000..256f536
--- /dev/null
+++ b/crypto/openssl/crypto/ui/Makefile.ssl
@@ -0,0 +1,117 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+
+DIR=	ui
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ui.h ui_compat.h
+HEADER=	$(EXHEADER) ui_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_compat.o: ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ui_compat.o: ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_err.o: ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_util.o: ui_util.c
diff --git a/crypto/openssl/crypto/ui/ui.h b/crypto/openssl/crypto/ui/ui.h
new file mode 100644
index 0000000..735a2d9
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui.h
@@ -0,0 +1,387 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_H
+#define HEADER_UI_H
+
+#include <openssl/crypto.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* The UI type is a holder for a specific user interface session.  It can
+   contain an illimited number of informational or error strings as well
+   as things to prompt for, both passwords (noecho mode) and others (echo
+   mode), and verification of the same.  All of these are called strings,
+   and are further described below. */
+typedef struct ui_st UI;
+
+/* All instances of UI have a reference to a method structure, which is a
+   ordered vector of functions that implement the lower level things to do.
+   There is an instruction on the implementation further down, in the section
+   for method implementors. */
+typedef struct ui_method_st UI_METHOD;
+
+
+/* All the following functions return -1 or NULL on error and in some cases
+   (UI_process()) -2 if interrupted or in some other way cancelled.
+   When everything is fine, they return 0, a positive value or a non-NULL
+   pointer, all depending on their purpose. */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/* The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+	add	add a text or prompt string.  The pointers given to these
+		functions are used verbatim, no copying is done.
+	dup	make a copy of the text or prompt string, then add the copy
+		to the collection of strings in the user interface.
+	<function>
+		The function is a name for the functionality that the given
+		string shall be used for.  It can be one of:
+			input	use the string as data prompt.
+			verify	use the string as verification prompt.  This
+				is used to verify a previous input.
+			info	use the string for informational output.
+			error	use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is usefull when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+#define UI_INPUT_FLAG_ECHO		0x01
+/* Use a default password.  Where that password is found is completely
+   up to the application, it might for example be in the user data set
+   with UI_add_user_data().  It is not recommended to have more than
+   one input in each UI being marked with this flag, or the application
+   might get confused. */
+#define UI_INPUT_FLAG_DEFAULT_PWD	0x02
+
+/* The user of these routines may want to define flags of their own.  The core
+   UI won't look at those, but will pass them on to the method routines.  They
+   must use higher bits so they don't get confused with the UI bits above.
+   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+   example of use is this:
+
+	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
+
+*/
+#define UI_INPUT_FLAG_USER_BASE	16
+
+
+/* The following function helps construct a prompt.  object_desc is a
+   textual short description of the object, for example "pass phrase",
+   and object_name is the name of the object (might be a card name or
+   a file name.
+   The returned string shall always be allocated on the heap with
+   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+
+   If the ui_method doesn't contain a pointer to a user-defined prompt
+   constructor, a default string is built, looking like this:
+
+	"Enter {object_desc} for {object_name}:"
+
+   So, if object_desc has the value "pass phrase" and object_name has
+   the value "foo.key", the resulting string is:
+
+	"Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+	const char *object_desc, const char *object_name);
+
+
+/* The following function is used to store a pointer to user-specific data.
+   Any previous such pointer will be returned and replaced.
+
+   For callback purposes, this function makes a lot more sense than using
+   ex_data, since the latter requires that different parts of OpenSSL or
+   applications share the same ex_data index.
+
+   Note that the UI_OpenSSL() method completely ignores the user data.
+   Other methods may not, however.  */
+void *UI_add_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/* Give a user interface parametrised control commands.  This can be used to
+   send down an integer, a data pointer or a function pointer, as well as
+   be used to get information from a UI. */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+
+/* The commands */
+/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+   OpenSSL error stack before printing any info or added error messages and
+   before any prompting. */
+#define UI_CTRL_PRINT_ERRORS		1
+/* Check if a UI_process() is possible to do again with the same instance of
+   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+   if not. */
+#define UI_CTRL_IS_REDOABLE		2
+
+
+/* Some methods may use extra data */
+#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+#define UI_get_app_data(s)             UI_get_ex_data(s,0)
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int UI_set_ex_data(UI *r,int idx,void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+
+/* ---------- For method writers ---------- */
+/* A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+	an opener	This function starts a session, maybe by opening
+			a channel to a tty, or by opening a window.
+	a writer	This function is called to write a given string,
+			maybe to the tty, maybe as a field label in a
+			window.
+	a flusher	This function is called to flush everything that
+			has been output so far.  It can be used to actually
+			display a dialog box after it has been built.
+	a reader	This function is called to read a given prompt,
+			maybe from the tty, maybe from a field in a
+			window.  Note that it's called wth all string
+			structures, not only the prompt ones, so it must
+			check such things itself.
+	a closer	This function closes the session, maybe by closing
+			the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+	0	on error.
+	1	on success.
+	-1	on out-of-band events, for example if some prompting has
+		been canceled (by pressing Ctrl-C, for example).  This is
+		only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/* The UI_STRING type is the data structure that contains all the needed info
+   about a string or a prompt, including test data for a verification prompt.
+*/
+DECLARE_STACK_OF(UI_STRING)
+typedef struct ui_string_st UI_STRING;
+
+/* The different types of strings that are currently supported.
+   This is only needed by method authors. */
+enum UI_string_types
+	{
+	UIT_NONE=0,
+	UIT_PROMPT,		/* Prompt for a string */
+	UIT_VERIFY,		/* Prompt for a string and verify */
+	UIT_BOOLEAN,		/* Prompt for a yes/no response */
+	UIT_INFO,		/* Send info to the user */
+	UIT_ERROR		/* Send an error message to the user */
+	};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
+int (*UI_method_get_opener(UI_METHOD *method))(UI*);
+int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
+int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
+int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
+int (*UI_method_get_closer(UI_METHOD *method))(UI*);
+
+/* The following functions are helpers for method writers to access relevant
+   data from a UI_STRING. */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/* Return the optional action string to output (the boolean promtp instruction) */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+/* Return the string to test the result against.  Only useful with verifies. */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_UI_strings(void);
+
+/* Error codes for the UI functions. */
+
+/* Function codes. */
+#define UI_F_GENERAL_ALLOCATE_BOOLEAN			 108
+#define UI_F_GENERAL_ALLOCATE_PROMPT			 109
+#define UI_F_GENERAL_ALLOCATE_STRING			 100
+#define UI_F_UI_CTRL					 111
+#define UI_F_UI_DUP_ERROR_STRING			 101
+#define UI_F_UI_DUP_INFO_STRING				 102
+#define UI_F_UI_DUP_INPUT_BOOLEAN			 110
+#define UI_F_UI_DUP_INPUT_STRING			 103
+#define UI_F_UI_DUP_VERIFY_STRING			 106
+#define UI_F_UI_GET0_RESULT				 107
+#define UI_F_UI_NEW_METHOD				 104
+#define UI_F_UI_SET_RESULT				 105
+
+/* Reason codes. */
+#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS		 104
+#define UI_R_INDEX_TOO_LARGE				 102
+#define UI_R_INDEX_TOO_SMALL				 103
+#define UI_R_NO_RESULT_BUFFER				 105
+#define UI_R_RESULT_TOO_LARGE				 100
+#define UI_R_RESULT_TOO_SMALL				 101
+#define UI_R_UNKNOWN_CONTROL_COMMAND			 106
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/ui/ui_compat.c b/crypto/openssl/crypto/ui/ui_compat.c
new file mode 100644
index 0000000..13e0f70
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_compat.c
@@ -0,0 +1,67 @@
+/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui_compat.h>
+
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
+	{
+	return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+	}
+
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+	{
+	return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+	}
diff --git a/crypto/openssl/crypto/ui/ui_compat.h b/crypto/openssl/crypto/ui/ui_compat.h
new file mode 100644
index 0000000..b35c9bb
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_compat.h
@@ -0,0 +1,83 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_COMPAT_H
+#define HEADER_UI_COMPAT_H
+
+#include <openssl/opensslconf.h>
+#include <openssl/ui.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* The following functions were previously part of the DES section,
+   and are provided here for backward compatibility reasons. */
+
+#define des_read_pw_string(b,l,p,v) \
+	_ossl_old_des_read_pw_string((b),(l),(p),(v))
+#define des_read_pw(b,bf,s,p,v) \
+	_ossl_old_des_read_pw((b),(bf),(s),(p),(v))
+
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/ui/ui_err.c b/crypto/openssl/crypto/ui/ui_err.c
new file mode 100644
index 0000000..39a62ae
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_err.c
@@ -0,0 +1,111 @@
+/* crypto/ui/ui_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UI_str_functs[]=
+	{
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0),	"GENERAL_ALLOCATE_BOOLEAN"},
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0),	"GENERAL_ALLOCATE_PROMPT"},
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0),	"GENERAL_ALLOCATE_STRING"},
+{ERR_PACK(0,UI_F_UI_CTRL,0),	"UI_ctrl"},
+{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0),	"UI_dup_error_string"},
+{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0),	"UI_dup_info_string"},
+{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0),	"UI_dup_input_boolean"},
+{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0),	"UI_dup_input_string"},
+{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0),	"UI_dup_verify_string"},
+{ERR_PACK(0,UI_F_UI_GET0_RESULT,0),	"UI_get0_result"},
+{ERR_PACK(0,UI_F_UI_NEW_METHOD,0),	"UI_new_method"},
+{ERR_PACK(0,UI_F_UI_SET_RESULT,0),	"UI_set_result"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA UI_str_reasons[]=
+	{
+{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS    ,"common ok and cancel characters"},
+{UI_R_INDEX_TOO_LARGE                    ,"index too large"},
+{UI_R_INDEX_TOO_SMALL                    ,"index too small"},
+{UI_R_NO_RESULT_BUFFER                   ,"no result buffer"},
+{UI_R_RESULT_TOO_LARGE                   ,"result too large"},
+{UI_R_RESULT_TOO_SMALL                   ,"result too small"},
+{UI_R_UNKNOWN_CONTROL_COMMAND            ,"unknown control command"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_UI_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_UI,UI_str_functs);
+		ERR_load_strings(ERR_LIB_UI,UI_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/ui/ui_lib.c b/crypto/openssl/crypto/ui/ui_lib.c
new file mode 100644
index 0000000..1dad878
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_lib.c
@@ -0,0 +1,901 @@
+/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+#include "cryptlib.h"
+
+IMPLEMENT_STACK_OF(UI_STRING_ST)
+
+static const UI_METHOD *default_UI_meth=NULL;
+
+UI *UI_new(void)
+	{
+	return(UI_new_method(NULL));
+	}
+
+UI *UI_new_method(const UI_METHOD *method)
+	{
+	UI *ret;
+
+	ret=(UI *)OPENSSL_malloc(sizeof(UI));
+	if (ret == NULL)
+		{
+		UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+	if (method == NULL)
+		ret->meth=UI_get_default_method();
+	else
+		ret->meth=method;
+
+	ret->strings=NULL;
+	ret->user_data=NULL;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+	return ret;
+	}
+
+static void free_string(UI_STRING *uis)
+	{
+	if (uis->flags & OUT_STRING_FREEABLE)
+		{
+		OPENSSL_free((char *)uis->out_string);
+		switch(uis->type)
+			{
+		case UIT_BOOLEAN:
+			OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+			OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+			OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+			break;
+		default:
+			break;
+			}
+		}
+	OPENSSL_free(uis);
+	}
+
+void UI_free(UI *ui)
+	{
+	if (ui == NULL)
+		return;
+	sk_UI_STRING_pop_free(ui->strings,free_string);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+	OPENSSL_free(ui);
+	}
+
+static int allocate_string_stack(UI *ui)
+	{
+	if (ui->strings == NULL)
+		{
+		ui->strings=sk_UI_STRING_new_null();
+		if (ui->strings == NULL)
+			{
+			return -1;
+			}
+		}
+	return 0;
+	}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+	int prompt_freeable, enum UI_string_types type, int input_flags,
+	char *result_buf)
+	{
+	UI_STRING *ret = NULL;
+
+	if (prompt == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
+		}
+	else if ((type == UIT_PROMPT || type == UIT_VERIFY
+			 || type == UIT_BOOLEAN) && result_buf == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
+		}
+	else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
+		{
+		ret->out_string=prompt;
+		ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
+		ret->input_flags=input_flags;
+		ret->type=type;
+		ret->result_buf=result_buf;
+		}
+	return ret;
+	}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+	int prompt_freeable, enum UI_string_types type, int input_flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf)
+	{
+	int ret = -1;
+	UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+		type, input_flags, result_buf);
+
+	if (s)
+		{
+		if (allocate_string_stack(ui) >= 0)
+			{
+			s->_.string_data.result_minsize=minsize;
+			s->_.string_data.result_maxsize=maxsize;
+			s->_.string_data.test_buf=test_buf;
+			ret=sk_UI_STRING_push(ui->strings, s);
+			/* sk_push() returns 0 on error.  Let's addapt that */
+			if (ret <= 0) ret--;
+			}
+		else
+			free_string(s);
+		}
+	return ret;
+	}
+
+static int general_allocate_boolean(UI *ui,
+	const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int prompt_freeable, enum UI_string_types type, int input_flags,
+	char *result_buf)
+	{
+	int ret = -1;
+	UI_STRING *s;
+	const char *p;
+
+	if (ok_chars == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
+		}
+	else if (cancel_chars == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
+		}
+	else
+		{
+		for(p = ok_chars; *p; p++)
+			{
+			if (strchr(cancel_chars, *p))
+				{
+				UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+					UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+				}
+			}
+
+		s = general_allocate_prompt(ui, prompt, prompt_freeable,
+			type, input_flags, result_buf);
+
+		if (s)
+			{
+			if (allocate_string_stack(ui) >= 0)
+				{
+				s->_.boolean_data.action_desc = action_desc;
+				s->_.boolean_data.ok_chars = ok_chars;
+				s->_.boolean_data.cancel_chars = cancel_chars;
+				ret=sk_UI_STRING_push(ui->strings, s);
+				/* sk_push() returns 0 on error.
+				   Let's addapt that */
+				if (ret <= 0) ret--;
+				}
+			else
+				free_string(s);
+			}
+		}
+	return ret;
+	}
+
+/* Returns the index to the place in the stack or 0 for error.  Uses a
+   direct reference to the prompt.  */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize)
+	{
+	return general_allocate_string(ui, prompt, 0,
+		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
+	}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize)
+	{
+	char *prompt_copy=NULL;
+
+	if (prompt)
+		{
+		prompt_copy=BUF_strdup(prompt);
+		if (prompt_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		}
+	
+	return general_allocate_string(ui, prompt_copy, 1,
+		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
+	}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf)
+	{
+	return general_allocate_string(ui, prompt, 0,
+		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
+	}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf)
+	{
+	char *prompt_copy=NULL;
+
+	if (prompt)
+		{
+		prompt_copy=BUF_strdup(prompt);
+		if (prompt_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		}
+	
+	return general_allocate_string(ui, prompt_copy, 1,
+		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
+	}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf)
+	{
+	return general_allocate_boolean(ui, prompt, action_desc,
+		ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
+	}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf)
+	{
+	char *prompt_copy = NULL;
+	char *action_desc_copy = NULL;
+	char *ok_chars_copy = NULL;
+	char *cancel_chars_copy = NULL;
+
+	if (prompt)
+		{
+		prompt_copy=BUF_strdup(prompt);
+		if (prompt_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	if (action_desc)
+		{
+		action_desc_copy=BUF_strdup(action_desc);
+		if (action_desc_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	if (ok_chars)
+		{
+		ok_chars_copy=BUF_strdup(ok_chars);
+		if (ok_chars_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	if (cancel_chars)
+		{
+		cancel_chars_copy=BUF_strdup(cancel_chars);
+		if (cancel_chars_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+		ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
+		result_buf);
+ err:
+	if (prompt_copy) OPENSSL_free(prompt_copy);
+	if (action_desc_copy) OPENSSL_free(action_desc_copy);
+	if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
+	if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
+	return -1;
+	}
+
+int UI_add_info_string(UI *ui, const char *text)
+	{
+	return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+		NULL);
+	}
+
+int UI_dup_info_string(UI *ui, const char *text)
+	{
+	char *text_copy=NULL;
+
+	if (text)
+		{
+		text_copy=BUF_strdup(text);
+		if (text_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		}
+
+	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+		0, 0, NULL);
+	}
+
+int UI_add_error_string(UI *ui, const char *text)
+	{
+	return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+		NULL);
+	}
+
+int UI_dup_error_string(UI *ui, const char *text)
+	{
+	char *text_copy=NULL;
+
+	if (text)
+		{
+		text_copy=BUF_strdup(text);
+		if (text_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		}
+	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+		0, 0, NULL);
+	}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+	const char *object_name)
+	{
+	char *prompt = NULL;
+
+	if (ui->meth->ui_construct_prompt)
+		prompt = ui->meth->ui_construct_prompt(ui,
+			object_desc, object_name);
+	else
+		{
+		char prompt1[] = "Enter ";
+		char prompt2[] = " for ";
+		char prompt3[] = ":";
+		int len = 0;
+
+		if (object_desc == NULL)
+			return NULL;
+		len = sizeof(prompt1) - 1 + strlen(object_desc);
+		if (object_name)
+			len += sizeof(prompt2) - 1 + strlen(object_name);
+		len += sizeof(prompt3) - 1;
+
+		prompt = (char *)OPENSSL_malloc(len + 1);
+		strcpy(prompt, prompt1);
+		strcat(prompt, object_desc);
+		if (object_name)
+			{
+			strcat(prompt, prompt2);
+			strcat(prompt, object_name);
+			}
+		strcat(prompt, prompt3);
+		}
+	return prompt;
+	}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+	{
+	void *old_data = ui->user_data;
+	ui->user_data = user_data;
+	return old_data;
+	}
+
+void *UI_get0_user_data(UI *ui)
+	{
+	return ui->user_data;
+	}
+
+const char *UI_get0_result(UI *ui, int i)
+	{
+	if (i < 0)
+		{
+		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
+		return NULL;
+		}
+	if (i >= sk_UI_STRING_num(ui->strings))
+		{
+		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
+		return NULL;
+		}
+	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+	}
+
+static int print_error(const char *str, size_t len, UI *ui)
+	{
+	UI_STRING uis;
+
+	memset(&uis, 0, sizeof(uis));
+	uis.type = UIT_ERROR;
+	uis.out_string = str;
+
+	if (ui->meth->ui_write_string
+		&& !ui->meth->ui_write_string(ui, &uis))
+		return -1;
+	return 0;
+	}
+
+int UI_process(UI *ui)
+	{
+	int i, ok=0;
+
+	if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
+		return -1;
+
+	if (ui->flags & UI_FLAG_PRINT_ERRORS)
+		ERR_print_errors_cb(
+			(int (*)(const char *, size_t, void *))print_error,
+			(void *)ui);
+
+	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
+		{
+		if (ui->meth->ui_write_string
+			&& !ui->meth->ui_write_string(ui,
+				sk_UI_STRING_value(ui->strings, i)))
+			{
+			ok=-1;
+			goto err;
+			}
+		}
+
+	if (ui->meth->ui_flush)
+		switch(ui->meth->ui_flush(ui))
+			{
+		case -1: /* Interrupt/Cancel/something... */
+			ok = -2;
+			goto err;
+		case 0: /* Errors */
+			ok = -1;
+			goto err;
+		default: /* Success */
+			ok = 0;
+			break;
+			}
+
+	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
+		{
+		if (ui->meth->ui_read_string)
+			{
+			switch(ui->meth->ui_read_string(ui,
+				sk_UI_STRING_value(ui->strings, i)))
+				{
+			case -1: /* Interrupt/Cancel/something... */
+				ok = -2;
+				goto err;
+			case 0: /* Errors */
+				ok = -1;
+				goto err;
+			default: /* Success */
+				ok = 0;
+				break;
+				}
+			}
+		}
+ err:
+	if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+		return -1;
+	return ok;
+	}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)())
+	{
+	if (ui == NULL)
+		{
+		UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+		return -1;
+		}
+	switch(cmd)
+		{
+	case UI_CTRL_PRINT_ERRORS:
+		{
+		int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
+		if (i)
+			ui->flags |= UI_FLAG_PRINT_ERRORS;
+		else
+			ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+		return save_flag;
+		}
+	case UI_CTRL_IS_REDOABLE:
+		return !!(ui->flags & UI_FLAG_REDOABLE);
+	default:
+		break;
+		}
+	UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
+	return -1;
+	}
+
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+				new_func, dup_func, free_func);
+        }
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+	}
+
+void *UI_get_ex_data(UI *r, int idx)
+	{
+	return(CRYPTO_get_ex_data(&r->ex_data,idx));
+	}
+
+void UI_set_default_method(const UI_METHOD *meth)
+	{
+	default_UI_meth=meth;
+	}
+
+const UI_METHOD *UI_get_default_method(void)
+	{
+	if (default_UI_meth == NULL)
+		{
+		default_UI_meth=UI_OpenSSL();
+		}
+	return default_UI_meth;
+	}
+
+const UI_METHOD *UI_get_method(UI *ui)
+	{
+	return ui->meth;
+	}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+	{
+	ui->meth=meth;
+	return ui->meth;
+	}
+
+
+UI_METHOD *UI_create_method(char *name)
+	{
+	UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+
+	if (ui_method)
+		memset(ui_method, 0, sizeof(*ui_method));
+	ui_method->name = BUF_strdup(name);
+	return ui_method;
+	}
+
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using UI_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void UI_destroy_method(UI_METHOD *ui_method)
+	{
+	OPENSSL_free(ui_method->name);
+	ui_method->name = NULL;
+	OPENSSL_free(ui_method);
+	}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
+	{
+	if (method)
+		{
+		method->ui_open_session = opener;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
+	{
+	if (method)
+		{
+		method->ui_write_string = writer;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
+	{
+	if (method)
+		{
+		method->ui_flush = flusher;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
+	{
+	if (method)
+		{
+		method->ui_read_string = reader;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
+	{
+	if (method)
+		{
+		method->ui_close_session = closer;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int (*UI_method_get_opener(UI_METHOD *method))(UI*)
+	{
+	if (method)
+		return method->ui_open_session;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
+	{
+	if (method)
+		return method->ui_write_string;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
+	{
+	if (method)
+		return method->ui_flush;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
+	{
+	if (method)
+		return method->ui_read_string;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_closer(UI_METHOD *method))(UI*)
+	{
+	if (method)
+		return method->ui_close_session;
+	else
+		return NULL;
+	}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+	{
+	if (!uis)
+		return UIT_NONE;
+	return uis->type;
+	}
+
+int UI_get_input_flags(UI_STRING *uis)
+	{
+	if (!uis)
+		return 0;
+	return uis->input_flags;
+	}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	return uis->out_string;
+	}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_BOOLEAN:
+		return uis->_.boolean_data.action_desc;
+	default:
+		return NULL;
+		}
+	}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		return uis->result_buf;
+	default:
+		return NULL;
+		}
+	}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	switch(uis->type)
+		{
+	case UIT_VERIFY:
+		return uis->_.string_data.test_buf;
+	default:
+		return NULL;
+		}
+	}
+
+int UI_get_result_minsize(UI_STRING *uis)
+	{
+	if (!uis)
+		return -1;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		return uis->_.string_data.result_minsize;
+	default:
+		return -1;
+		}
+	}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+	{
+	if (!uis)
+		return -1;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		return uis->_.string_data.result_maxsize;
+	default:
+		return -1;
+		}
+	}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+	{
+	int l = strlen(result);
+
+	ui->flags &= ~UI_FLAG_REDOABLE;
+
+	if (!uis)
+		return -1;
+	switch (uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		{
+		char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
+		char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
+
+		BIO_snprintf(number1, sizeof(number1), "%d",
+			uis->_.string_data.result_minsize);
+		BIO_snprintf(number2, sizeof(number2), "%d",
+			uis->_.string_data.result_maxsize);
+
+		if (l < uis->_.string_data.result_minsize)
+			{
+			ui->flags |= UI_FLAG_REDOABLE;
+			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
+			ERR_add_error_data(5,"You must type in ",
+				number1," to ",number2," characters");
+			return -1;
+			}
+		if (l > uis->_.string_data.result_maxsize)
+			{
+			ui->flags |= UI_FLAG_REDOABLE;
+			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
+			ERR_add_error_data(5,"You must type in ",
+				number1," to ",number2," characters");
+			return -1;
+			}
+		}
+
+		if (!uis->result_buf)
+			{
+			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
+			return -1;
+			}
+
+		strcpy(uis->result_buf, result);
+		break;
+	case UIT_BOOLEAN:
+		{
+		const char *p;
+
+		if (!uis->result_buf)
+			{
+			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
+			return -1;
+			}
+
+		uis->result_buf[0] = '\0';
+		for(p = result; *p; p++)
+			{
+			if (strchr(uis->_.boolean_data.ok_chars, *p))
+				{
+				uis->result_buf[0] =
+					uis->_.boolean_data.ok_chars[0];
+				break;
+				}
+			if (strchr(uis->_.boolean_data.cancel_chars, *p))
+				{
+				uis->result_buf[0] =
+					uis->_.boolean_data.cancel_chars[0];
+				break;
+				}
+			}
+	default:
+		break;
+		}
+		}
+	return 0;
+	}
diff --git a/crypto/openssl/crypto/ui/ui_locl.h b/crypto/openssl/crypto/ui/ui_locl.h
new file mode 100644
index 0000000..7d3a75a
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_locl.h
@@ -0,0 +1,148 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_LOCL_H
+#define HEADER_UI_LOCL_H
+
+#include <openssl/ui.h>
+
+struct ui_method_st
+	{
+	char *name;
+
+	/* All the functions return 1 or non-NULL for success and 0 or NULL
+	   for failure */
+
+	/* Open whatever channel for this, be it the console, an X window
+	   or whatever.
+	   This function should use the ex_data structure to save
+	   intermediate data. */
+	int (*ui_open_session)(UI *ui);
+
+	int (*ui_write_string)(UI *ui, UI_STRING *uis);
+
+	/* Flush the output.  If a GUI dialog box is used, this function can
+	   be used to actually display it. */
+	int (*ui_flush)(UI *ui);
+
+	int (*ui_read_string)(UI *ui, UI_STRING *uis);
+
+	int (*ui_close_session)(UI *ui);
+
+	/* Construct a prompt in a user-defined manner.  object_desc is a
+	   textual short description of the object, for example "pass phrase",
+	   and object_name is the name of the object (might be a card name or
+	   a file name.
+	   The returned string shall always be allocated on the heap with
+	   OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */
+	char *(*ui_construct_prompt)(UI *ui, const char *object_desc,
+		const char *object_name);
+	};
+
+struct ui_string_st
+	{
+	enum UI_string_types type; /* Input */
+	const char *out_string;	/* Input */
+	int input_flags;	/* Flags from the user */
+
+	/* The following parameters are completely irrelevant for UIT_INFO,
+	   and can therefore be set to 0 or NULL */
+	char *result_buf;	/* Input and Output: If not NULL, user-defined
+				   with size in result_maxsize.  Otherwise, it
+				   may be allocated by the UI routine, meaning
+				   result_minsize is going to be overwritten.*/
+	union
+		{
+		struct
+			{
+			int result_minsize;	/* Input: minimum required
+						   size of the result.
+						*/
+			int result_maxsize;	/* Input: maximum permitted
+						   size of the result */
+
+			const char *test_buf;	/* Input: test string to verify
+						   against */
+			} string_data;
+		struct
+			{
+			const char *action_desc; /* Input */
+			const char *ok_chars; /* Input */
+			const char *cancel_chars; /* Input */
+			} boolean_data;
+		} _;
+
+#define OUT_STRING_FREEABLE 0x01
+	int flags;		/* flags for internal use */
+	};
+
+struct ui_st
+	{
+	const UI_METHOD *meth;
+	STACK_OF(UI_STRING) *strings; /* We might want to prompt for more
+					 than one thing at a time, and
+					 with different echoing status.  */
+	void *user_data;
+	CRYPTO_EX_DATA ex_data;
+
+#define UI_FLAG_REDOABLE	0x0001
+#define UI_FLAG_PRINT_ERRORS	0x0100
+	int flags;
+	};
+
+#endif
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c
new file mode 100644
index 0000000..e1a872e
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_openssl.c
@@ -0,0 +1,673 @@
+/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) and others
+ * for the OpenSSL project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
+ * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+
+#include <openssl/e_os2.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# ifdef OPENSSL_UNISTD
+#  include OPENSSL_UNISTD
+# else
+#  include <unistd.h>
+# endif
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+# if defined(_POSIX_VERSION)
+
+#  define SIGACTION
+#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#   define TERMIOS
+#  endif
+
+# endif
+#endif
+
+#ifdef WIN16TTY
+# undef OPENSSL_SYS_WIN16
+# undef WIN16
+# undef _WINDOWS
+# include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "ui_locl.h"
+#include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#ifdef OPENSSL_SYS_VMS		/* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
+# include <wincon.h>
+#endif
+#endif
+
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+# define TERMIOS
+# undef  TERMIO
+# undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+# undef  TERMIOS
+# define TERMIO
+# undef  SGTTY
+#endif
+
+#ifdef _LIBC
+# undef  TERMIOS
+# define TERMIO
+# undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
+# undef  TERMIOS
+# undef  TERMIO
+# define SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+#undef TERMIOS
+#undef TERMIO
+#undef SGTTY
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT		struct termios
+# define TTY_FLAGS		c_lflag
+# define TTY_get(tty,data)	tcgetattr(tty,data)
+# define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT		struct termio
+# define TTY_FLAGS		c_lflag
+# define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT		struct sgttyb
+# define TTY_FLAGS		sg_flags
+# define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
+# include <sys/ioctl.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+	short iosb$w_value;
+	short iosb$w_count;
+	long  iosb$l_info;
+	};
+#endif
+
+#ifdef OPENSSL_SYS_SUNOS
+	typedef int sig_atomic_t;
+#endif
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *					<appro@fy.chalmers.se>
+ */
+# define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+
+/* Define globals.  They are protected by a lock */
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG])(int );
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal,"TT");
+static long tty_orig[3], tty_new[3]; /* XXX   Is there any guarantee that this will always suffice for the actual structures? */
+static long status;
+static unsigned short channel = 0;
+#else
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl =
+	{
+	"OpenSSL default user interface",
+	open_console,
+	write_string,
+	NULL,			/* No flusher is needed for command lines */
+	read_string,
+	close_console,
+	NULL
+	};
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void)
+	{
+	return &ui_openssl;
+	}
+
+/* The following function makes sure that info and error strings are printed
+   before any prompt. */
+static int write_string(UI *ui, UI_STRING *uis)
+	{
+	switch (UI_get_string_type(uis))
+		{
+	case UIT_ERROR:
+	case UIT_INFO:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fflush(tty_out);
+		break;
+	default:
+		break;
+		}
+	return 1;
+	}
+
+static int read_string(UI *ui, UI_STRING *uis)
+	{
+	int ok = 0;
+
+	switch (UI_get_string_type(uis))
+		{
+	case UIT_BOOLEAN:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fputs(UI_get0_action_string(uis), tty_out);
+		fflush(tty_out);
+		return read_string_inner(ui, uis,
+			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
+	case UIT_PROMPT:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fflush(tty_out);
+		return read_string_inner(ui, uis,
+			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
+	case UIT_VERIFY:
+		fprintf(tty_out,"Verifying - %s",
+			UI_get0_output_string(uis));
+		fflush(tty_out);
+		if ((ok = read_string_inner(ui, uis,
+			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)
+			return ok;
+		if (strcmp(UI_get0_result_string(uis),
+			UI_get0_test_string(uis)) != 0)
+			{
+			fprintf(tty_out,"Verify failure\n");
+			fflush(tty_out);
+			return 0;
+			}
+		break;
+	default:
+		break;
+		}
+	return 1;
+	}
+
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static void read_till_nl(FILE *in)
+	{
+#define SIZE 4
+	char buf[SIZE+1];
+
+	do	{
+		fgets(buf,SIZE,in);
+		} while (strchr(buf,'\n') == NULL);
+	}
+
+static volatile sig_atomic_t intr_signal;
+#endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+	{
+	static int ps;
+	int ok;
+	char result[BUFSIZ];
+	int maxsize = BUFSIZ-1;
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+	char *p;
+
+	intr_signal=0;
+	ok=0;
+	ps=0;
+
+	pushsig();
+	ps=1;
+
+	if (!echo && !noecho_console(ui))
+		goto error;
+	ps=2;
+
+	result[0]='\0';
+#ifdef OPENSSL_SYS_MSDOS
+	if (!echo)
+		{
+		noecho_fgets(result,maxsize,tty_in);
+		p=result; /* FIXME: noecho_fgets doesn't return errors */
+		}
+	else
+		p=fgets(result,maxsize,tty_in);
+#else
+	p=fgets(result,maxsize,tty_in);
+#endif
+	if(!p)
+		goto error;
+	if (feof(tty_in)) goto error;
+	if (ferror(tty_in)) goto error;
+	if ((p=(char *)strchr(result,'\n')) != NULL)
+		{
+		if (strip_nl)
+			*p='\0';
+		}
+	else
+		read_till_nl(tty_in);
+	if (UI_set_result(ui, uis, result) >= 0)
+		ok=1;
+
+error:
+	if (intr_signal == SIGINT)
+		ok=-1;
+	if (!echo) fprintf(tty_out,"\n");
+	if (ps >= 2 && !echo && !echo_console(ui))
+		ok=0;
+
+	if (ps >= 1)
+		popsig();
+#else
+	ok=1;
+#endif
+
+	OPENSSL_cleanse(result,BUFSIZ);
+	return ok;
+	}
+
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_UI);
+	is_a_tty = 1;
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS)
+	tty_in=stdin;
+	tty_out=stderr;
+#else
+#  ifdef OPENSSL_SYS_MSDOS
+#    define DEV_TTY "con"
+#  else
+#    define DEV_TTY "/dev/tty"
+#  endif
+	if ((tty_in=fopen(DEV_TTY,"r")) == NULL)
+		tty_in=stdin;
+	if ((tty_out=fopen(DEV_TTY,"w")) == NULL)
+		tty_out=stderr;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+	if (TTY_get(fileno(tty_in),&tty_orig) == -1)
+		{
+#ifdef ENOTTY
+		if (errno == ENOTTY)
+			is_a_tty=0;
+		else
+#endif
+#ifdef EINVAL
+		/* Ariel Glenn ariel@columbia.edu reports that solaris
+		 * can return EINVAL instead.  This should be ok */
+		if (errno == EINVAL)
+			is_a_tty=0;
+		else
+#endif
+			return 0;
+		}
+#endif
+#ifdef OPENSSL_SYS_VMS
+	status = sys$assign(&terminal,&channel,0,0);
+	if (status != SS$_NORMAL)
+		return 0;
+	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return 0;
+#endif
+	return 1;
+	}
+
+static int noecho_console(UI *ui)
+	{
+#ifdef TTY_FLAGS
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+	tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
+		return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return 0;
+#endif
+	return 1;
+	}
+
+static int echo_console(UI *ui)
+	{
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+	tty_new.TTY_FLAGS |= ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
+		return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return 0;
+#endif
+	return 1;
+	}
+
+static int close_console(UI *ui)
+	{
+	if (tty_in != stderr) fclose(tty_in);
+	if (tty_out != stderr) fclose(tty_out);
+#ifdef OPENSSL_SYS_VMS
+	status = sys$dassgn(channel);
+#endif
+	CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+
+	return 1;
+	}
+
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+	{
+	int i;
+#ifdef SIGACTION
+	struct sigaction sa;
+
+	memset(&sa,0,sizeof sa);
+	sa.sa_handler=recsig;
+#endif
+
+	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGKILL
+		if (i == SIGKILL) /* We can't make any action on that. */
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&sa,&savsig[i]);
+#else
+		savsig[i]=signal(i,recsig);
+#endif
+		}
+
+#ifdef SIGWINCH
+	signal(SIGWINCH,SIG_DFL);
+#endif
+	}
+
+static void popsig(void)
+	{
+	int i;
+
+	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&savsig[i],NULL);
+#else
+		signal(i,savsig[i]);
+#endif
+		}
+	}
+
+static void recsig(int i)
+	{
+	intr_signal=i;
+	}
+#endif
+
+/* Internal functions specific for Windows */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+	{
+	int i;
+	char *p;
+
+	p=buf;
+	for (;;)
+		{
+		if (size == 0)
+			{
+			*p='\0';
+			break;
+			}
+		size--;
+#ifdef WIN16TTY
+		i=_inchar();
+#else
+		i=getch();
+#endif
+		if (i == '\r') i='\n';
+		*(p++)=i;
+		if (i == '\n')
+			{
+			*p='\0';
+			break;
+			}
+		}
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+		{
+			HANDLE inh;
+			inh = GetStdHandle(STD_INPUT_HANDLE);
+			FlushConsoleInputBuffer(inh);
+		}
+#endif
+	return(strlen(buf));
+	}
+#endif
diff --git a/crypto/openssl/crypto/ui/ui_util.c b/crypto/openssl/crypto/ui/ui_util.c
new file mode 100644
index 0000000..ee9730d
--- /dev/null
+++ b/crypto/openssl/crypto/ui/ui_util.c
@@ -0,0 +1,89 @@
+/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui.h>
+
+int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
+	{
+	char buff[BUFSIZ];
+	int ret;
+
+	ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+	OPENSSL_cleanse(buff,BUFSIZ);
+	return(ret);
+	}
+
+int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+	{
+	int ok = 0;
+	UI *ui;
+
+	if (size < 1)
+		return -1;
+
+	ui = UI_new();
+	if (ui)
+		{
+		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
+		if (ok == 0 && verify)
+			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
+				buf);
+		if (ok == 0)
+			ok=UI_process(ui);
+		UI_free(ui);
+		}
+	return(ok);
+	}
diff --git a/crypto/openssl/crypto/uid.c b/crypto/openssl/crypto/uid.c
index b5b61b7..73205a4 100644
--- a/crypto/openssl/crypto/uid.c
+++ b/crypto/openssl/crypto/uid.c
@@ -54,17 +54,18 @@
  */
 
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 
 #if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
 
-#include <unistd.h>
+#include OPENSSL_UNISTD
 
 int OPENSSL_issetugid(void)
 	{
 	return issetugid();
 	}
 
-#elif defined(WIN32)
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)
 
 int OPENSSL_issetugid(void)
 	{
@@ -73,7 +74,7 @@ int OPENSSL_issetugid(void)
 
 #else
 
-#include <unistd.h>
+#include OPENSSL_UNISTD
 #include <sys/types.h>
 
 int OPENSSL_issetugid(void)
diff --git a/crypto/openssl/crypto/x509/Makefile.ssl b/crypto/openssl/crypto/x509/Makefile.ssl
index bcee4b3..6a5a879 100644
--- a/crypto/openssl/crypto/x509/Makefile.ssl
+++ b/crypto/openssl/crypto/x509/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	x509
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -24,13 +25,13 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
 	x509_obj.c x509_req.c x509spki.c x509_vfy.c \
-	x509_set.c x509rset.c x509_err.c \
+	x509_set.c x509cset.c x509rset.c x509_err.c \
 	x509name.c x509_v3.c x509_ext.c x509_att.c \
 	x509type.c x509_lu.c x_all.c x509_txt.c \
 	x509_trs.c by_file.c by_dir.c 
 LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
 	x509_obj.o x509_req.o x509spki.o x509_vfy.o \
-	x509_set.o x509rset.o x509_err.o \
+	x509_set.o x509cset.o x509rset.o x509_err.o \
 	x509name.o x509_v3.o x509_ext.o x509_att.o \
 	x509type.o x509_lu.o x_all.o x509_txt.o \
 	x509_trs.o by_file.o by_dir.o
@@ -49,8 +50,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -78,7 +78,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -89,127 +89,141 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-by_dir.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-by_dir.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_dir.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+by_dir.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+by_dir.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-by_dir.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+by_dir.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+by_dir.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_dir.o: ../cryptlib.h
+by_dir.o: ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/aes.h
 by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+by_file.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_file.o: ../cryptlib.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+by_file.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+by_file.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+by_file.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/aes.h
 x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x509_att.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_att.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_att.o: ../cryptlib.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_att.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_att.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_att.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/aes.h
 x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_cmp.o: ../cryptlib.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_cmp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_cmp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_cmp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/aes.h
 x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_d2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_d2.o: ../cryptlib.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x509_d2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/aes.h
 x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_def.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_def.o: ../../include/openssl/opensslconf.h
-x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_def.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_def.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_def.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x509_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
@@ -217,300 +231,364 @@ x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_err.o: ../../include/openssl/x509_vfy.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/aes.h
 x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x509_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_ext.o: ../cryptlib.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_ext.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_ext.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_ext.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/aes.h
 x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_lu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_lu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_lu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_lu.o: ../cryptlib.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/aes.h
 x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_obj.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_obj.o: ../../include/openssl/opensslconf.h
-x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_obj.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_obj.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_obj.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/aes.h
 x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_r2x.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_r2x.o: ../../include/openssl/opensslconf.h
-x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_r2x.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_r2x.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_r2x.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/aes.h
 x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_req.o: ../../include/openssl/opensslconf.h
-x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/aes.h
 x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_set.o: ../../include/openssl/opensslconf.h
-x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_set.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/aes.h
 x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x509_trs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_trs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_trs.o: ../cryptlib.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_trs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_trs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_trs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/aes.h
 x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_txt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_txt.o: ../../include/openssl/opensslconf.h
-x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_txt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_txt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_txt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/aes.h
 x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x509_v3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_v3.o: ../cryptlib.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/aes.h
 x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_vfy.o: ../cryptlib.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c
+x509cset.o: ../../e_os.h ../../include/openssl/aes.h
+x509cset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509cset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509cset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509cset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509cset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509cset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509cset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509cset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509cset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509cset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509cset.o: ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/aes.h
 x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509name.o: ../../include/openssl/opensslconf.h
-x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/aes.h
 x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509rset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509rset.o: ../../include/openssl/opensslconf.h
-x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x509spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x509spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509rset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509rset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509rset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/aes.h
+x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509spki.o: ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/aes.h
 x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509type.o: ../../include/openssl/opensslconf.h
-x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509type.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_all.o: ../cryptlib.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c
index 78e9240..22be90c 100644
--- a/crypto/openssl/crypto/x509/by_file.c
+++ b/crypto/openssl/crypto/x509/by_file.c
@@ -66,7 +66,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
 	long argl, char **ret);
@@ -100,18 +100,19 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	case X509_L_FILE_LOAD:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
-				X509_FILETYPE_PEM) != 0);
+			file = (char *)Getenv(X509_get_default_cert_file_env());
+			if (file)
+				ok = (X509_load_cert_crl_file(ctx,file,
+					      X509_FILETYPE_PEM) != 0);
+
+			else
+				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+					      X509_FILETYPE_PEM) != 0);
+
 			if (!ok)
 				{
 				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
 				}
-			else
-				{
-				file=(char *)Getenv(X509_get_default_cert_file_env());
-				ok = (X509_load_cert_crl_file(ctx,file,
-					X509_FILETYPE_PEM) != 0);
-				}
 			}
 		else
 			{
@@ -294,5 +295,5 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
 }
 
 
-#endif /* NO_STDIO */
+#endif /* OPENSSL_NO_STDIO */
 
diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h
index 385c2e1..eaad568 100644
--- a/crypto/openssl/crypto/x509/x509.h
+++ b/crypto/openssl/crypto/x509/x509.h
@@ -60,47 +60,45 @@
 #define HEADER_X509_H
 
 #include <openssl/symhacks.h>
-#ifndef NO_BUFFER
+#ifndef OPENSSL_NO_BUFFER
 #include <openssl/buffer.h>
 #endif
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 #include <openssl/evp.h>
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/stack.h>
 #include <openssl/asn1.h>
 #include <openssl/safestack.h>
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-
-#include <openssl/evp.h>
-
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
+#include <openssl/e_os2.h>
+#include <openssl/ossl_typ.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 /* Under Win32 this is defined in wincrypt.h */
 #undef X509_NAME
 #endif
 
-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
-
 #define X509_FILETYPE_PEM	1
 #define X509_FILETYPE_ASN1	2
 #define X509_FILETYPE_DEFAULT	3
@@ -123,11 +121,11 @@ typedef struct X509_objects_st
 	int (*i2a)();
 	} X509_OBJECTS;
 
-typedef struct X509_algor_st
+struct X509_algor_st
 	{
 	ASN1_OBJECT *algorithm;
 	ASN1_TYPE *parameter;
-	} X509_ALGOR;
+	} /* X509_ALGOR */;
 
 DECLARE_STACK_OF(X509_ALGOR)
 DECLARE_ASN1_SET_OF(X509_ALGOR)
@@ -163,17 +161,17 @@ DECLARE_STACK_OF(X509_NAME_ENTRY)
 DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
 
 /* we always keep X509_NAMEs in 2 forms. */
-typedef struct X509_name_st
+struct X509_name_st
 	{
 	STACK_OF(X509_NAME_ENTRY) *entries;
 	int modified;	/* true if 'bytes' needs to be built */
-#ifndef NO_BUFFER
+#ifndef OPENSSL_NO_BUFFER
 	BUF_MEM *bytes;
 #else
 	char *bytes;
 #endif
 	unsigned long hash; /* Keep the hash around for lookups */
-	} X509_NAME;
+	} /* X509_NAME */;
 
 DECLARE_STACK_OF(X509_NAME)
 
@@ -182,11 +180,8 @@ DECLARE_STACK_OF(X509_NAME)
 typedef struct X509_extension_st
 	{
 	ASN1_OBJECT *object;
-	short critical;
-	short netscape_hack;
+	ASN1_BOOLEAN critical;
 	ASN1_OCTET_STRING *value;
-	struct v3_ext_method *method;	/* V3 method to use */
-	void *ext_val;			/* extension value */
 	} X509_EXTENSION;
 
 DECLARE_STACK_OF(X509_EXTENSION)
@@ -196,27 +191,26 @@ DECLARE_ASN1_SET_OF(X509_EXTENSION)
 typedef struct x509_attributes_st
 	{
 	ASN1_OBJECT *object;
-	int set; /* 1 for a set, 0 for a single item (which is wrong) */
+	int single; /* 0 for a set, 1 for a single item (which is wrong) */
 	union	{
 		char		*ptr;
-/* 1 */		STACK_OF(ASN1_TYPE) *set;
-/* 0 */		ASN1_TYPE	*single;
+/* 0 */		STACK_OF(ASN1_TYPE) *set;
+/* 1 */		ASN1_TYPE	*single;
 		} value;
 	} X509_ATTRIBUTE;
 
 DECLARE_STACK_OF(X509_ATTRIBUTE)
 DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
 
+
 typedef struct X509_req_info_st
 	{
-	unsigned char *asn1;
-	int length;
+	ASN1_ENCODING enc;
 	ASN1_INTEGER *version;
 	X509_NAME *subject;
 	X509_PUBKEY *pubkey;
 	/*  d=2 hl=2 l=  0 cons: cont: 00 */
 	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	int req_kludge;
 	} X509_REQ_INFO;
 
 typedef struct X509_req_st
@@ -256,7 +250,7 @@ typedef struct x509_cert_aux_st
 	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */
 	} X509_CERT_AUX;
 
-typedef struct x509_st
+struct x509_st
 	{
 	X509_CINF *cert_info;
 	X509_ALGOR *sig_alg;
@@ -273,11 +267,11 @@ typedef struct x509_st
 	unsigned long ex_nscert;
 	ASN1_OCTET_STRING *skid;
 	struct AUTHORITY_KEYID_st *akid;
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
 	X509_CERT_AUX *aux;
-	} X509;
+	} /* X509 */;
 
 DECLARE_STACK_OF(X509)
 DECLARE_ASN1_SET_OF(X509)
@@ -304,10 +298,12 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_SSL_SERVER	3
 #define X509_TRUST_EMAIL	4
 #define X509_TRUST_OBJECT_SIGN	5
+#define X509_TRUST_OCSP_SIGN	6
+#define X509_TRUST_OCSP_REQUEST	7
 
 /* Keep these up to date! */
 #define X509_TRUST_MIN		1
-#define X509_TRUST_MAX		5
+#define X509_TRUST_MAX		7
 
 
 /* trust_flags values */
@@ -320,6 +316,22 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED	2
 #define X509_TRUST_UNTRUSTED	3
 
+/* Flags for X509_print_ex() */
+
+#define	X509_FLAG_COMPAT		0
+#define	X509_FLAG_NO_HEADER		1L
+#define	X509_FLAG_NO_VERSION		(1L << 1)
+#define	X509_FLAG_NO_SERIAL		(1L << 2)
+#define	X509_FLAG_NO_SIGNAME		(1L << 3)
+#define	X509_FLAG_NO_ISSUER		(1L << 4)
+#define	X509_FLAG_NO_VALIDITY		(1L << 5)
+#define	X509_FLAG_NO_SUBJECT		(1L << 6)
+#define	X509_FLAG_NO_PUBKEY		(1L << 7)
+#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)
+#define	X509_FLAG_NO_SIGDUMP		(1L << 9)
+#define	X509_FLAG_NO_AUX		(1L << 10)
+#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)
+
 /* Flags specific to X509_NAME_print_ex() */	
 
 /* The field separator information */
@@ -351,6 +363,8 @@ DECLARE_STACK_OF(X509_TRUST)
 
 #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
 
+#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */
+
 /* Complete set of RFC2253 flags */
 
 #define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
@@ -373,7 +387,8 @@ DECLARE_STACK_OF(X509_TRUST)
 			ASN1_STRFLGS_ESC_MSB | \
 			XN_FLAG_SEP_MULTILINE | \
 			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_LN)
+			XN_FLAG_FN_LN | \
+			XN_FLAG_FN_ALIGN)
 
 typedef struct X509_revoked_st
 	{
@@ -397,14 +412,14 @@ typedef struct X509_crl_info_st
 	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
 	} X509_CRL_INFO;
 
-typedef struct X509_crl_st
+struct X509_crl_st
 	{
 	/* actual signature */
 	X509_CRL_INFO *crl;
 	X509_ALGOR *sig_alg;
 	ASN1_BIT_STRING *signature;
 	int references;
-	} X509_CRL;
+	} /* X509_CRL */;
 
 DECLARE_STACK_OF(X509_CRL)
 DECLARE_ASN1_SET_OF(X509_CRL)
@@ -430,7 +445,7 @@ typedef struct private_key_st
 	int references;
 	} X509_PKEY;
 
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 typedef struct X509_info_st
 	{
 	X509 *x509;
@@ -471,10 +486,12 @@ typedef struct Netscape_certificate_sequence
 	STACK_OF(X509) *certs;
 	} NETSCAPE_CERT_SEQUENCE;
 
+/* Unused (and iv length is wrong)
 typedef struct CBCParameter_st
 	{
 	unsigned char iv[8];
 	} CBC_PARAM;
+*/
 
 /* Password based encryption structure */
 
@@ -686,7 +703,7 @@ extern "C" {
 const char *X509_verify_cert_error_string(long n);
 
 #ifndef SSLEAY_MACROS
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -700,11 +717,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
 
+int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
+
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
+int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
+		unsigned char *md, unsigned int *len);
 int X509_digest(const X509 *data,const EVP_MD *type,
 		unsigned char *md, unsigned int *len);
 int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
@@ -715,14 +736,14 @@ int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
 		unsigned char *md, unsigned int *len);
 #endif
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 **x509);
 int i2d_X509_fp(FILE *fp,X509 *x509);
 X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
 int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
 X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
 int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
@@ -730,7 +751,7 @@ int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
 int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
@@ -748,14 +769,14 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 X509 *d2i_X509_bio(BIO *bp,X509 **x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
 X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
 int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
 X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
 int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
@@ -763,7 +784,7 @@ int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
 int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
@@ -789,7 +810,7 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
 #endif
@@ -811,23 +832,11 @@ const char *	X509_get_default_private_dir(void );
 X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
 
-X509_ALGOR *	X509_ALGOR_new(void );
-void		X509_ALGOR_free(X509_ALGOR *a);
-int		i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
-X509_ALGOR *	d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
 
-X509_VAL *	X509_VAL_new(void );
-void		X509_VAL_free(X509_VAL *a);
-int		i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
-X509_VAL *	d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
 
-X509_PUBKEY *	X509_PUBKEY_new(void );
-void		X509_PUBKEY_free(X509_PUBKEY *a);
-int		i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
-X509_PUBKEY *	d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
-			long length);
 int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
 int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
@@ -835,69 +844,37 @@ int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
 int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
 EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
 			long length);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
 RSA *		d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
 			long length);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
 DSA *		d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
 			long length);
 #endif
 
-X509_SIG *	X509_SIG_new(void );
-void		X509_SIG_free(X509_SIG *a);
-int		i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
-X509_SIG *	d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
-
-X509_REQ_INFO *X509_REQ_INFO_new(void);
-void		X509_REQ_INFO_free(X509_REQ_INFO *a);
-int		i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
-X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
-			long length);
-
-X509_REQ *	X509_REQ_new(void);
-void		X509_REQ_free(X509_REQ *a);
-int		i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
-X509_REQ *	d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
-void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
-int		i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
 
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
 
-X509_EXTENSION *X509_EXTENSION_new(void );
-void		X509_EXTENSION_free(X509_EXTENSION *a);
-int		i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
-X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
-void		X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
-int		i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
 
-X509_NAME *	X509_NAME_new(void);
-void		X509_NAME_free(X509_NAME *a);
-int		i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
-X509_NAME *	d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
 int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);
 
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
 
-X509_CINF *	X509_CINF_new(void);
-void		X509_CINF_free(X509_CINF *a);
-int		i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
-X509_CINF *	d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
-X509 *		X509_new(void);
-void		X509_free(X509 *a);
-int		i2d_X509(X509 *a,unsigned char **pp);
-X509 *		d2i_X509(X509 **a,unsigned char **pp,long length);
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int X509_set_ex_data(X509 *r, int idx, void *arg);
@@ -905,60 +882,32 @@ void *X509_get_ex_data(X509 *r, int idx);
 int		i2d_X509_AUX(X509 *a,unsigned char **pp);
 X509 *		d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
 
-X509_CERT_AUX *	X509_CERT_AUX_new(void);
-void		X509_CERT_AUX_free(X509_CERT_AUX *a);
-int		i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
-X509_CERT_AUX *	d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
-								long length);
 int X509_alias_set1(X509 *x, unsigned char *name, int len);
 int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+int X509_TRUST_set(int *t, int trust);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
 void X509_trust_clear(X509 *x);
 void X509_reject_clear(X509 *x);
 
-X509_REVOKED *	X509_REVOKED_new(void);
-void		X509_REVOKED_free(X509_REVOKED *a);
-int		i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
-X509_REVOKED *	d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
-
-X509_CRL_INFO *X509_CRL_INFO_new(void);
-void		X509_CRL_INFO_free(X509_CRL_INFO *a);
-int		i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
-X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
 
-X509_CRL *	X509_CRL_new(void);
-void		X509_CRL_free(X509_CRL *a);
-int		i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
-X509_CRL *	d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
 
 X509_PKEY *	X509_PKEY_new(void );
 void		X509_PKEY_free(X509_PKEY *a);
 int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
 X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
 
-NETSCAPE_SPKI *	NETSCAPE_SPKI_new(void );
-void		NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
-int		i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
-NETSCAPE_SPKI *	d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
-			long length);
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
-void		NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
-int		i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
-		long length);
-
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
 
-int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
-NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
-NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
-void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
-
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 X509_INFO *	X509_INFO_new(void);
 void		X509_INFO_free(X509_INFO *a);
 char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -972,6 +921,16 @@ int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	ASN1_BIT_STRING *signature,
 	char *data,EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
+	unsigned char *md,unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+	ASN1_BIT_STRING *signature,
+	void *data, EVP_PKEY *pkey, const EVP_MD *type);
 #endif
 
 int 		X509_set_version(X509 *x,long version);
@@ -985,6 +944,7 @@ int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);
 int 		X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
 int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
 
 int		X509_REQ_set_version(X509_REQ *x,long version);
@@ -1007,14 +967,23 @@ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
 int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len);
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
 			int nid, int type,
-			unsigned char *bytes, int len);
+			const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			char *attrname, int type,
-			unsigned char *bytes, int len);
+			const char *attrname, int type,
+			const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 
 int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
 
@@ -1032,19 +1001,23 @@ int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long	X509_NAME_hash(X509_NAME *x);
 
 int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
+int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print_fp(FILE *bp,X509 *x);
 int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print(BIO *bp,X509 *x);
+int		X509_ocspid_print(BIO *bp,X509 *x);
 int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int		X509_CRL_print(BIO *bp,X509_CRL *x);
+int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
@@ -1103,6 +1076,8 @@ X509_EXTENSION *X509_get_ext(X509 *x, int loc);
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
 int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
 void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+							unsigned long flags);
 
 int		X509_CRL_get_ext_count(X509_CRL *x);
 int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
@@ -1112,6 +1087,8 @@ X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
 int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
 void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+							unsigned long flags);
 
 int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
 int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
@@ -1121,6 +1098,8 @@ X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
 int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
 void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+							unsigned long flags);
 
 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
 			int nid, int crit, ASN1_OCTET_STRING *data);
@@ -1144,22 +1123,22 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
 					 X509_ATTRIBUTE *attr);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len);
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 			int nid, int type,
-			unsigned char *bytes, int len);
+			const unsigned char *bytes, int len);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			char *attrname, int type,
-			unsigned char *bytes, int len);
+			const char *attrname, int type,
+			const unsigned char *bytes, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, void *data, int len);
+	     int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     ASN1_OBJECT *obj, int atrtype, void *data, int len);
+	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		char *atrname, int type, unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
+		const char *atrname, int type, const unsigned char *bytes, int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
 					int atrtype, void *data);
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
@@ -1173,31 +1152,17 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
 				     ASN1_INTEGER *serial);
 X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
 
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
-PBEPARAM *PBEPARAM_new(void);
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
-void PBEPARAM_free(PBEPARAM *a);
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 					 unsigned char *salt, int saltlen);
 
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
-PBKDF2PARAM *PBKDF2PARAM_new(void);
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
-void PBKDF2PARAM_free(PBKDF2PARAM *a);
-
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
-PBE2PARAM *PBE2PARAM_new(void);
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
-void PBE2PARAM_free(PBE2PARAM *a);
-
 /* PKCS#8 utilities */
 
-int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
-					 unsigned char **pp, long length);
-void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
 
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
@@ -1258,9 +1223,12 @@ void ERR_load_X509_strings(void);
 #define X509_F_X509_REQ_TO_X509				 123
 #define X509_F_X509_STORE_ADD_CERT			 124
 #define X509_F_X509_STORE_ADD_CRL			 125
+#define X509_F_X509_STORE_CTX_INIT			 143
+#define X509_F_X509_STORE_CTX_NEW			 142
 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT		 134
 #define X509_F_X509_TO_X509_REQ				 126
 #define X509_F_X509_TRUST_ADD				 133
+#define X509_F_X509_TRUST_SET				 141
 #define X509_F_X509_VERIFY_CERT				 127
 
 /* Reason codes. */
@@ -1271,6 +1239,7 @@ void ERR_load_X509_strings(void);
 #define X509_R_ERR_ASN1_LIB				 102
 #define X509_R_INVALID_DIRECTORY			 113
 #define X509_R_INVALID_FIELD_NAME			 119
+#define X509_R_INVALID_TRUST				 123
 #define X509_R_KEY_TYPE_MISMATCH			 115
 #define X509_R_KEY_VALUES_MISMATCH			 116
 #define X509_R_LOADING_CERT_DIR				 103
diff --git a/crypto/openssl/crypto/x509/x509_att.c b/crypto/openssl/crypto/x509/x509_att.c
index caafde6..0bae3d3 100644
--- a/crypto/openssl/crypto/x509/x509_att.c
+++ b/crypto/openssl/crypto/x509/x509_att.c
@@ -149,8 +149,8 @@ err2:
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len)
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len)
 {
 	X509_ATTRIBUTE *attr;
 	STACK_OF(X509_ATTRIBUTE) *ret;
@@ -163,7 +163,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 			int nid, int type,
-			unsigned char *bytes, int len)
+			const unsigned char *bytes, int len)
 {
 	X509_ATTRIBUTE *attr;
 	STACK_OF(X509_ATTRIBUTE) *ret;
@@ -175,8 +175,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			char *attrname, int type,
-			unsigned char *bytes, int len)
+			const char *attrname, int type,
+			const unsigned char *bytes, int len)
 {
 	X509_ATTRIBUTE *attr;
 	STACK_OF(X509_ATTRIBUTE) *ret;
@@ -188,7 +188,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, void *data, int len)
+	     int atrtype, const void *data, int len)
 {
 	ASN1_OBJECT *obj;
 	X509_ATTRIBUTE *ret;
@@ -205,7 +205,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     ASN1_OBJECT *obj, int atrtype, void *data, int len)
+	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
 {
 	X509_ATTRIBUTE *ret;
 
@@ -234,7 +234,7 @@ err:
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		char *atrname, int type, unsigned char *bytes, int len)
+		const char *atrname, int type, const unsigned char *bytes, int len)
 	{
 	ASN1_OBJECT *obj;
 	X509_ATTRIBUTE *nattr;
@@ -252,7 +252,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
 	return nattr;
 	}
 
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
 	if ((attr == NULL) || (obj == NULL))
 		return(0);
@@ -261,7 +261,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
 	return(1);
 }
 
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
 {
 	ASN1_TYPE *ttmp;
 	ASN1_STRING *stmp;
@@ -283,7 +283,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int
 	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
 	if(!(ttmp = ASN1_TYPE_new())) goto err;
 	if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
-	attr->set = 1;
+	attr->single = 0;
 	ASN1_TYPE_set(ttmp, atype, stmp);
 	return 1;
 	err:
@@ -293,7 +293,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int
 
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
 {
-	if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
+	if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
 	if(attr->value.single) return 1;
 	return 0;
 }
@@ -321,6 +321,6 @@ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
 	if (attr == NULL) return(NULL);
 	if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
-	if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
+	if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
 	else return attr->value.single;
 }
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c
index 3f9f9b3..f460102 100644
--- a/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/crypto/openssl/crypto/x509/x509_cmp.c
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
@@ -75,24 +76,27 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 	return(X509_NAME_cmp(ai->issuer,bi->issuer));
 	}
 
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 unsigned long X509_issuer_and_serial_hash(X509 *a)
 	{
 	unsigned long ret=0;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char md[16];
-	char str[256];
+	char *f;
 
-	X509_NAME_oneline(a->cert_info->issuer,str,256);
-	ret=strlen(str);
-	MD5_Init(&ctx);
-	MD5_Update(&ctx,(unsigned char *)str,ret);
-	MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+	EVP_MD_CTX_init(&ctx);
+	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+	ret=strlen(f);
+	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+	OPENSSL_free(f);
+	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
 		(unsigned long)a->cert_info->serialNumber->length);
-	MD5_Final(&(md[0]),&ctx);
+	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
 		)&0xffffffffL;
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
 #endif
@@ -137,7 +141,7 @@ unsigned long X509_subject_name_hash(X509 *x)
 	return(X509_NAME_hash(x->cert_info->subject));
 	}
 
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 /* Compare two certificates: they must be identical for
  * this to work. NB: Although "cmp" operations are generally
  * prototyped to take "const" arguments (eg. for use in
@@ -157,6 +161,99 @@ int X509_cmp(const X509 *a, const X509 *b)
 }
 #endif
 
+
+/* Case insensitive string comparision */
+static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+	int i;
+
+	if (a->length != b->length)
+		return (a->length - b->length);
+
+	for (i=0; i<a->length; i++)
+	{
+		int ca, cb;
+
+		ca = tolower(a->data[i]);
+		cb = tolower(b->data[i]);
+
+		if (ca != cb)
+			return(ca-cb);
+	}
+	return 0;
+}
+
+/* Case insensitive string comparision with space normalization 
+ * Space normalization - ignore leading, trailing spaces, 
+ *       multiple spaces between characters are replaced by single space  
+ */
+static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+	unsigned char *pa = NULL, *pb = NULL;
+	int la, lb;
+	
+	la = a->length;
+	lb = b->length;
+	pa = a->data;
+	pb = b->data;
+
+	/* skip leading spaces */
+	while (la > 0 && isspace(*pa))
+	{
+		la--;
+		pa++;
+	}
+	while (lb > 0 && isspace(*pb))
+	{
+		lb--;
+		pb++;
+	}
+
+	/* skip trailing spaces */
+	while (la > 0 && isspace(pa[la-1]))
+		la--;
+	while (lb > 0 && isspace(pb[lb-1]))
+		lb--;
+
+	/* compare strings with space normalization */
+	while (la > 0 && lb > 0)
+	{
+		int ca, cb;
+
+		/* compare character */
+		ca = tolower(*pa);
+		cb = tolower(*pb);
+		if (ca != cb)
+			return (ca - cb);
+
+		pa++; pb++;
+		la--; lb--;
+
+		if (la <= 0 || lb <= 0)
+			break;
+
+		/* is white space next character ? */
+		if (isspace(*pa) && isspace(*pb))
+		{
+			/* skip remaining white spaces */
+			while (la > 0 && isspace(*pa))
+			{
+				la--;
+				pa++;
+			}
+			while (lb > 0 && isspace(*pb))
+			{
+				lb--;
+				pb++;
+			}
+		}
+	}
+	if (la > 0 || lb > 0)
+		return la - lb;
+
+	return 0;
+}
+
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 	{
 	int i,j;
@@ -170,10 +267,20 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 		{
 		na=sk_X509_NAME_ENTRY_value(a->entries,i);
 		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-		j=na->value->length-nb->value->length;
+		j=na->value->type-nb->value->type;
 		if (j) return(j);
-		j=memcmp(na->value->data,nb->value->data,
-			na->value->length);
+		if (na->value->type == V_ASN1_PRINTABLESTRING)
+			j=nocase_spacenorm_cmp(na->value, nb->value);
+		else if (na->value->type == V_ASN1_IA5STRING
+			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+			j=nocase_cmp(na->value, nb->value);
+		else
+			{
+			j=na->value->length-nb->value->length;
+			if (j) return(j);
+			j=memcmp(na->value->data,nb->value->data,
+				na->value->length);
+			}
 		if (j) return(j);
 		j=na->set-nb->set;
 		if (j) return(j);
@@ -192,7 +299,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 	return(0);
 	}
 
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
  * this is reasonably efficient. */
 unsigned long X509_NAME_hash(X509_NAME *x)
@@ -200,12 +307,9 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 	unsigned long ret=0;
 	unsigned char md[16];
 
-	/* Ensure cached version is up to date */
+	/* Make sure X509_NAME structure contains valid cached encoding */
 	i2d_X509_NAME(x,NULL);
-	/* Use cached encoding directly rather than copying: this should
-	 * keep libsafe happy.
-	 */
-	MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
+	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
 
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -258,6 +362,12 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
 	return(X509_PUBKEY_get(x->cert_info->key));
 	}
 
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+	{
+	if(!x) return NULL;
+	return x->cert_info->key->public_key;
+	}
+
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
 	{
 	EVP_PKEY *xk=NULL;
@@ -271,7 +381,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
 	    }
 	switch (k->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
 		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
 		    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
@@ -281,7 +391,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
 		    }
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
 		    {
@@ -290,7 +400,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
 		    }
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case EVP_PKEY_DH:
 		/* No idea */
 	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
diff --git a/crypto/openssl/crypto/x509/x509_d2.c b/crypto/openssl/crypto/x509/x509_d2.c
index 753d53e..51410cf 100644
--- a/crypto/openssl/crypto/x509/x509_d2.c
+++ b/crypto/openssl/crypto/x509/x509_d2.c
@@ -61,7 +61,7 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int X509_STORE_set_default_paths(X509_STORE *ctx)
 	{
 	X509_LOOKUP *lookup;
diff --git a/crypto/openssl/crypto/x509/x509_err.c b/crypto/openssl/crypto/x509/x509_err.c
index 848add5..5bbf4ac 100644
--- a/crypto/openssl/crypto/x509/x509_err.c
+++ b/crypto/openssl/crypto/x509/x509_err.c
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA X509_str_functs[]=
 	{
 {ERR_PACK(0,X509_F_ADD_CERT_DIR,0),	"ADD_CERT_DIR"},
@@ -100,9 +100,12 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0),	"X509_REQ_to_X509"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_add_cert"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0),	"X509_STORE_CTX_init"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0),	"X509_STORE_CTX_new"},
 {ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0),	"X509_STORE_CTX_purpose_inherit"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),	"X509_to_X509_REQ"},
 {ERR_PACK(0,X509_F_X509_TRUST_ADD,0),	"X509_TRUST_add"},
+{ERR_PACK(0,X509_F_X509_TRUST_SET,0),	"X509_TRUST_set"},
 {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0),	"X509_verify_cert"},
 {0,NULL}
 	};
@@ -116,6 +119,7 @@ static ERR_STRING_DATA X509_str_reasons[]=
 {X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
 {X509_R_INVALID_DIRECTORY                ,"invalid directory"},
 {X509_R_INVALID_FIELD_NAME               ,"invalid field name"},
+{X509_R_INVALID_TRUST                    ,"invalid trust"},
 {X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
 {X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
 {X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
@@ -143,7 +147,7 @@ void ERR_load_X509_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_X509,X509_str_functs);
 		ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/x509/x509_ext.c b/crypto/openssl/crypto/x509/x509_ext.c
index 2955989..e7fdacb 100644
--- a/crypto/openssl/crypto/x509/x509_ext.c
+++ b/crypto/openssl/crypto/x509/x509_ext.c
@@ -101,6 +101,12 @@ void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
 	return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
 }
 
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+							unsigned long flags)
+{
+	return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+}
+
 int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
@@ -146,6 +152,13 @@ void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
 	return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
 }
 
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+							unsigned long flags)
+{
+	return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+							flags);
+}
+
 int X509_REVOKED_get_ext_count(X509_REVOKED *x)
 	{
 	return(X509v3_get_ext_count(x->extensions));
@@ -187,5 +200,11 @@ void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
 	return X509V3_get_d2i(x->extensions, nid, crit, idx);
 }
 
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+							unsigned long flags)
+{
+	return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
+
 IMPLEMENT_STACK_OF(X509_EXTENSION)
 IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c
index 863c738..b780dae 100644
--- a/crypto/openssl/crypto/x509/x509_lu.c
+++ b/crypto/openssl/crypto/x509/x509_lu.c
@@ -60,8 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
-
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
+#include <openssl/x509v3.h>
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 	{
@@ -185,9 +184,23 @@ X509_STORE *X509_STORE_new(void)
 	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
 	ret->cache=1;
 	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-	ret->verify=NULL;
-	ret->verify_cb=NULL;
-	memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+	ret->verify=0;
+	ret->verify_cb=0;
+
+	ret->purpose = 0;
+	ret->trust = 0;
+
+	ret->flags = 0;
+
+	ret->get_issuer = 0;
+	ret->check_issued = 0;
+	ret->check_revocation = 0;
+	ret->get_crl = 0;
+	ret->check_crl = 0;
+	ret->cert_crl = 0;
+	ret->cleanup = 0;
+
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
 	ret->references=1;
 	ret->depth=0;
 	return ret;
@@ -230,7 +243,7 @@ void X509_STORE_free(X509_STORE *vfy)
 	sk_X509_LOOKUP_free(sk);
 	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
 
-	CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
 	OPENSSL_free(vfy);
 	}
 
@@ -525,5 +538,20 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 	return 0;
 }
 
+void X509_STORE_set_flags(X509_STORE *ctx, long flags)
+	{
+	ctx->flags |= flags;
+	}
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+	{
+	return X509_PURPOSE_set(&ctx->purpose, purpose);
+	}
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+	{
+	return X509_TRUST_set(&ctx->trust, trust);
+	}
+
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/crypto/openssl/crypto/x509/x509_obj.c b/crypto/openssl/crypto/x509/x509_obj.c
index f0271fd..1e718f7 100644
--- a/crypto/openssl/crypto/x509/x509_obj.c
+++ b/crypto/openssl/crypto/x509/x509_obj.c
@@ -94,6 +94,7 @@ int i;
 		OPENSSL_free(b);
 		}
 	    strncpy(buf,"NO X509_NAME",len);
+	    buf[len-1]='\0';
 	    return buf;
 	    }
 
diff --git a/crypto/openssl/crypto/x509/x509_req.c b/crypto/openssl/crypto/x509/x509_req.c
index 7eca1bd..0affa3b 100644
--- a/crypto/openssl/crypto/x509/x509_req.c
+++ b/crypto/openssl/crypto/x509/x509_req.c
@@ -156,9 +156,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 	for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
 		attr = sk_X509_ATTRIBUTE_value(sk, i);
 		if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
-			if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
+			if(attr->single) ext = attr->value.single;
+			else if(sk_ASN1_TYPE_num(attr->value.set))
 				ext = sk_ASN1_TYPE_value(attr->value.set, 0);
-			else ext = attr->value.single;
 			break;
 		}
 	}
@@ -199,7 +199,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
 	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
 	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
 	at = NULL;
-	attr->set = 1;
+	attr->single = 0;
 	attr->object = OBJ_nid2obj(nid);
 	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
 	return 1;
@@ -251,8 +251,8 @@ int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
 }
 
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len)
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len)
 {
 	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
 				type, bytes, len)) return 1;
@@ -261,7 +261,7 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
 
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
 			int nid, int type,
-			unsigned char *bytes, int len)
+			const unsigned char *bytes, int len)
 {
 	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
 				type, bytes, len)) return 1;
@@ -269,8 +269,8 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req,
 }
 
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			char *attrname, int type,
-			unsigned char *bytes, int len)
+			const char *attrname, int type,
+			const unsigned char *bytes, int len)
 {
 	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
 				type, bytes, len)) return 1;
diff --git a/crypto/openssl/crypto/x509/x509_trs.c b/crypto/openssl/crypto/x509/x509_trs.c
index 934e541..17d69ac 100644
--- a/crypto/openssl/crypto/x509/x509_trs.c
+++ b/crypto/openssl/crypto/x509/x509_trs.c
@@ -66,6 +66,7 @@ static int tr_cmp(const X509_TRUST * const *a,
 static void trtable_free(X509_TRUST *p);
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
 
 static int obj_trust(int id, X509 *x, int flags);
@@ -81,6 +82,8 @@ static X509_TRUST trstandard[] = {
 {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
 {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
+{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
 };
 
 #define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))
@@ -97,10 +100,10 @@ static int tr_cmp(const X509_TRUST * const *a,
 
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
 {
-int (*oldtrust)(int , X509 *, int);
-oldtrust = default_trust;
-default_trust = trust;
-return oldtrust;
+	int (*oldtrust)(int , X509 *, int);
+	oldtrust = default_trust;
+	default_trust = trust;
+	return oldtrust;
 }
 
 
@@ -141,6 +144,16 @@ int X509_TRUST_get_by_id(int id)
 	return idx + X509_TRUST_COUNT;
 }
 
+int X509_TRUST_set(int *t, int trust)
+{
+	if(X509_TRUST_get_by_id(trust) == -1) {
+		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+		return 0;
+	}
+	*t = trust;
+	return 1;
+}
+
 int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
 					char *name, int arg1, void *arg2)
 {
@@ -236,6 +249,12 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
 	return trust_compat(trust, x, flags);
 }
 
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+	if(x->aux) return obj_trust(trust->arg1, x, flags);
+	return X509_TRUST_UNTRUSTED;
+}
+
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
 	X509_check_purpose(x, -1, 0);
diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c
index ac04d41..4f83db8 100644
--- a/crypto/openssl/crypto/x509/x509_txt.c
+++ b/crypto/openssl/crypto/x509/x509_txt.c
@@ -83,7 +83,7 @@ const char *X509_verify_cert_error_string(long n)
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
 		return("unable to decrypt certificate's signature");
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-		return("unable to decrypt CRL's's signature");
+		return("unable to decrypt CRL's signature");
 	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
 		return("unable to decode issuer public key");
 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -141,6 +141,12 @@ const char *X509_verify_cert_error_string(long n)
 	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
 		return("key usage does not include certificate signing");
 
+	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+		return("unable to get CRL issuer certificate");
+
+	case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+		return("unhandled critical extension");
+
 	default:
 		sprintf(buf,"error number %ld",n);
 		return(buf);
diff --git a/crypto/openssl/crypto/x509/x509_v3.c b/crypto/openssl/crypto/x509/x509_v3.c
index 5288798..67b1796 100644
--- a/crypto/openssl/crypto/x509/x509_v3.c
+++ b/crypto/openssl/crypto/x509/x509_v3.c
@@ -115,8 +115,8 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
 	for ( ; lastpos < n; lastpos++)
 		{
 		ex=sk_X509_EXTENSION_value(sk,lastpos);
-		if (	(ex->critical && crit) ||
-			(!ex->critical && !crit))
+		if (	((ex->critical > 0) && crit) ||
+			((ex->critical <= 0) && !crit))
 			return(lastpos);
 		}
 	return(-1);
@@ -234,7 +234,7 @@ int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
 int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 	{
 	if (ex == NULL) return(0);
-	ex->critical=(crit)?0xFF:0;
+	ex->critical=(crit)?0xFF:-1;
 	return(1);
 	}
 
@@ -263,5 +263,6 @@ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
 int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(0);
-	return(ex->critical);
+	if(ex->critical > 0) return 1;
+	return 0;
 	}
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 7a30092..552d1e7 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -75,15 +75,11 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_purpose(X509_STORE_CTX *ctx);
 static int check_trust(X509_STORE_CTX *ctx);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
 const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-#if 0
-static int x509_store_num=1;
-static STACK *x509_store_method=NULL;
-#endif
 
 static int null_callback(int ok, X509_STORE_CTX *e)
 	{
@@ -113,7 +109,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		}
 
 	cb=ctx->verify_cb;
-	if (cb == NULL) cb=null_callback;
 
 	/* first we make sure the chain we are going to build is
 	 * present and that the first entry is in place */
@@ -299,6 +294,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 	/* We may as well copy down any DSA parameters that are required */
 	X509_get_pubkey_parameters(NULL,ctx->chain);
 
+	/* Check revocation status: we do this after copying parameters
+	 * because they may be needed for CRL signature verification.
+	 */
+
+	ok = ctx->check_revocation(ctx);
+	if(!ok) goto end;
+
 	/* At this point, we have a chain and just need to verify it */
 	if (ctx->verify != NULL)
 		ok=ctx->verify(ctx);
@@ -346,8 +348,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 	ctx->error = ret;
 	ctx->current_cert = x;
 	ctx->current_issuer = issuer;
-	if (ctx->verify_cb)
-		return ctx->verify_cb(0, ctx);
+	return ctx->verify_cb(0, ctx);
 	return 0;
 }
 
@@ -372,18 +373,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 
 static int check_chain_purpose(X509_STORE_CTX *ctx)
 {
-#ifdef NO_CHAIN_VERIFY
+#ifdef OPENSSL_NO_CHAIN_VERIFY
 	return 1;
 #else
 	int i, ok=0;
 	X509 *x;
 	int (*cb)();
 	cb=ctx->verify_cb;
-	if (cb == NULL) cb=null_callback;
 	/* Check all untrusted certificates */
 	for (i = 0; i < ctx->last_untrusted; i++)
 		{
 		x = sk_X509_value(ctx->chain, i);
+		if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+			&& (x->ex_flags & EXFLAG_CRITICAL))
+			{
+			ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			ok=cb(0,ctx);
+			if (!ok) goto end;
+			}
 		if (!X509_check_purpose(x, ctx->purpose, i))
 			{
 			if (i)
@@ -414,21 +423,20 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
 
 static int check_trust(X509_STORE_CTX *ctx)
 {
-#ifdef NO_CHAIN_VERIFY
+#ifdef OPENSSL_NO_CHAIN_VERIFY
 	return 1;
 #else
 	int i, ok;
 	X509 *x;
 	int (*cb)();
 	cb=ctx->verify_cb;
-	if (cb == NULL) cb=null_callback;
 /* For now just check the last certificate in the chain */
 	i = sk_X509_num(ctx->chain) - 1;
 	x = sk_X509_value(ctx->chain, i);
 	ok = X509_check_trust(x, ctx->trust, 0);
 	if (ok == X509_TRUST_TRUSTED)
 		return 1;
-	ctx->error_depth = sk_X509_num(ctx->chain) - 1;
+	ctx->error_depth = i;
 	ctx->current_cert = x;
 	if (ok == X509_TRUST_REJECTED)
 		ctx->error = X509_V_ERR_CERT_REJECTED;
@@ -439,6 +447,183 @@ static int check_trust(X509_STORE_CTX *ctx)
 #endif
 }
 
+static int check_revocation(X509_STORE_CTX *ctx)
+	{
+	int i, last, ok;
+	if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
+		return 1;
+	if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
+		last = 0;
+	else
+		last = sk_X509_num(ctx->chain) - 1;
+	for(i = 0; i <= last; i++)
+		{
+		ctx->error_depth = i;
+		ok = check_cert(ctx);
+		if (!ok) return ok;
+		}
+	return 1;
+	}
+
+static int check_cert(X509_STORE_CTX *ctx)
+	{
+	X509_CRL *crl = NULL;
+	X509 *x;
+	int ok, cnum;
+	cnum = ctx->error_depth;
+	x = sk_X509_value(ctx->chain, cnum);
+	ctx->current_cert = x;
+	/* Try to retrieve relevant CRL */
+	ok = ctx->get_crl(ctx, &crl, x);
+	/* If error looking up CRL, nothing we can do except
+	 * notify callback
+	 */
+	if(!ok)
+		{
+		ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+		ok = ctx->verify_cb(0, ctx);
+		goto err;
+		}
+	ctx->current_crl = crl;
+	ok = ctx->check_crl(ctx, crl);
+	if (!ok) goto err;
+	ok = ctx->cert_crl(ctx, crl, x);
+	err:
+	ctx->current_crl = NULL;
+	X509_CRL_free(crl);
+	return ok;
+
+	}
+
+/* Retrieve CRL corresponding to certificate: currently just a
+ * subject lookup: maybe use AKID later...
+ * Also might look up any included CRLs too (e.g PKCS#7 signedData).
+ */
+static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
+	{
+	int ok;
+	X509_OBJECT xobj;
+	ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
+	if (!ok) return 0;
+	*crl = xobj.data.crl;
+	return 1;
+	}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+	{
+	X509 *issuer = NULL;
+	EVP_PKEY *ikey = NULL;
+	int ok = 0, chnum, cnum, i;
+	time_t *ptime;
+	cnum = ctx->error_depth;
+	chnum = sk_X509_num(ctx->chain) - 1;
+	/* Find CRL issuer: if not last certificate then issuer
+	 * is next certificate in chain.
+	 */
+	if(cnum < chnum)
+		issuer = sk_X509_value(ctx->chain, cnum + 1);
+	else
+		{
+		issuer = sk_X509_value(ctx->chain, chnum);
+		/* If not self signed, can't check signature */
+		if(!ctx->check_issued(ctx, issuer, issuer))
+			{
+			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+			ok = ctx->verify_cb(0, ctx);
+			if(!ok) goto err;
+			}
+		}
+
+	if(issuer)
+		{
+
+		/* Attempt to get issuer certificate public key */
+		ikey = X509_get_pubkey(issuer);
+
+		if(!ikey)
+			{
+			ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+			ok = ctx->verify_cb(0, ctx);
+			if (!ok) goto err;
+			}
+		else
+			{
+			/* Verify CRL signature */
+			if(X509_CRL_verify(crl, ikey) <= 0)
+				{
+				ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
+				ok = ctx->verify_cb(0, ctx);
+				if (!ok) goto err;
+				}
+			}
+		}
+
+	/* OK, CRL signature valid check times */
+	if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+		ptime = &ctx->check_time;
+	else
+		ptime = NULL;
+
+	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+	if (i == 0)
+		{
+		ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+		ok = ctx->verify_cb(0, ctx);
+		if (!ok) goto err;
+		}
+
+	if (i > 0)
+		{
+		ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
+		ok = ctx->verify_cb(0, ctx);
+		if (!ok) goto err;
+		}
+
+	if(X509_CRL_get_nextUpdate(crl))
+		{
+		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+
+		if (i == 0)
+			{
+			ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+			ok = ctx->verify_cb(0, ctx);
+			if (!ok) goto err;
+			}
+
+		if (i < 0)
+			{
+			ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
+			ok = ctx->verify_cb(0, ctx);
+			if (!ok) goto err;
+			}
+		}
+
+	ok = 1;
+
+	err:
+	EVP_PKEY_free(ikey);
+	return ok;
+	}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+	{
+	int idx, ok;
+	X509_REVOKED rtmp;
+	/* Look for serial number of certificate in CRL */
+	rtmp.serialNumber = X509_get_serialNumber(x);
+	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+	/* Not found: OK */
+	if(idx == -1) return 1;
+	/* Otherwise revoked: want something cleverer than
+	 * this to handle entry extensions in V2 CRLs.
+	 */
+	ctx->error = X509_V_ERR_CERT_REVOKED;
+	ok = ctx->verify_cb(0, ctx);
+	return ok;
+	}
+
 static int internal_verify(X509_STORE_CTX *ctx)
 	{
 	int i,ok=0,n;
@@ -448,7 +633,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
 	int (*cb)();
 
 	cb=ctx->verify_cb;
-	if (cb == NULL) cb=null_callback;
 
 	n=sk_X509_num(ctx->chain);
 	ctx->error_depth=n-1;
@@ -491,6 +675,13 @@ static int internal_verify(X509_STORE_CTX *ctx)
 				if (!ok) goto end;
 				}
 			if (X509_verify(xs,pkey) <= 0)
+				/* XXX  For the final trusted self-signed cert,
+				 * this is a waste of time.  That check should
+				 * optional so that e.g. 'openssl x509' can be
+				 * used to detect invalid self-signatures, but
+				 * we don't verify again and again in SSL
+				 * handshakes and the like once the cert has
+				 * been declared trusted. */
 				{
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;
@@ -539,8 +730,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
 			if (!ok) goto end;
 			}
 
-		/* CRL CHECK */
-
 		/* The last error (if any) is still in the error value */
 		ctx->current_cert=xs;
 		ok=(*cb)(1,ctx);
@@ -567,7 +756,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 	{
 	char *str;
 	ASN1_TIME atm;
-	time_t offset;
+	long offset;
 	char buff1[24],buff2[24],*p;
 	int i,j;
 
@@ -648,14 +837,16 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
 	{
 	time_t t;
+	int type = -1;
 
 	if (in_tm) t = *in_tm;
 	else time(&t);
 
 	t+=adj;
-	if (!s) return ASN1_TIME_set(s, t);
-	if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
-	return ASN1_GENERALIZEDTIME_set(s, t);
+	if (s) type = s->type;
+	if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+	if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+	return ASN1_TIME_set(s, t);
 	}
 
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -702,12 +893,12 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 
 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        x509_store_ctx_num++;
-        return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
-		&x509_store_ctx_method,
-                argl,argp,new_func,dup_func,free_func);
-        }
+	{
+	/* This function is (usually) called only once, by
+	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+			new_func, dup_func, free_func);
+	}
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
 	{
@@ -831,8 +1022,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 			}
 		}
 
-	if (purpose) ctx->purpose = purpose;
-	if (trust) ctx->trust = trust;
+	if (purpose && !ctx->purpose) ctx->purpose = purpose;
+	if (trust && !ctx->trust) ctx->trust = trust;
 	return 1;
 }
 
@@ -840,7 +1031,12 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
 	X509_STORE_CTX *ctx;
 	ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-	if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+	if (!ctx)
+		{
+		X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+	memset(ctx, 0, sizeof(X509_STORE_CTX));
 	return ctx;
 }
 
@@ -850,7 +1046,7 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 	OPENSSL_free(ctx);
 }
 
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	     STACK_OF(X509) *chain)
 	{
 	ctx->ctx=store;
@@ -858,10 +1054,7 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	ctx->cert=x509;
 	ctx->untrusted=chain;
 	ctx->last_untrusted=0;
-	ctx->purpose=0;
-	ctx->trust=0;
 	ctx->check_time=0;
-	ctx->flags=0;
 	ctx->other_ctx=NULL;
 	ctx->valid=0;
 	ctx->chain=NULL;
@@ -870,12 +1063,80 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	ctx->error_depth=0;
 	ctx->current_cert=NULL;
 	ctx->current_issuer=NULL;
-	ctx->check_issued = check_issued;
-	ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-	ctx->verify_cb = store->verify_cb;
-	ctx->verify = store->verify;
-	ctx->cleanup = 0;
-	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+
+	/* Inherit callbacks and flags from X509_STORE if not set
+	 * use defaults.
+	 */
+
+
+	if (store)
+		{
+		ctx->purpose=store->purpose;
+		ctx->trust=store->trust;
+		ctx->flags = store->flags;
+		ctx->cleanup = store->cleanup;
+		}
+	else
+		{
+		ctx->purpose = 0;
+		ctx->trust = 0;
+		ctx->flags = 0;
+		ctx->cleanup = 0;
+		}
+
+	if (store && store->check_issued)
+		ctx->check_issued = store->check_issued;
+	else
+		ctx->check_issued = check_issued;
+
+	if (store && store->get_issuer)
+		ctx->get_issuer = store->get_issuer;
+	else
+		ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+	if (store && store->verify_cb)
+		ctx->verify_cb = store->verify_cb;
+	else
+		ctx->verify_cb = null_callback;
+
+	if (store && store->verify)
+		ctx->verify = store->verify;
+	else
+		ctx->verify = internal_verify;
+
+	if (store && store->check_revocation)
+		ctx->check_revocation = store->check_revocation;
+	else
+		ctx->check_revocation = check_revocation;
+
+	if (store && store->get_crl)
+		ctx->get_crl = store->get_crl;
+	else
+		ctx->get_crl = get_crl;
+
+	if (store && store->check_crl)
+		ctx->check_crl = store->check_crl;
+	else
+		ctx->check_crl = check_crl;
+
+	if (store && store->cert_crl)
+		ctx->cert_crl = store->cert_crl;
+	else
+		ctx->cert_crl = cert_crl;
+
+
+	/* This memset() can't make any sense anyway, so it's removed. As
+	 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+	 * corresponding "new" here and remove this bogus initialisation. */
+	/* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+	if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+				&(ctx->ex_data)))
+		{
+		OPENSSL_free(ctx);
+		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	return 1;
 	}
 
 /* Set alternative lookup method: just a STACK of trusted certificates.
@@ -896,7 +1157,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 		sk_X509_pop_free(ctx->chain,X509_free);
 		ctx->chain=NULL;
 		}
-	CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
 	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
 	}
 
diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h
index 4215102..f0be21f 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.h
+++ b/crypto/openssl/crypto/x509/x509_vfy.h
@@ -65,11 +65,12 @@
 #ifndef HEADER_X509_VFY_H
 #define HEADER_X509_VFY_H
 
-#ifndef NO_LHASH
+#ifndef OPENSSL_NO_LHASH
 #include <openssl/lhash.h>
 #endif
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
+#include <openssl/symhacks.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -154,12 +155,10 @@ typedef struct x509_lookup_method_st
 			    X509_OBJECT *ret);
 	} X509_LOOKUP_METHOD;
 
-typedef struct x509_store_ctx_st X509_STORE_CTX;
-
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
  * function is then called to actually check the cert chain. */
-typedef struct x509_store_st
+struct x509_store_st
 	{
 	/* The following is a cache of trusted certs */
 	int cache; 	/* if true, stash any hits */
@@ -167,13 +166,29 @@ typedef struct x509_store_st
 
 	/* These are external lookup methods */
 	STACK_OF(X509_LOOKUP) *get_cert_methods;
+
+	/* The following fields are not used by X509_STORE but are
+         * inherited by X509_STORE_CTX when it is initialised.
+	 */
+
+	unsigned long flags;	/* Various verify flags */
+	int purpose;
+	int trust;
+	/* Callbacks for various operations */
 	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
 	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
+	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
+	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+	int (*cleanup)(X509_STORE_CTX *ctx);
 
 	CRYPTO_EX_DATA ex_data;
 	int references;
 	int depth;		/* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
-	}  X509_STORE;
+	} /* X509_STORE */;
 
 #define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
 
@@ -189,7 +204,7 @@ struct x509_lookup_st
 	char *method_data;		/* method data */
 
 	X509_STORE *store_ctx;	/* who owns us */
-	};
+	} /* X509_LOOKUP */;
 
 /* This is a used when verifying cert chains.  Since the
  * gathering of the cert chain can take some time (and have to be
@@ -213,6 +228,10 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
 	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
 	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
 	int (*cleanup)(X509_STORE_CTX *ctx);
 
 	/* The following is built up */
@@ -226,9 +245,10 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 	int error;
 	X509 *current_cert;
 	X509 *current_issuer;	/* cert currently being tested as valid issuer */
+	X509_CRL *current_crl;	/* current CRL */
 
 	CRYPTO_EX_DATA ex_data;
-	};
+	} /* X509_STORE_CTX */;
 
 #define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
 
@@ -282,6 +302,9 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 #define		X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH		31
 #define		X509_V_ERR_KEYUSAGE_NO_CERTSIGN			32
 
+#define		X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER		33
+#define		X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION		34
+
 /* The application is not happy */
 #define		X509_V_ERR_APPLICATION_VERIFICATION		50
 
@@ -289,21 +312,9 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 
 #define	X509_V_FLAG_CB_ISSUER_CHECK		0x1	/* Send issuer+subject checks to verify_cb */
 #define	X509_V_FLAG_USE_CHECK_TIME		0x2	/* Use check time instead of current time */
-
-		  /* These functions are being redefined in another directory,
-		     and clash when the linker is case-insensitive, so let's
-		     hide them a little, by giving them an extra 'o' at the
-		     beginning of the name... */
-#ifdef VMS
-#undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
-#undef X509v3_add_extension
-#define X509v3_add_extension oX509v3_add_extension
-#undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
-#undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
-#endif
+#define	X509_V_FLAG_CRL_CHECK			0x4	/* Lookup CRLs */
+#define	X509_V_FLAG_CRL_CHECK_ALL		0x8	/* Lookup CRLs for whole chain */
+#define	X509_V_FLAG_IGNORE_CRITICAL		0x10	/* Ignore unhandled critical extensions */
 
 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
 	     X509_NAME *name);
@@ -314,12 +325,16 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
 
+void X509_STORE_set_flags(X509_STORE *ctx, long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
 			 X509 *x509, STACK_OF(X509) *chain);
 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
@@ -338,7 +353,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
 	long argl, char **ret);
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
@@ -358,7 +373,7 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
 	int len, X509_OBJECT *ret);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int	X509_STORE_load_locations (X509_STORE *ctx,
 		const char *file, const char *dir);
 int	X509_STORE_set_default_paths(X509_STORE *ctx);
diff --git a/crypto/openssl/crypto/x509/x509cset.c b/crypto/openssl/crypto/x509/x509cset.c
new file mode 100644
index 0000000..6cac440
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509cset.c
@@ -0,0 +1,169 @@
+/* crypto/x509/x509cset.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+	{
+	if (x == NULL) return(0);
+	if (x->crl->version == NULL)
+		{
+		if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
+			return(0);
+		}
+	return(ASN1_INTEGER_set(x->crl->version,version));
+	}
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+	{
+	if ((x == NULL) || (x->crl == NULL)) return(0);
+	return(X509_NAME_set(&x->crl->issuer,name));
+	}
+
+
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+	{
+	ASN1_TIME *in;
+
+	if (x == NULL) return(0);
+	in=x->crl->lastUpdate;
+	if (in != tm)
+		{
+		in=M_ASN1_TIME_dup(tm);
+		if (in != NULL)
+			{
+			M_ASN1_TIME_free(x->crl->lastUpdate);
+			x->crl->lastUpdate=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+	{
+	ASN1_TIME *in;
+
+	if (x == NULL) return(0);
+	in=x->crl->nextUpdate;
+	if (in != tm)
+		{
+		in=M_ASN1_TIME_dup(tm);
+		if (in != NULL)
+			{
+			M_ASN1_TIME_free(x->crl->nextUpdate);
+			x->crl->nextUpdate=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_CRL_sort(X509_CRL *c)
+	{
+	int i;
+	X509_REVOKED *r;
+	/* sort the data so it will be written in serial
+	 * number order */
+	sk_X509_REVOKED_sort(c->crl->revoked);
+	for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
+		{
+		r=sk_X509_REVOKED_value(c->crl->revoked,i);
+		r->sequence=i;
+		}
+	return 1;
+	}
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+	{
+	ASN1_TIME *in;
+
+	if (x == NULL) return(0);
+	in=x->revocationDate;
+	if (in != tm)
+		{
+		in=M_ASN1_TIME_dup(tm);
+		if (in != NULL)
+			{
+			M_ASN1_TIME_free(x->revocationDate);
+			x->revocationDate=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+	{
+	ASN1_INTEGER *in;
+
+	if (x == NULL) return(0);
+	in=x->serialNumber;
+	if (in != serial)
+		{
+		in=M_ASN1_INTEGER_dup(serial);
+		if (in != NULL)
+			{
+			M_ASN1_INTEGER_free(x->serialNumber);
+			x->serialNumber=in;
+			}
+		}
+	return(in != NULL);
+	}
diff --git a/crypto/openssl/crypto/x509/x509spki.c b/crypto/openssl/crypto/x509/x509spki.c
index fd0a534..4c3af94 100644
--- a/crypto/openssl/crypto/x509/x509spki.c
+++ b/crypto/openssl/crypto/x509/x509spki.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
 
 int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
 {
diff --git a/crypto/openssl/crypto/x509/x_all.c b/crypto/openssl/crypto/x509/x_all.c
index 9bd6e2a..fb5015c 100644
--- a/crypto/openssl/crypto/x509/x_all.c
+++ b/crypto/openssl/crypto/x509/x_all.c
@@ -67,224 +67,159 @@
 
 int X509_verify(X509 *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
-		a->signature,(char *)a->cert_info,r));
+	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
+		a->signature,a->cert_info,r));
 	}
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 	{
-	return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
-		a->sig_alg,a->signature,(char *)a->req_info,r));
+	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+		a->sig_alg,a->signature,a->req_info,r));
 	}
 
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
-		a->sig_alg, a->signature,(char *)a->crl,r));
+	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+		a->sig_alg, a->signature,a->crl,r));
 	}
 
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
-		a->sig_algor,a->signature, (char *)a->spkac,r));
+	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+		a->sig_algor,a->signature,a->spkac,r));
 	}
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
-		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
+		x->sig_alg, x->signature, x->cert_info,pkey,md));
 	}
 
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
-		x->signature, (char *)x->req_info,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
+		x->signature, x->req_info,pkey,md));
 	}
 
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
-		x->sig_alg, x->signature, (char *)x->crl,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
+		x->sig_alg, x->signature, x->crl,pkey,md));
 	}
 
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
-		x->signature, (char *)x->spkac,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
+		x->signature, x->spkac,pkey,md));
 	}
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
-	{
-	return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
-		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
-	}
-
-X509 *X509_dup(X509 *x509)
-	{
-	return((X509 *)ASN1_dup((int (*)())i2d_X509,
-		(char *(*)())d2i_X509,(char *)x509));
-	}
-
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
-	{
-	return((X509_EXTENSION *)ASN1_dup(
-		(int (*)())i2d_X509_EXTENSION,
-		(char *(*)())d2i_X509_EXTENSION,(char *)ex));
-	}
-
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
 	{
-	return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
-		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
 	}
 
 int i2d_X509_fp(FILE *fp, X509 *x509)
 	{
-	return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
 	}
 #endif
 
 X509 *d2i_X509_bio(BIO *bp, X509 **x509)
 	{
-	return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
-		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
 	}
 
 int i2d_X509_bio(BIO *bp, X509 *x509)
 	{
-	return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
-	}
-
-X509_CRL *X509_CRL_dup(X509_CRL *crl)
-	{
-	return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
-		(char *(*)())d2i_X509_CRL,(char *)crl));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
 	{
-	return((X509_CRL *)ASN1_d2i_fp((char *(*)())
-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
-		(unsigned char **)(crl)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
 	}
 
 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
 	{
-	return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
 	}
 #endif
 
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
 	{
-	return((X509_CRL *)ASN1_d2i_bio((char *(*)())
-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
-		(unsigned char **)(crl)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 	}
 
 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
 	{
-	return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
-	}
-
-PKCS7 *PKCS7_dup(PKCS7 *p7)
-	{
-	return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
-		(char *(*)())d2i_PKCS7,(char *)p7));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
 	{
-	return((PKCS7 *)ASN1_d2i_fp((char *(*)())
-		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
-		(unsigned char **)(p7)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
 	}
 
 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
 	{
-	return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
 	}
 #endif
 
 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
 	{
-	return((PKCS7 *)ASN1_d2i_bio((char *(*)())
-		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
-		(unsigned char **)(p7)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 	}
 
 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
 	{
-	return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 	}
 
-X509_REQ *X509_REQ_dup(X509_REQ *req)
-	{
-	return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
-		(char *(*)())d2i_X509_REQ,(char *)req));
-	}
-
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
 	{
-	return((X509_REQ *)ASN1_d2i_fp((char *(*)())
-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
-		(unsigned char **)(req)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
 	}
 
 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
 	{
-	return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
 	}
 #endif
 
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
 	{
-	return((X509_REQ *)ASN1_d2i_bio((char *(*)())
-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
-		(unsigned char **)(req)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}
 
 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
 	{
-	return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
-	}
-
-#ifndef NO_RSA
-RSA *RSAPublicKey_dup(RSA *rsa)
-	{
-	return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
-		(char *(*)())d2i_RSAPublicKey,(char *)rsa));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}
 
-RSA *RSAPrivateKey_dup(RSA *rsa)
-	{
-	return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
-		(char *(*)())d2i_RSAPrivateKey,(char *)rsa));
-	}
+#ifndef OPENSSL_NO_RSA
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
 	{
-	return((RSA *)ASN1_d2i_fp((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
-		(unsigned char **)(rsa)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
 	}
 
 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
 	{
-	return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
 	}
 
 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 	{
-	return((RSA *)ASN1_d2i_fp((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
-		(unsigned char **)(rsa)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}
 
+
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 	{
 	return((RSA *)ASN1_d2i_fp((char *(*)())
@@ -294,7 +229,7 @@ RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 
 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	{
-	return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}
 
 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
@@ -305,23 +240,20 @@ int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
 
 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
 	{
-	return((RSA *)ASN1_d2i_bio((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
-		(unsigned char **)(rsa)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
 	}
 
 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
 	{
-	return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
 	}
 
 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
 	{
-	return((RSA *)ASN1_d2i_bio((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
-		(unsigned char **)(rsa)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
 	}
 
+
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
 	{
 	return((RSA *)ASN1_d2i_bio((char *(*)())
@@ -331,7 +263,7 @@ RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
 
 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 	{
-	return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
 	}
 
 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
@@ -340,8 +272,8 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
 	}
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
 	{
 	return((DSA *)ASN1_d2i_fp((char *(*)())
@@ -393,57 +325,48 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 
 #endif
 
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
-	{
-	return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
-	(char *(*)())d2i_X509_ALGOR,(char *)xn));
-	}
-
-X509_NAME *X509_NAME_dup(X509_NAME *xn)
-	{
-	return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
-		(char *(*)())d2i_X509_NAME,(char *)xn));
-	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
-	return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
-		(char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
+	ASN1_BIT_STRING *key;
+	key = X509_get0_pubkey_bitstr(data);
+	if(!key) return 0;
+	return EVP_Digest(key->data, key->length, md, len, type, NULL);
 	}
 
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
 	}
 
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
 	}
 
 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
 	}
 
 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
 	}
 
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
 	     unsigned char *md, unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
+	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
 		(char *)data,md,len));
 	}
 
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
 	{
 	return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
@@ -467,7 +390,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
 	return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
 	}
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
 						 PKCS8_PRIV_KEY_INFO **p8inf)
 	{
diff --git a/crypto/openssl/crypto/x509v3/Makefile.ssl b/crypto/openssl/crypto/x509v3/Makefile.ssl
index 672290a..5ca169c 100644
--- a/crypto/openssl/crypto/x509v3/Makefile.ssl
+++ b/crypto/openssl/crypto/x509v3/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	x509v3
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -22,12 +23,14 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
-v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
+LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o
 
 SRC= $(LIBSRC)
 
@@ -43,8 +46,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -72,7 +74,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -83,414 +85,506 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_akey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h
-v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_alt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_alt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_akey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akeya.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akeya.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_alt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_alt.o: ../cryptlib.h
-v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_alt.o: ../cryptlib.h v3_alt.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_bcons.o: ../../include/openssl/opensslconf.h
-v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_bcons.o: ../cryptlib.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h
 v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_bitst.o: ../cryptlib.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/aes.h
 v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_conf.o: ../cryptlib.h
-v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_cpols.o: ../../include/openssl/opensslconf.h
-v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_cpols.o: ../cryptlib.h
-v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/aes.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_crld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/aes.h
 v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_enum.o: ../cryptlib.h
-v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_extku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_extku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_extku.o: ../cryptlib.h
-v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/aes.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/aes.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h
-v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_ia5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_ia5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_genn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ia5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_ia5.o: ../cryptlib.h
-v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/aes.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h
-v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_int.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_int.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_int.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_int.o: ../cryptlib.h
-v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_int.o: ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_lib.o: ../cryptlib.h ext_dat.h
-v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_ocsp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ocsp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_ocsp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ocsp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ocsp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
+v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_pku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h
-v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_prn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_prn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_prn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_prn.o: ../cryptlib.h
+v3_prn.o: ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/aes.h
 v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_purp.o: ../cryptlib.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/aes.h
 v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_skey.o: ../cryptlib.h
-v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_sxnet.o: ../../include/openssl/opensslconf.h
-v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_sxnet.o: ../cryptlib.h
-v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3_utl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-v3_utl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_utl.o: ../cryptlib.h
-v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_utl.o: ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
@@ -498,10 +592,12 @@ v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3err.o: ../../include/openssl/x509v3.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/crypto/openssl/crypto/x509v3/ext_dat.h b/crypto/openssl/crypto/x509v3/ext_dat.h
index 801a585..2fb97d8 100644
--- a/crypto/openssl/crypto/x509v3/ext_dat.h
+++ b/crypto/openssl/crypto/x509v3/ext_dat.h
@@ -58,9 +58,12 @@
 /* This file contains a table of "standard" extensions */
 
 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern X509V3_EXT_METHOD v3_crl_hold;
 
 /* This table will be searched using OBJ_bsearch so it *must* kept in
  * order of the ext_nid values.
@@ -87,8 +90,17 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_crld,
 &v3_ext_ku,
 &v3_crl_reason,
+&v3_crl_invdate,
 &v3_sxnet,
 &v3_info,
+&v3_ocsp_nonce,
+&v3_ocsp_crlid,
+&v3_ocsp_accresp,
+&v3_ocsp_nocheck,
+&v3_ocsp_acutoff,
+&v3_ocsp_serviceloc,
+&v3_sinfo,
+&v3_crl_hold
 };
 
 /* Number of standard extensions */
diff --git a/crypto/openssl/crypto/x509v3/v3_akey.c b/crypto/openssl/crypto/x509v3/v3_akey.c
index 0889a18..97e686f 100644
--- a/crypto/openssl/crypto/x509v3/v3_akey.c
+++ b/crypto/openssl/crypto/x509v3/v3_akey.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
@@ -69,72 +69,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 
 X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
-(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
-(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
-(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
-NULL, NULL,
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-NULL,NULL,
+0,0,
 NULL
 };
 
-
-int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
-	M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
-	M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
-	M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
-
-	M_ASN1_I2D_finish();
-}
-
-AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
-{
-	AUTHORITY_KEYID *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
-	ret->keyid = NULL;
-	ret->issuer = NULL;
-	ret->serial = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
-}
-
-AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
-	     long length)
-{
-	M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
-							V_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
-							V_ASN1_SEQUENCE);
-	M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
-							V_ASN1_INTEGER);
-	M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
-}
-
-void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
-{
-	if (a == NULL) return;
-	M_ASN1_OCTET_STRING_free(a->keyid);
-	sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
-	M_ASN1_INTEGER_free (a->serial);
-	OPENSSL_free (a);
-}
-
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
 {
@@ -171,7 +114,7 @@ int i;
 CONF_VALUE *cnf;
 ASN1_OCTET_STRING *ikeyid = NULL;
 X509_NAME *isname = NULL;
-STACK_OF(GENERAL_NAME) * gens = NULL;
+GENERAL_NAMES * gens = NULL;
 GENERAL_NAME *gen = NULL;
 ASN1_INTEGER *serial = NULL;
 X509_EXTENSION *ext;
@@ -192,8 +135,6 @@ for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
 	}
 }
 
-
-
 if(!ctx || !ctx->issuer_cert) {
 	if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
 	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
diff --git a/crypto/openssl/crypto/x509v3/v3_akeya.c b/crypto/openssl/crypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000..2aafa26
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_akeya.c
@@ -0,0 +1,72 @@
+/* v3_akey_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+	ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+	ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+	ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c
index 94bebcd..0e9e7dc 100644
--- a/crypto/openssl/crypto/x509v3/v3_alt.c
+++ b/crypto/openssl/crypto/x509v3/v3_alt.c
@@ -61,33 +61,28 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
-static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0,
-(X509V3_EXT_NEW)GENERAL_NAMES_new,
-(X509V3_EXT_FREE)GENERAL_NAMES_free,
-(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
-NULL, NULL,
+{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_subject_alt,
 NULL, NULL, NULL},
-{ NID_issuer_alt_name, 0,
-(X509V3_EXT_NEW)GENERAL_NAMES_new,
-(X509V3_EXT_FREE)GENERAL_NAMES_free,
-(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
-NULL, NULL,
+
+{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
 NULL, NULL, NULL},
 };
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
+		GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
 {
 	int i;
 	GENERAL_NAME *gen;
@@ -102,8 +97,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
 {
-	char oline[256];
 	unsigned char *p;
+	char oline[256];
 	switch (gen->type)
 	{
 		case GEN_OTHERNAME:
@@ -154,10 +149,63 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 	return ret;
 }
 
-static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+	unsigned char *p;
+	switch (gen->type)
+	{
+		case GEN_OTHERNAME:
+		BIO_printf(out, "othername:<unsupported>");
+		break;
+
+		case GEN_X400:
+		BIO_printf(out, "X400Name:<unsupported>");
+		break;
+
+		case GEN_EDIPARTY:
+		/* Maybe fix this: it is supported now */
+		BIO_printf(out, "EdiPartyName:<unsupported>");
+		break;
+
+		case GEN_EMAIL:
+		BIO_printf(out, "email:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_DNS:
+		BIO_printf(out, "DNS:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_URI:
+		BIO_printf(out, "URI:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_DIRNAME:
+		BIO_printf(out, "DirName: ");
+		X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+		break;
+
+		case GEN_IPADD:
+		p = gen->d.ip->data;
+		/* BUG: doesn't support IPV6 */
+		if(gen->d.ip->length != 4) {
+			BIO_printf(out,"IP Address:<invalid>");
+			break;
+		}
+		BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+		break;
+
+		case GEN_RID:
+		BIO_printf(out, "Registered ID");
+		i2a_ASN1_OBJECT(out, gen->d.rid);
+		break;
+	}
+	return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-	STACK_OF(GENERAL_NAME) *gens = NULL;
+	GENERAL_NAMES *gens = NULL;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(gens = sk_GENERAL_NAME_new_null())) {
@@ -184,9 +232,9 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
 
 /* Append subject altname of issuer to issuer alt name of subject */
 
-static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
 {
-	STACK_OF(GENERAL_NAME) *ialt;
+	GENERAL_NAMES *ialt;
 	GENERAL_NAME *gen;
 	X509_EXTENSION *ext;
 	int i;
@@ -219,10 +267,10 @@ static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 	
 }
 
-static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-	STACK_OF(GENERAL_NAME) *gens = NULL;
+	GENERAL_NAMES *gens = NULL;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(gens = sk_GENERAL_NAME_new_null())) {
@@ -233,7 +281,10 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
 		cnf = sk_CONF_VALUE_value(nval, i);
 		if(!name_cmp(cnf->name, "email") && cnf->value &&
 						!strcmp(cnf->value, "copy")) {
-			if(!copy_email(ctx, gens)) goto err;
+			if(!copy_email(ctx, gens, 0)) goto err;
+		} else if(!name_cmp(cnf->name, "email") && cnf->value &&
+						!strcmp(cnf->value, "move")) {
+			if(!copy_email(ctx, gens, 1)) goto err;
 		} else {
 			GENERAL_NAME *gen;
 			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
@@ -251,7 +302,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
  * GENERAL_NAMES
  */
 
-static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
 {
 	X509_NAME *nm;
 	ASN1_IA5STRING *email = NULL;
@@ -273,6 +324,11 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 					 NID_pkcs9_emailAddress, i)) >= 0) {
 		ne = X509_NAME_get_entry(nm, i);
 		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+                if (move_p)
+                        {
+                        X509_NAME_delete_entry(nm, i);
+                        i--;
+                        }
 		if(!email || !(gen = GENERAL_NAME_new())) {
 			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -297,11 +353,11 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 	
 }
 
-STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	GENERAL_NAME *gen;
-	STACK_OF(GENERAL_NAME) *gens = NULL;
+	GENERAL_NAMES *gens = NULL;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(gens = sk_GENERAL_NAME_new_null())) {
diff --git a/crypto/openssl/crypto/x509v3/v3_bcons.c b/crypto/openssl/crypto/x509v3/v3_bcons.c
index c576b8e..cbb0127 100644
--- a/crypto/openssl/crypto/x509v3/v3_bcons.c
+++ b/crypto/openssl/crypto/x509v3/v3_bcons.c
@@ -60,7 +60,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
@@ -69,62 +69,22 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V
 
 X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
-(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
-(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
-(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
-(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
-NULL, NULL,
+ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
 (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
 NULL,NULL,
 NULL
 };
 
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+	ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+	ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
 
-int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
-	M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_seq_total();
-
-	if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
-	M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_finish();
-}
-
-BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
-{
-	BASIC_CONSTRAINTS *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
-	ret->ca = 0;
-	ret->pathlen = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
-}
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
 
-BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
-	     unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
-		 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
-			M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
-	}
-	M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
-	M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
-}
-
-void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
-{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free (a->pathlen);
-	OPENSSL_free (a);
-}
 
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
 	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
diff --git a/crypto/openssl/crypto/x509v3/v3_bitst.c b/crypto/openssl/crypto/x509v3/v3_bitst.c
index 0e1167d..16cf125 100644
--- a/crypto/openssl/crypto/x509v3/v3_bitst.c
+++ b/crypto/openssl/crypto/x509v3/v3_bitst.c
@@ -66,6 +66,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 				ASN1_BIT_STRING *bits,
 				STACK_OF(CONF_VALUE) *extlist);
+
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
 {0, "SSL Client", "client"},
 {1, "SSL Server", "server"},
diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c
index bdc9c1c..1a3448e 100644
--- a/crypto/openssl/crypto/x509v3/v3_conf.c
+++ b/crypto/openssl/crypto/x509v3/v3_conf.c
@@ -68,114 +68,137 @@
 
 static int v3_check_critical(char **value);
 static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 						 int crit, void *ext_struc);
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
 	     char *value)
-{
+	{
 	int crit;
 	int ext_type;
 	X509_EXTENSION *ret;
 	crit = v3_check_critical(&value);
-	if((ext_type = v3_check_generic(&value))) 
+	if ((ext_type = v3_check_generic(&value))) 
 		return v3_generic_extension(name, value, crit, ext_type);
-	ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
-	if(!ret) {
+	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+	if (!ret)
+		{
 		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
 		ERR_add_error_data(4,"name=", name, ", value=", value);
-	}
+		}
 	return ret;
-}
+	}
 
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 	     char *value)
-{
+	{
 	int crit;
 	int ext_type;
 	crit = v3_check_critical(&value);
-	if((ext_type = v3_check_generic(&value))) 
+	if ((ext_type = v3_check_generic(&value))) 
 		return v3_generic_extension(OBJ_nid2sn(ext_nid),
 							 value, crit, ext_type);
-	return do_ext_conf(conf, ctx, ext_nid, crit, value);
-}
+	return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+	}
 
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 	     int crit, char *value)
-{
+	{
 	X509V3_EXT_METHOD *method;
 	X509_EXTENSION *ext;
 	STACK_OF(CONF_VALUE) *nval;
 	void *ext_struc;
-	if(ext_nid == NID_undef) {
+	if (ext_nid == NID_undef)
+		{
 		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
 		return NULL;
-	}
-	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		}
+	if (!(method = X509V3_EXT_get_nid(ext_nid)))
+		{
 		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
 		return NULL;
-	}
+		}
 	/* Now get internal extension representation based on type */
-	if(method->v2i) {
-		if(*value == '@') nval = CONF_get_section(conf, value + 1);
+	if (method->v2i)
+		{
+		if(*value == '@') nval = NCONF_get_section(conf, value + 1);
 		else nval = X509V3_parse_list(value);
-		if(!nval) {
+		if(!nval)
+			{
 			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
 			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
 			return NULL;
-		}
+			}
 		ext_struc = method->v2i(method, ctx, nval);
 		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
 							 X509V3_conf_free);
 		if(!ext_struc) return NULL;
-	} else if(method->s2i) {
+		}
+	else if(method->s2i)
+		{
 		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-	} else if(method->r2i) {
-		if(!ctx->db) {
+		}
+	else if(method->r2i)
+		{
+		if(!ctx->db)
+			{
 			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
 			return NULL;
-		}
+			}
 		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-	} else {
+		}
+	else
+		{
 		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
 		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
 		return NULL;
-	}
+		}
 
 	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-	method->ext_free(ext_struc);
+	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+	else method->ext_free(ext_struc);
 	return ext;
 
-}
+	}
 
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 						 int crit, void *ext_struc)
-{
-	unsigned char *ext_der, *p;
+	{
+	unsigned char *ext_der;
 	int ext_len;
 	ASN1_OCTET_STRING *ext_oct;
 	X509_EXTENSION *ext;
 	/* Convert internal representation to DER */
-	ext_len = method->i2d(ext_struc, NULL);
-	if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
-	p = ext_der;
-	method->i2d(ext_struc, &p);
-	if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+	if (method->it)
+		{
+		ext_der = NULL;
+		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+		if (ext_len < 0) goto merr;
+		}
+	 else
+		{
+		unsigned char *p;
+		ext_len = method->i2d(ext_struc, NULL);
+		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
+		p = ext_der;
+		method->i2d(ext_struc, &p);
+		}
+	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
 	ext_oct->data = ext_der;
 	ext_oct->length = ext_len;
-	
+
 	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-	if(!ext) goto merr;
+	if (!ext) goto merr;
 	M_ASN1_OCTET_STRING_free(ext_oct);
 
 	return ext;
@@ -184,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
 	return NULL;
 
-}
+	}
 
 /* Given an internal structure, nid and critical flag create an extension */
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-{
+	{
 	X509V3_EXT_METHOD *method;
-	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
 		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
 		return NULL;
 	}
@@ -202,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 static int v3_check_critical(char **value)
 {
 	char *p = *value;
-	if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
 	p+=9;
 	while(isspace((unsigned char)*p)) p++;
 	*value = p;
@@ -213,9 +236,9 @@ static int v3_check_critical(char **value)
 static int v3_check_generic(char **value)
 {
 	char *p = *value;
-	if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+	if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
 	p+=4;
-	while(isspace((unsigned char)*p)) p++;
+	while (isspace((unsigned char)*p)) p++;
 	*value = p;
 	return 1;
 }
@@ -223,148 +246,202 @@ static int v3_check_generic(char **value)
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
 	     int crit, int type)
-{
-unsigned char *ext_der=NULL;
-long ext_len;
-ASN1_OBJECT *obj=NULL;
-ASN1_OCTET_STRING *oct=NULL;
-X509_EXTENSION *extension=NULL;
-if(!(obj = OBJ_txt2obj(ext, 0))) {
-	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-	ERR_add_error_data(2, "name=", ext);
-	goto err;
-}
+	{
+	unsigned char *ext_der=NULL;
+	long ext_len;
+	ASN1_OBJECT *obj=NULL;
+	ASN1_OCTET_STRING *oct=NULL;
+	X509_EXTENSION *extension=NULL;
+	if (!(obj = OBJ_txt2obj(ext, 0)))
+		{
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+		ERR_add_error_data(2, "name=", ext);
+		goto err;
+		}
 
-if(!(ext_der = string_to_hex(value, &ext_len))) {
-	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-	ERR_add_error_data(2, "value=", value);
-	goto err;
-}
+	if (!(ext_der = string_to_hex(value, &ext_len)))
+		{
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+		}
 
-if(!(oct = M_ASN1_OCTET_STRING_new())) {
-	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-	goto err;
-}
+	if (!(oct = M_ASN1_OCTET_STRING_new()))
+		{
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 
-oct->data = ext_der;
-oct->length = ext_len;
-ext_der = NULL;
+	oct->data = ext_der;
+	oct->length = ext_len;
+	ext_der = NULL;
 
-extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
 
-err:
-ASN1_OBJECT_free(obj);
-M_ASN1_OCTET_STRING_free(oct);
-if(ext_der) OPENSSL_free(ext_der);
-return extension;
-}
+	err:
+	ASN1_OBJECT_free(obj);
+	M_ASN1_OCTET_STRING_free(oct);
+	if(ext_der) OPENSSL_free(ext_der);
+	return extension;
+
+	}
 
 
 /* This is the main function: add a bunch of extensions based on a config file
- * section
+ * section to an extension STACK.
  */
 
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-	     X509 *cert)
-{
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+	     STACK_OF(X509_EXTENSION) **sk)
+	{
 	X509_EXTENSION *ext;
 	STACK_OF(CONF_VALUE) *nval;
 	CONF_VALUE *val;	
 	int i;
-	if(!(nval = CONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+	if (!(nval = NCONF_get_section(conf, section))) return 0;
+	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+		{
 		val = sk_CONF_VALUE_value(nval, i);
-		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
 								return 0;
-		if(cert) X509_add_ext(cert, ext, -1);
+		if (sk) X509v3_add_ext(sk, ext, -1);
 		X509_EXTENSION_free(ext);
-	}
+		}
 	return 1;
-}
+	}
+
+/* Convenience functions to add extensions to a certificate, CRL and request */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+	{
+	STACK_OF(X509_EXTENSION) **sk = NULL;
+	if (cert)
+		sk = &cert->cert_info->extensions;
+	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+	}
 
 /* Same as above but for a CRL */
 
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 	     X509_CRL *crl)
-{
-	X509_EXTENSION *ext;
-	STACK_OF(CONF_VALUE) *nval;
-	CONF_VALUE *val;	
-	int i;
-	if(!(nval = CONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
-								return 0;
-		if(crl) X509_CRL_add_ext(crl, ext, -1);
-		X509_EXTENSION_free(ext);
+	{
+	STACK_OF(X509_EXTENSION) **sk = NULL;
+	if (crl)
+		sk = &crl->crl->extensions;
+	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
 	}
-	return 1;
-}
 
 /* Add extensions to certificate request */
 
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 	     X509_REQ *req)
-{
-	X509_EXTENSION *ext;
-	STACK_OF(X509_EXTENSION) *extlist = NULL;
-	STACK_OF(CONF_VALUE) *nval;
-	CONF_VALUE *val;	
+	{
+	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
 	int i;
-	if(!(nval = CONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
-								return 0;
-		if(!extlist) extlist = sk_X509_EXTENSION_new_null();
-		sk_X509_EXTENSION_push(extlist, ext);
-	}
-	if(req) i = X509_REQ_add_extensions(req, extlist);
-	else i = 1;
+	if (req)
+		sk = &extlist;
+	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+	if (!i || !sk)
+		return i;
+	i = X509_REQ_add_extensions(req, extlist);
 	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
 	return i;
-}
+	}
 
 /* Config database functions */
 
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-{
-	if(ctx->db_meth->get_string)
+	{
+	if (ctx->db_meth->get_string)
 			return ctx->db_meth->get_string(ctx->db, name, section);
 	return NULL;
-}
+	}
 
 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-{
-	if(ctx->db_meth->get_section)
+	{
+	if (ctx->db_meth->get_section)
 			return ctx->db_meth->get_section(ctx->db, section);
 	return NULL;
-}
+	}
 
 void X509V3_string_free(X509V3_CTX *ctx, char *str)
-{
-	if(!str) return;
-	if(ctx->db_meth->free_string)
+	{
+	if (!str) return;
+	if (ctx->db_meth->free_string)
 			ctx->db_meth->free_string(ctx->db, str);
-}
+	}
 
 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-{
-	if(!section) return;
-	if(ctx->db_meth->free_section)
+	{
+	if (!section) return;
+	if (ctx->db_meth->free_section)
 			ctx->db_meth->free_section(ctx->db, section);
-}
+	}
+
+static char *nconf_get_string(void *db, char *section, char *value)
+	{
+	return NCONF_get_string(db, section, value);
+	}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+	{
+	return NCONF_get_section(db, section);
+	}
+
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+	{
+	ctx->db_meth = &nconf_method;
+	ctx->db = conf;
+	}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+	     X509_CRL *crl, int flags)
+	{
+	ctx->issuer_cert = issuer;
+	ctx->subject_cert = subj;
+	ctx->crl = crl;
+	ctx->subject_req = req;
+	ctx->flags = flags;
+	}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+	     char *value)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+	}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     char *value)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+	}
 
 static char *conf_lhash_get_string(void *db, char *section, char *value)
-{
+	{
 	return CONF_get_string(db, section, value);
-}
+	}
 
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-{
+	{
 	return CONF_get_section(db, section);
-}
+	}
 
 static X509V3_CONF_METHOD conf_lhash_method = {
 conf_lhash_get_string,
@@ -374,17 +451,35 @@ NULL
 };
 
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-{
+	{
 	ctx->db_meth = &conf_lhash_method;
 	ctx->db = lhash;
-}
+	}
 
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-	     X509_CRL *crl, int flags)
-{
-	ctx->issuer_cert = issuer;
-	ctx->subject_cert = subj;
-	ctx->crl = crl;
-	ctx->subject_req = req;
-	ctx->flags = flags;
-}
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+	}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_CRL *crl)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+	}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_REQ *req)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+	}
diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c
index 8203ed7..0d4ab1f 100644
--- a/crypto/openssl/crypto/x509v3/v3_cpols.c
+++ b/crypto/openssl/crypto/x509v3/v3_cpols.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 /* Certificate policies extension support: this one is a bit complex... */
@@ -76,18 +76,55 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
 
 X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,
-(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
-(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
-(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
-(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
-NULL, NULL,
-NULL, NULL,
+NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+0,0,0,0,
+0,0,
+0,0,
 (X509V3_EXT_I2R)i2r_certpol,
 (X509V3_EXT_R2I)r2i_certpol,
 NULL
 };
 
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
 
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
 		X509V3_CTX *ctx, char *value)
@@ -327,83 +364,6 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
 	return 1;
 }
 
-
-int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
-{
-
-return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
-                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
-
-STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
-{
-	return sk_POLICYINFO_new_null();
-}
-
-void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
-{
-	sk_POLICYINFO_pop_free(a, POLICYINFO_free);
-}
-
-STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
-		unsigned char **pp,long length)
-{
-return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
-                         POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-
-}
-
-IMPLEMENT_STACK_OF(POLICYINFO)
-IMPLEMENT_ASN1_SET_OF(POLICYINFO)
-
-int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
-							 i2d_POLICYQUALINFO);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
-							 i2d_POLICYQUALINFO);
-
-	M_ASN1_I2D_finish();
-}
-
-POLICYINFO *POLICYINFO_new(void)
-{
-	POLICYINFO *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, POLICYINFO);
-	ret->policyid = NULL;
-	ret->qualifiers = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
-}
-
-POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
-{
-	M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
-	if(!M_ASN1_D2I_end_sequence()) {
-		M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
-				 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
-	}
-	M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
-}
-
-void POLICYINFO_free(POLICYINFO *a)
-{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->policyid);
-	sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
-	OPENSSL_free (a);
-}
-
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
 		int indent)
 {
@@ -459,202 +419,4 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
 		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
 							 notice->exptext->data);
 }
-		
-	
-
-int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
-	switch(OBJ_obj2nid(a->pqualid)) {
-		case NID_id_qt_cps:
-		M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
-		break;
-
-		case NID_id_qt_unotice:
-		M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
-		break;
-
-		default:
-		M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
-		break;
-	}
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
-	switch(OBJ_obj2nid(a->pqualid)) {
-		case NID_id_qt_cps:
-		M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
-		break;
-
-		case NID_id_qt_unotice:
-		M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
-		break;
-
-		default:
-		M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
-		break;
-	}
-
-	M_ASN1_I2D_finish();
-}
-
-POLICYQUALINFO *POLICYQUALINFO_new(void)
-{
-	POLICYQUALINFO *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, POLICYQUALINFO);
-	ret->pqualid = NULL;
-	ret->d.other = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
-}
-
-POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
-		long length)
-{
-	M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
-	switch(OBJ_obj2nid(ret->pqualid)) {
-		case NID_id_qt_cps:
-		M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
-		break;
-
-		case NID_id_qt_unotice:
-		M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
-		break;
-
-		default:
-		M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
-		break;
-	}
-	M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
-}
-
-void POLICYQUALINFO_free(POLICYQUALINFO *a)
-{
-	if (a == NULL) return;
-	switch(OBJ_obj2nid(a->pqualid)) {
-		case NID_id_qt_cps:
-		M_ASN1_IA5STRING_free(a->d.cpsuri);
-		break;
-
-		case NID_id_qt_unotice:
-		USERNOTICE_free(a->d.usernotice);
-		break;
-
-		default:
-		ASN1_TYPE_free(a->d.other);
-		break;
-	}
-	
-	ASN1_OBJECT_free(a->pqualid);
-	OPENSSL_free (a);
-}
-
-int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
-	M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
-	M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
-
-	M_ASN1_I2D_finish();
-}
-
-USERNOTICE *USERNOTICE_new(void)
-{
-	USERNOTICE *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, USERNOTICE);
-	ret->noticeref = NULL;
-	ret->exptext = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
-}
-
-USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
-{
-	M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
-	if (!M_ASN1_D2I_end_sequence()) {
-		M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
-	}
-	M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
-}
-
-void USERNOTICE_free(USERNOTICE *a)
-{
-	if (a == NULL) return;
-	NOTICEREF_free(a->noticeref);
-	M_DISPLAYTEXT_free(a->exptext);
-	OPENSSL_free (a);
-}
-
-int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
-	M_ASN1_I2D_len_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
-				     i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
-	M_ASN1_I2D_put_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
-				     i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_finish();
-}
-
-NOTICEREF *NOTICEREF_new(void)
-{
-	NOTICEREF *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, NOTICEREF);
-	ret->organization = NULL;
-	ret->noticenos = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
-}
-
-NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
-{
-	M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	/* This is to cope with some broken encodings that use IA5STRING for
-         * the organization field
-	 */
-	M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
-							 V_ASN1_IA5STRING);
-	if(!ret->organization) {
-		 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
-	}
-	M_ASN1_D2I_get_seq_type(ASN1_INTEGER, ret->noticenos, d2i_ASN1_INTEGER,
-				ASN1_STRING_free);
-	M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
-}
-
-void NOTICEREF_free(NOTICEREF *a)
-{
-	if (a == NULL) return;
-	M_DISPLAYTEXT_free(a->organization);
-	sk_ASN1_INTEGER_pop_free(a->noticenos, ASN1_STRING_free);
-	OPENSSL_free (a);
-}
 
-IMPLEMENT_STACK_OF(POLICYQUALINFO)
-IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/crypto/openssl/crypto/x509v3/v3_crld.c b/crypto/openssl/crypto/x509v3/v3_crld.c
index 67feea40..894a8b9 100644
--- a/crypto/openssl/crypto/x509v3/v3_crld.c
+++ b/crypto/openssl/crypto/x509v3/v3_crld.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
@@ -69,15 +69,13 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
-(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
-(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
-(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
-NULL, NULL,
+NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_crld,
 (X509V3_EXT_V2I)v2i_crld,
-NULL, NULL, NULL
+0,0,
+NULL
 };
 
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
@@ -87,16 +85,16 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
 	int i;
 	for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
 		point = sk_DIST_POINT_value(crld, i);
-		if(point->distpoint && point->distpoint->fullname) {
-			exts = i2v_GENERAL_NAMES(NULL,
-					 point->distpoint->fullname, exts);
+		if(point->distpoint) {
+			if(point->distpoint->type == 0)
+				exts = i2v_GENERAL_NAMES(NULL,
+					 point->distpoint->name.fullname, exts);
+		        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
 		}
 		if(point->reasons) 
 			X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
 		if(point->CRLissuer)
 			X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
-		if(point->distpoint && point->distpoint->relativename)
-		        X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
 	}
 	return exts;
 }
@@ -105,7 +103,7 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	STACK_OF(DIST_POINT) *crld = NULL;
-	STACK_OF(GENERAL_NAME) *gens = NULL;
+	GENERAL_NAMES *gens = NULL;
 	GENERAL_NAME *gen = NULL;
 	CONF_VALUE *cnf;
 	int i;
@@ -123,7 +121,8 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 			goto merr;
 		}
 		if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
-		point->distpoint->fullname = gens;
+		point->distpoint->name.fullname = gens;
+		point->distpoint->type = 0;
 		gens = NULL;
 	}
 	return crld;
@@ -137,149 +136,27 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 	return NULL;
 }
 
-int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
-{
-
-return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
-                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
-
-STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
-{
-	return sk_DIST_POINT_new_null();
-}
-
-void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
-{
-	sk_DIST_POINT_pop_free(a, DIST_POINT_free);
-}
-
-STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
-		unsigned char **pp,long length)
-{
-return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
-                         DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-
-}
-
 IMPLEMENT_STACK_OF(DIST_POINT)
 IMPLEMENT_ASN1_SET_OF(DIST_POINT)
 
-int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
-{
-	int v = 0;
-	M_ASN1_I2D_vars(a);
-	/* NB: underlying type is a CHOICE so need EXPLICIT tagging */
-	M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
-	M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
-	M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
 
-	M_ASN1_I2D_seq_total();
+ASN1_CHOICE(DIST_POINT_NAME) = {
+	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END(DIST_POINT_NAME)
 
-	M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
-	M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
-	M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
 
-	M_ASN1_I2D_finish();
-}
+ASN1_SEQUENCE(DIST_POINT) = {
+	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
 
-DIST_POINT *DIST_POINT_new(void)
-{
-	DIST_POINT *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, DIST_POINT);
-	ret->distpoint = NULL;
-	ret->reasons = NULL;
-	ret->CRLissuer = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
-}
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
 
-DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
-	M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
-							V_ASN1_BIT_STRING);
-	M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
-							V_ASN1_SEQUENCE);
-	M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
-}
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
 
-void DIST_POINT_free(DIST_POINT *a)
-{
-	if (a == NULL) return;
-	DIST_POINT_NAME_free(a->distpoint);
-	M_ASN1_BIT_STRING_free(a->reasons);
-	sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
-	OPENSSL_free (a);
-}
-
-int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	if(a->fullname) {
-		M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
-	} else {
-		M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY,
-				a->relativename, i2d_X509_NAME_ENTRY, 1);
-	}
-
-	/* Don't want a SEQUENCE so... */
-	if(pp == NULL) return ret;
-	p = *pp;
-
-	if(a->fullname) {
-		M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
-	} else {
-		M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY,
-				a->relativename, i2d_X509_NAME_ENTRY, 1);
-	}
-	M_ASN1_I2D_finish();
-}
-
-DIST_POINT_NAME *DIST_POINT_NAME_new(void)
-{
-	DIST_POINT_NAME *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
-	ret->fullname = NULL;
-	ret->relativename = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
-}
-
-void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
-{
-	if (a == NULL) return;
-	sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free);
-	sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
-	OPENSSL_free (a);
-}
-
-DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
-	     long length)
-{
-        unsigned char _tmp, tag;
-        M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
-        M_ASN1_D2I_Init();
-        c.slen = length;
-
-        _tmp = M_ASN1_next;
-        tag = _tmp & ~V_ASN1_CONSTRUCTED;
-	
-	if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
-		M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
-							V_ASN1_SEQUENCE);
-	} else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
-		M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY,
-			ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1);
-	} else {
-		c.error = ASN1_R_BAD_TAG;
-		goto err;
-	}
-
-	M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
-}
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/crypto/openssl/crypto/x509v3/v3_enum.c b/crypto/openssl/crypto/x509v3/v3_enum.c
index aecfdc8..010c9d6 100644
--- a/crypto/openssl/crypto/x509v3/v3_enum.c
+++ b/crypto/openssl/crypto/x509v3/v3_enum.c
@@ -73,14 +73,12 @@ static ENUMERATED_NAMES crl_reasons[] = {
 };
 
 X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0,
-(X509V3_EXT_NEW)ASN1_ENUMERATED_new,
-(X509V3_EXT_FREE)ASN1_ENUMERATED_free,
-(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
-(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
+NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-(X509V3_EXT_S2I)0,
-NULL, NULL, NULL, NULL, crl_reasons};
+0,
+0,0,0,0,
+crl_reasons};
 
 
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
diff --git a/crypto/openssl/crypto/x509v3/v3_extku.c b/crypto/openssl/crypto/x509v3/v3_extku.c
index 53ec40a..b1cfaba 100644
--- a/crypto/openssl/crypto/x509v3/v3_extku.c
+++ b/crypto/openssl/crypto/x509v3/v3_extku.c
@@ -59,92 +59,84 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
-		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+		void *eku, STACK_OF(CONF_VALUE) *extlist);
+
 X509V3_EXT_METHOD v3_ext_ku = {
-NID_ext_key_usage, 0,
-(X509V3_EXT_NEW)ext_ku_new,
-(X509V3_EXT_FREE)ext_ku_free,
-(X509V3_EXT_D2I)d2i_ext_ku,
-(X509V3_EXT_I2D)i2d_ext_ku,
-NULL, NULL,
-(X509V3_EXT_I2V)i2v_ext_ku,
-(X509V3_EXT_V2I)v2i_ext_ku,
-NULL,NULL,
-NULL
+	NID_ext_key_usage, 0,
+	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+	0,0,0,0,
+	0,0,
+	i2v_EXTENDED_KEY_USAGE,
+	v2i_EXTENDED_KEY_USAGE,
+	0,0,
+	NULL
 };
 
-STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
-{
-	return sk_ASN1_OBJECT_new_null();
-}
-
-void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
-{
-	sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
-	return;
-}
-
-int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
-{
-	return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
-				V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-}
-
-STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
-					unsigned char **pp, long length)
-{
-	return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
-			 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+X509V3_EXT_METHOD v3_ocsp_accresp = {
+	NID_id_pkix_OCSP_acceptableResponses, 0,
+	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+	0,0,0,0,
+	0,0,
+	i2v_EXTENDED_KEY_USAGE,
+	v2i_EXTENDED_KEY_USAGE,
+	0,0,
+	NULL
+};
 
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
 
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
 
-static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
-		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+		void *a, STACK_OF(CONF_VALUE) *ext_list)
 {
-int i;
-ASN1_OBJECT *obj;
-char obj_tmp[80];
-for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-	obj = sk_ASN1_OBJECT_value(eku, i);
-	i2t_ASN1_OBJECT(obj_tmp, 80, obj);
-	X509V3_add_value(NULL, obj_tmp, &ext_list);
-}
-return ext_list;
+	EXTENDED_KEY_USAGE *eku = a;
+	int i;
+	ASN1_OBJECT *obj;
+	char obj_tmp[80];
+	for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+		obj = sk_ASN1_OBJECT_value(eku, i);
+		i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+		X509V3_add_value(NULL, obj_tmp, &ext_list);
+	}
+	return ext_list;
 }
 
-static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-STACK_OF(ASN1_OBJECT) *extku;
-char *extval;
-ASN1_OBJECT *objtmp;
-CONF_VALUE *val;
-int i;
+	EXTENDED_KEY_USAGE *extku;
+	char *extval;
+	ASN1_OBJECT *objtmp;
+	CONF_VALUE *val;
+	int i;
 
-if(!(extku = sk_ASN1_OBJECT_new_null())) {
-	X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
-	return NULL;
-}
-
-for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-	val = sk_CONF_VALUE_value(nval, i);
-	if(val->value) extval = val->value;
-	else extval = val->name;
-	if(!(objtmp = OBJ_txt2obj(extval, 0))) {
-		sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-		X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-		X509V3_conf_err(val);
+	if(!(extku = sk_ASN1_OBJECT_new_null())) {
+		X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	sk_ASN1_OBJECT_push(extku, objtmp);
-}
-return extku;
+
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		if(val->value) extval = val->value;
+		else extval = val->name;
+		if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+			X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+			X509V3_conf_err(val);
+			return NULL;
+		}
+		sk_ASN1_OBJECT_push(extku, objtmp);
+	}
+	return extku;
 }
diff --git a/crypto/openssl/crypto/x509v3/v3_genn.c b/crypto/openssl/crypto/x509v3/v3_genn.c
index d447514..650b510 100644
--- a/crypto/openssl/crypto/x509v3/v3_genn.c
+++ b/crypto/openssl/crypto/x509v3/v3_genn.c
@@ -59,233 +59,43 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
-{
-	unsigned char *p;
-	int ret;
-
-	ret = 0;
-
-	/* Save the location of initial TAG */
-	if(pp) p = *pp;
-	else p = NULL;
-
-	/* GEN_DNAME needs special treatment because of EXPLICIT tag */
-
-	if(a->type == GEN_DIRNAME) {
-		int v = 0;
-		M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
-		if(!p) return ret;
-		M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
-		*pp = p;
-		return ret;
-	}
-
-	switch(a->type) {
-
-		case GEN_X400:
-		case GEN_EDIPARTY:
-		ret = i2d_ASN1_TYPE(a->d.other, pp);
-		break;
-
-		case GEN_OTHERNAME:
-		ret = i2d_OTHERNAME(a->d.otherName, pp);
-		break;
-
-		case GEN_EMAIL:
-		case GEN_DNS:
-		case GEN_URI:
-		ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
-		break;
-
-		case GEN_IPADD:
-		ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
-		break;
-	
-		case GEN_RID:
-		ret = i2d_ASN1_OBJECT(a->d.rid, pp);
-		break;
-	}
-	/* Replace TAG with IMPLICIT value */
-	if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
-	return ret;
-}
-
-GENERAL_NAME *GENERAL_NAME_new()
-{
-	GENERAL_NAME *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, GENERAL_NAME);
-	ret->type = -1;
-	ret->d.ptr = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
-}
-
-GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
-								 long length)
-{
-	unsigned char _tmp;
-	M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
-	M_ASN1_D2I_Init();
-	c.slen = length;
-
-	_tmp = M_ASN1_next;
-	ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
-
-	switch(ret->type) {
-		/* Just put these in a "blob" for now */
-		case GEN_X400:
-		case GEN_EDIPARTY:
-		M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
-		break;
-
-		case GEN_OTHERNAME:
-		M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE);
-		break;
-
-		case GEN_EMAIL:
-		case GEN_DNS:
-		case GEN_URI:
-		M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
-							V_ASN1_IA5STRING);
-		break;
-
-		case GEN_DIRNAME:
-		M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
-		break;
-
-		case GEN_IPADD:
-		M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
-							V_ASN1_OCTET_STRING);
-		break;
-	
-		case GEN_RID:
-		M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
-		break;
-
-		default:
-		c.error = ASN1_R_BAD_TAG;
-		goto err;
-	}
-
-	c.slen = 0;
-	M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
-}
-
-void GENERAL_NAME_free(GENERAL_NAME *a)
-{
-	if (a == NULL) return;
-	switch(a->type) {
-		case GEN_X400:
-		case GEN_EDIPARTY:
-		ASN1_TYPE_free(a->d.other);
-		break;
-
-		case GEN_OTHERNAME:
-		OTHERNAME_free(a->d.otherName);
-		break;
-
-		case GEN_EMAIL:
-		case GEN_DNS:
-		case GEN_URI:
-
-		M_ASN1_IA5STRING_free(a->d.ia5);
-		break;
-
-		case GEN_DIRNAME:
-		X509_NAME_free(a->d.dirn);
-		break;
-
-		case GEN_IPADD:
-		M_ASN1_OCTET_STRING_free(a->d.ip);
-		break;
-	
-		case GEN_RID:
-		ASN1_OBJECT_free(a->d.rid);
-		break;
-
-	}
-	OPENSSL_free (a);
-}
-
-/* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as
- * explicit functions.
- */
-
-STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
-{
-	return sk_GENERAL_NAME_new_null();
-}
-
-void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
-{
-	sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
-}
-
-STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
-					 unsigned char **pp, long length)
-{
-return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
-			 GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
-
-int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
-{
-return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
-						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
-}
-
-IMPLEMENT_STACK_OF(GENERAL_NAME)
-IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
-
-int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp)
-{
-	int v = 0;
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
-
-	M_ASN1_I2D_finish();
-}
-
-OTHERNAME *OTHERNAME_new(void)
-{
-	OTHERNAME *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, OTHERNAME);
-	ret->type_id = OBJ_nid2obj(NID_undef);
-	M_ASN1_New(ret->value, ASN1_TYPE_new);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW);
-}
-
-OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0);
-	M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME);
-}
-
-void OTHERNAME_free(OTHERNAME *a)
-{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->type_id);
-	ASN1_TYPE_free(a->value);
-	OPENSSL_free (a);
-}
-
+ASN1_SEQUENCE(OTHERNAME) = {
+	ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+	/* Maybe have a true ANY DEFINED BY later */
+	ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+	ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+	ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+	ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+	ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+	ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+	/* Don't decode this */
+	ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+	/* X509_NAME is a CHOICE type so use EXPLICIT */
+	ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+	ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+	ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+	ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+	ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/crypto/openssl/crypto/x509v3/v3_info.c b/crypto/openssl/crypto/x509v3/v3_info.c
index a045a62..e269df1 100644
--- a/crypto/openssl/crypto/x509v3/v3_info.c
+++ b/crypto/openssl/crypto/x509v3/v3_info.c
@@ -60,28 +60,48 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+				AUTHORITY_INFO_ACCESS *ainfo,
 						STACK_OF(CONF_VALUE) *ret);
-static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
-(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
-(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
-NULL, NULL,
+{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
 (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-NULL, NULL, NULL};
+0,0,
+NULL};
+
+X509V3_EXT_METHOD v3_sinfo =
+{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+0,0,
+NULL};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+	ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+	ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+				AUTHORITY_INFO_ACCESS *ainfo,
 						STACK_OF(CONF_VALUE) *ret)
 {
 	ACCESS_DESCRIPTION *desc;
@@ -93,7 +113,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
 		ret = i2v_GENERAL_NAME(method, desc->location, ret);
 		if(!ret) break;
 		vtmp = sk_CONF_VALUE_value(ret, i);
-		i2t_ASN1_OBJECT(objtmp, 80, desc->method);
+		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
 		ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
 		if(!ntmp) {
 			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
@@ -111,10 +131,10 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
 	return ret;
 }
 
-static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-	STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
+	AUTHORITY_INFO_ACCESS *ainfo = NULL;
 	CONF_VALUE *cnf, ctmp;
 	ACCESS_DESCRIPTION *acc;
 	int i, objlen;
@@ -138,6 +158,7 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
 		objlen = ptmp - cnf->name;
 		ctmp.name = ptmp + 1;
 		ctmp.value = cnf->value;
+		GENERAL_NAME_free(acc->location);
 		if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
 								 goto err; 
 		if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
@@ -162,75 +183,11 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
 	return NULL;
 }
 
-int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
-
-	M_ASN1_I2D_finish();
-}
-
-ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
-{
-	ACCESS_DESCRIPTION *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
-	ret->method = OBJ_nid2obj(NID_undef);
-	ret->location = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
-}
-
-ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
-	     long length)
-{
-	M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
-	M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
-}
-
-void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
-{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->method);
-	GENERAL_NAME_free(a->location);
-	OPENSSL_free (a);
-}
-
-STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
-{
-	return sk_ACCESS_DESCRIPTION_new_null();
-}
-
-void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
-{
-	sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
-}
-
-STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
-					 unsigned char **pp, long length)
-{
-return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
-			 ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
-
-int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
-{
-return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
-						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
-}
-
-IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
-IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
-
-
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
+        {
+	i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+	i2a_GENERAL_NAME(bp, a->location);
+#endif
+	return 2;
+	}
diff --git a/crypto/openssl/crypto/x509v3/v3_int.c b/crypto/openssl/crypto/x509v3/v3_int.c
index 63c201e..f34cbfb 100644
--- a/crypto/openssl/crypto/x509v3/v3_int.c
+++ b/crypto/openssl/crypto/x509v3/v3_int.c
@@ -61,12 +61,9 @@
 #include <openssl/x509v3.h>
 
 X509V3_EXT_METHOD v3_crl_num = { 
-NID_crl_number, 0,
-(X509V3_EXT_NEW)ASN1_INTEGER_new,
-(X509V3_EXT_FREE)ASN1_INTEGER_free,
-(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
-(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
+NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-(X509V3_EXT_S2I)0,
-NULL, NULL, NULL, NULL, NULL};
+0,
+0,0,0,0, NULL};
 
diff --git a/crypto/openssl/crypto/x509v3/v3_lib.c b/crypto/openssl/crypto/x509v3/v3_lib.c
index ea86b9e..482ca8c 100644
--- a/crypto/openssl/crypto/x509v3/v3_lib.c
+++ b/crypto/openssl/crypto/x509v3/v3_lib.c
@@ -163,8 +163,9 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
 	X509V3_EXT_METHOD *method;
 	unsigned char *p;
-	if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
+	if(!(method = X509V3_EXT_get(ext))) return NULL;
 	p = ext->value->data;
+	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
 	return method->d2i(NULL, &p, ext->value->length);
 }
 
@@ -212,7 +213,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
 	}
 	if(found_ex) {
 		/* Found it */
-		if(crit) *crit = found_ex->critical;
+		if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
 		return X509V3_EXT_d2i(found_ex);
 	}
 
@@ -222,4 +223,79 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
 	return NULL;
 }
 
+/* This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+					int crit, unsigned long flags)
+{
+	int extidx = -1;
+	int errcode;
+	X509_EXTENSION *ext, *extmp;
+	unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+	/* If appending we don't care if it exists, otherwise
+	 * look for existing extension.
+	 */
+	if(ext_op != X509V3_ADD_APPEND)
+		extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+	/* See if extension exists */
+	if(extidx >= 0) {
+		/* If keep existing, nothing to do */
+		if(ext_op == X509V3_ADD_KEEP_EXISTING)
+			return 1;
+		/* If default then its an error */
+		if(ext_op == X509V3_ADD_DEFAULT) {
+			errcode = X509V3_R_EXTENSION_EXISTS;
+			goto err;
+		}
+		/* If delete, just delete it */
+		if(ext_op == X509V3_ADD_DELETE) {
+			if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
+			return 1;
+		}
+	} else {
+		/* If replace existing or delete, error since 
+		 * extension must exist
+		 */
+		if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+		   (ext_op == X509V3_ADD_DELETE)) {
+			errcode = X509V3_R_EXTENSION_NOT_FOUND;
+			goto err;
+		}
+	}
+
+	/* If we get this far then we have to create an extension:
+	 * could have some flags for alternative encoding schemes...
+	 */
+
+	ext = X509V3_EXT_i2d(nid, crit, value);
+
+	if(!ext) {
+		X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
+		return 0;
+	}
+
+	/* If extension exists replace it.. */
+	if(extidx >= 0) {
+		extmp = sk_X509_EXTENSION_value(*x, extidx);
+		X509_EXTENSION_free(extmp);
+		if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
+		return 1;
+	}
+
+	if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
+	if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
+
+	return 1;
+
+	err:
+	if(!(flags & X509V3_ADD_SILENT))
+		X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
+	return 0;
+}
+
 IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/crypto/openssl/crypto/x509v3/v3_ocsp.c b/crypto/openssl/crypto/x509v3/v3_ocsp.c
new file mode 100644
index 0000000..0831123
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_ocsp.c
@@ -0,0 +1,272 @@
+/* v3_ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+
+X509V3_EXT_METHOD v3_ocsp_crlid = {
+	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_crlid,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_acutoff = {
+	NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_acutoff,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_crl_invdate = {
+	NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_acutoff,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_crl_hold = {
+	NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_object,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nonce = {
+	NID_id_pkix_OCSP_Nonce, 0, NULL,
+	ocsp_nonce_new,
+	ocsp_nonce_free,
+	d2i_ocsp_nonce,
+	i2d_ocsp_nonce,
+	0,0,
+	0,0,
+	i2r_ocsp_nonce,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+	NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+	0,0,0,0,
+	0,s2i_ocsp_nocheck,
+	0,0,
+	i2r_ocsp_nocheck,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+	NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_serviceloc,0,
+	NULL
+};
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
+	OCSP_CRLID *a = in;
+	if (a->crlUrl)
+	        {
+		if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+		if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+		if (!BIO_write(bp, "\n", 1)) goto err;
+		}
+	if (a->crlNum)
+	        {
+		if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+		if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+		if (!BIO_write(bp, "\n", 1)) goto err;
+		}
+	if (a->crlTime)
+	        {
+		if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+		if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+		if (!BIO_write(bp, "\n", 1)) goto err;
+		}
+	return 1;
+	err:
+	return 0;
+}
+
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+{
+	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+	if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+	return 1;
+}
+
+
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+	if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+	return 1;
+}
+
+/* OCSP nonce. This is needs special treatment because it doesn't have
+ * an ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+	return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+	ASN1_OCTET_STRING *os = a;
+	if(pp) {
+		memcpy(*pp, os->data, os->length);
+		*pp += os->length;
+	}
+	return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
+{
+	ASN1_OCTET_STRING *os, **pos;
+	pos = a;
+	if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
+	else os = *pos;
+	if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+
+	*pp += length;
+
+	if(pos) *pos = os;
+	return os;
+
+	err:
+	if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+	M_ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+{
+	if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
+	if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+	return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+	return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+	return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+        {
+	int i;
+	OCSP_SERVICELOC *a = in;
+	ACCESS_DESCRIPTION *ad;
+
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
+        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
+	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+	        {
+				ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+				if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
+					goto err;
+				if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
+				if(BIO_puts(bp, " - ") <= 0) goto err;
+				if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
+		}
+	return 1;
+err:
+	return 0;
+	}
diff --git a/crypto/openssl/crypto/x509v3/v3_pku.c b/crypto/openssl/crypto/x509v3/v3_pku.c
index 47f9e8f..49a2e46 100644
--- a/crypto/openssl/crypto/x509v3/v3_pku.c
+++ b/crypto/openssl/crypto/x509v3/v3_pku.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
@@ -67,62 +67,19 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0,
-(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
-(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
-(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
-(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
-NULL, NULL, NULL, NULL,
+NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+0,0,0,0,
+0,0,0,0,
 (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
 NULL
 };
 
-int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
-	M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
-	M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
-
-	M_ASN1_I2D_finish();
-}
-
-PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
-{
-	PKEY_USAGE_PERIOD *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
-	ret->notBefore = NULL;
-	ret->notAfter = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
-}
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
 
-PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
-	     unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
-							V_ASN1_GENERALIZEDTIME);
-	M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
-							V_ASN1_GENERALIZEDTIME);
-	M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
-}
-
-void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
-{
-	if (a == NULL) return;
-	M_ASN1_GENERALIZEDTIME_free(a->notBefore);
-	M_ASN1_GENERALIZEDTIME_free(a->notAfter);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
 	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
diff --git a/crypto/openssl/crypto/x509v3/v3_prn.c b/crypto/openssl/crypto/x509v3/v3_prn.c
index 14b804c..aeaf617 100644
--- a/crypto/openssl/crypto/x509v3/v3_prn.c
+++ b/crypto/openssl/crypto/x509v3/v3_prn.c
@@ -64,6 +64,8 @@
 
 /* Extension printing routines */
 
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
+
 /* Print out a name+value stack */
 
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
@@ -103,16 +105,22 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
 
 /* Main routine: print out a general extension */
 
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
 {
-	char *ext_str = NULL, *value = NULL;
+	void *ext_str = NULL;
+	char *value = NULL;
 	unsigned char *p;
 	X509V3_EXT_METHOD *method;	
 	STACK_OF(CONF_VALUE) *nval = NULL;
 	int ok = 1;
-	if(!(method = X509V3_EXT_get(ext))) return 0;
+	if(!(method = X509V3_EXT_get(ext)))
+		return unknown_ext_print(out, ext, flag, indent, 0);
 	p = ext->value->data;
-	if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
+	else ext_str = method->d2i(NULL, &p, ext->value->length);
+
+	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
+
 	if(method->i2s) {
 		if(!(value = method->i2s(method, ext_str))) {
 			ok = 0;
@@ -148,11 +156,71 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
 	err:
 		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
 		if(value) OPENSSL_free(value);
-		method->ext_free(ext_str);
+		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+		else method->ext_free(ext_str);
 		return ok;
 }
 
-#ifndef NO_FP_API
+int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+{
+	int i, j;
+
+	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
+
+	if(title) 
+		{
+		BIO_printf(bp,"%*s%s:\n",indent, "", title);
+		indent += 4;
+		}
+
+	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+		{
+		ASN1_OBJECT *obj;
+		X509_EXTENSION *ex;
+		ex=sk_X509_EXTENSION_value(exts, i);
+		if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
+		obj=X509_EXTENSION_get_object(ex);
+		i2a_ASN1_OBJECT(bp,obj);
+		j=X509_EXTENSION_get_critical(ex);
+		if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
+			return 0;
+		if(!X509V3_EXT_print(bp, ex, flag, 12))
+			{
+			BIO_printf(bp, "%*s", indent + 4, "");
+			M_ASN1_OCTET_STRING_print(bp,ex->value);
+			}
+		if (BIO_write(bp,"\n",1) <= 0) return 0;
+		}
+	return 1;
+}
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+{
+	switch(flag & X509V3_EXT_UNKNOWN_MASK) {
+
+		case X509V3_EXT_DEFAULT:
+		return 0;
+
+		case X509V3_EXT_ERROR_UNKNOWN:
+		if(supported)
+			BIO_printf(out, "%*s<Parse Error>", indent, "");
+		else
+			BIO_printf(out, "%*s<Not Supported>", indent, "");
+		return 1;
+
+		case X509V3_EXT_PARSE_UNKNOWN:
+			return ASN1_parse_dump(out,
+				ext->value->data, ext->value->length, indent, -1);
+		case X509V3_EXT_DUMP_UNKNOWN:
+			return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
+
+		default:
+		return 1;
+	}
+}
+	
+
+#ifndef OPENSSL_NO_FP_API
 int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
 {
 	BIO *bio_tmp;
diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c
index 8aecd00..b739e4f 100644
--- a/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/crypto/openssl/crypto/x509v3/v3_purp.c
@@ -1,9 +1,9 @@
 /* v3_purp.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
+ * project 2001.
  */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -61,7 +61,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 
-
 static void x509v3_cache_extensions(X509 *x);
 
 static int ca_check(const X509 *x);
@@ -74,6 +73,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
 
 static int xp_cmp(const X509_PURPOSE * const *a,
 		const X509_PURPOSE * const *b);
@@ -87,6 +87,7 @@ static X509_PURPOSE xstandard[] = {
 	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
 	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
 	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
+	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
 };
 
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -120,6 +121,16 @@ int X509_check_purpose(X509 *x, int id, int ca)
 	return pt->check_purpose(pt, x, ca);
 }
 
+int X509_PURPOSE_set(int *p, int purpose)
+{
+	if(X509_PURPOSE_get_by_id(purpose) == -1) {
+		X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+		return 0;
+	}
+	*p = purpose;
+	return 1;
+}
+
 int X509_PURPOSE_get_count(void)
 {
 	if(!xptable) return X509_PURPOSE_COUNT;
@@ -144,7 +155,6 @@ int X509_PURPOSE_get_by_sname(char *sname)
 	return -1;
 }
 
-
 int X509_PURPOSE_get_by_id(int purpose)
 {
 	X509_PURPOSE tmp;
@@ -256,16 +266,55 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
 	return xp->trust;
 }
 
+static int nid_cmp(int *a, int *b)
+	{
+	return *a - *b;
+	}
+
+int X509_supported_extension(X509_EXTENSION *ex)
+	{
+	/* This table is a list of the NIDs of supported extensions:
+	 * that is those which are used by the verify process. If
+	 * an extension is critical and doesn't appear in this list
+	 * then the verify process will normally reject the certificate.
+	 * The list must be kept in numerical order because it will be
+	 * searched using bsearch.
+	 */
+
+	static int supported_nids[] = {
+		NID_netscape_cert_type, /* 71 */
+        	NID_key_usage,		/* 83 */
+		NID_subject_alt_name,	/* 85 */
+		NID_basic_constraints,	/* 87 */
+        	NID_ext_key_usage	/* 126 */
+	};
+
+	int ex_nid;
+
+	ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+	if (ex_nid == NID_undef) 
+		return 0;
+
+	if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+		sizeof(supported_nids)/sizeof(int), sizeof(int),
+		(int (*)(const void *, const void *))nid_cmp))
+		return 1;
+	return 0;
+	}
+ 
+
 static void x509v3_cache_extensions(X509 *x)
 {
 	BASIC_CONSTRAINTS *bs;
 	ASN1_BIT_STRING *usage;
 	ASN1_BIT_STRING *ns;
-	STACK_OF(ASN1_OBJECT) *extusage;
+	EXTENDED_KEY_USAGE *extusage;
+	X509_EXTENSION *ex;
 	
 	int i;
 	if(x->ex_flags & EXFLAG_SET) return;
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
 #endif
 	/* Does subject name match issuer ? */
@@ -320,6 +369,15 @@ static void x509v3_cache_extensions(X509 *x)
 				case NID_ms_sgc:
 				case NID_ns_sgc:
 				x->ex_xkusage |= XKU_SGC;
+				break;
+
+				case NID_OCSP_sign:
+				x->ex_xkusage |= XKU_OCSP_SIGN;
+				break;
+
+				case NID_time_stamp:
+				x->ex_xkusage |= XKU_TIMESTAMP;
+				break;
 			}
 		}
 		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
@@ -333,6 +391,17 @@ static void x509v3_cache_extensions(X509 *x)
 	}
 	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
 	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+	for (i = 0; i < X509_get_ext_count(x); i++)
+		{
+		ex = X509_get_ext(x, i);
+		if (!X509_EXTENSION_get_critical(ex))
+			continue;
+		if (!X509_supported_extension(ex))
+			{
+			x->ex_flags |= EXFLAG_CRITICAL;
+			break;
+			}
+		}
 	x->ex_flags |= EXFLAG_SET;
 }
 
@@ -472,6 +541,27 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
 	return 1;
 }
 
+/* OCSP helper: this is *not* a full OCSP check. It just checks that
+ * each CA is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	/* Must be a valid CA */
+	if(ca) {
+		int ca_ret;
+		ca_ret = ca_check(x);
+		if(ca_ret != 2) return ca_ret;
+		if(x->ex_flags & EXFLAG_NSCERT) {
+			if(x->ex_nscert & NS_ANY_CA) return ca_ret;
+			return 0;
+		}
+		return 0;
+	}
+	/* leaf certificate is checked in OCSP_verify() */
+	return 1;
+}
+
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
 	return 1;
@@ -513,7 +603,7 @@ int X509_check_issued(X509 *issuer, X509 *subject)
 			 * There may be more than one but we only take any
 			 * notice of the first.
 			 */
-			STACK_OF(GENERAL_NAME) *gens;
+			GENERAL_NAMES *gens;
 			GENERAL_NAME *gen;
 			X509_NAME *nm = NULL;
 			int i;
diff --git a/crypto/openssl/crypto/x509v3/v3_skey.c b/crypto/openssl/crypto/x509v3/v3_skey.c
index 939845f..c0f044a 100644
--- a/crypto/openssl/crypto/x509v3/v3_skey.c
+++ b/crypto/openssl/crypto/x509v3/v3_skey.c
@@ -63,14 +63,12 @@
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0,
-(X509V3_EXT_NEW)ASN1_OCTET_STRING_new,
-(X509V3_EXT_FREE)ASN1_OCTET_STRING_free,
-(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
-(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
+NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
 (X509V3_EXT_S2I)s2i_skey_id,
-NULL, NULL, NULL, NULL, NULL};
+0,0,0,0,
+NULL};
 
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
 	     ASN1_OCTET_STRING *oct)
@@ -106,7 +104,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
 	ASN1_OCTET_STRING *oct;
 	ASN1_BIT_STRING *pk;
 	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX md;
 	unsigned int diglen;
 
 	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
@@ -132,9 +129,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
 		goto err;
 	}
 
-	EVP_DigestInit(&md, EVP_sha1());
-	EVP_DigestUpdate(&md, pk->data, pk->length);
-	EVP_DigestFinal(&md, pkey_dig, &diglen);
+	EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
 
 	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
 		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c
index bfecacd..d3f4ba3 100644
--- a/crypto/openssl/crypto/x509v3/v3_sxnet.c
+++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 /* Support for Thawte strong extranet extension */
@@ -73,111 +73,33 @@ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 						STACK_OF(CONF_VALUE) *nval);
 #endif
 X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)SXNET_new,
-(X509V3_EXT_FREE)SXNET_free,
-(X509V3_EXT_D2I)d2i_SXNET,
-(X509V3_EXT_I2D)i2d_SXNET,
-NULL, NULL,
-NULL, 
+NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+0,0,0,0,
+0,0,
+0, 
 #ifdef SXNET_TEST
 (X509V3_EXT_V2I)sxnet_v2i,
 #else
-NULL,
+0,
 #endif
 (X509V3_EXT_I2R)sxnet_i2r,
-NULL,
+0,
 NULL
 };
 
+ASN1_SEQUENCE(SXNETID) = {
+	ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+	ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
 
-int i2d_SXNET(SXNET *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
 
-	M_ASN1_I2D_finish();
-}
-
-SXNET *SXNET_new(void)
-{
-	SXNET *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, SXNET);
-	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->ids,sk_SXNETID_new_null);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_SXNET_NEW);
-}
+ASN1_SEQUENCE(SXNET) = {
+	ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+	ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
 
-SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
-	M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
-}
-
-void SXNET_free(SXNET *a)
-{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->version);
-	sk_SXNETID_pop_free(a->ids, SXNETID_free);
-	OPENSSL_free (a);
-}
-
-int i2d_SXNETID(SXNETID *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-}
-
-SXNETID *SXNETID_new(void)
-{
-	SXNETID *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, SXNETID);
-	ret->zone = NULL;
-	M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
-}
-
-SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
-}
-
-void SXNETID_free(SXNETID *a)
-{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->zone);
-	M_ASN1_OCTET_STRING_free(a->user);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
 
 static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
 	     int indent)
diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/openssl/crypto/x509v3/v3_utl.c
index 7747da2..34ac299 100644
--- a/crypto/openssl/crypto/x509v3/v3_utl.c
+++ b/crypto/openssl/crypto/x509v3/v3_utl.c
@@ -66,7 +66,7 @@
 
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens);
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
 static void str_free(void *str);
 static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
 
@@ -154,21 +154,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
 {
 	BIGNUM *bn = NULL;
 	ASN1_INTEGER *aint;
+	int isneg, ishex;
+	int ret;
 	bn = BN_new();
-	if(!value) {
+	if (!value) {
 		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
 		return 0;
 	}
-	if(!BN_dec2bn(&bn, value)) {
+	if (value[0] == '-') {
+		value++;
+		isneg = 1;
+	} else isneg = 0;
+
+	if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+		value += 2;
+		ishex = 1;
+	} else ishex = 0;
+
+	if (ishex) ret = BN_hex2bn(&bn, value);
+	else ret = BN_dec2bn(&bn, value);
+
+	if (!ret) {
 		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
 		return 0;
 	}
 
-	if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+	if (isneg && BN_is_zero(bn)) isneg = 0;
+
+	aint = BN_to_ASN1_INTEGER(bn, NULL);
+	BN_free(bn);
+	if (!aint) {
 		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
 		return 0;
 	}
-	BN_free(bn);
+	if (isneg) aint->type |= V_ASN1_NEG;
 	return aint;
 }
 
@@ -221,7 +240,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
 
 /*#define DEBUG*/
 
-STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
 {
 	char *p, *q, c;
 	char *ntmp, *vtmp;
@@ -439,7 +458,7 @@ static int sk_strcmp(const char * const *a, const char * const *b)
 
 STACK *X509_get1_email(X509 *x)
 {
-	STACK_OF(GENERAL_NAME) *gens;
+	GENERAL_NAMES *gens;
 	STACK *ret;
 	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
 	ret = get_email(X509_get_subject_name(x), gens);
@@ -449,7 +468,7 @@ STACK *X509_get1_email(X509 *x)
 
 STACK *X509_REQ_get1_email(X509_REQ *x)
 {
-	STACK_OF(GENERAL_NAME) *gens;
+	GENERAL_NAMES *gens;
 	STACK_OF(X509_EXTENSION) *exts;
 	STACK *ret;
 	exts = X509_REQ_get_extensions(x);
@@ -461,7 +480,7 @@ STACK *X509_REQ_get1_email(X509_REQ *x)
 }
 
 
-static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens)
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
 {
 	STACK *ret = NULL;
 	X509_NAME_ENTRY *ne;
@@ -472,7 +491,7 @@ static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens)
 	i = -1;
 	/* First supplied X509_NAME */
 	while((i = X509_NAME_get_index_by_NID(name,
-					 NID_pkcs9_emailAddress, i)) > 0) {
+					 NID_pkcs9_emailAddress, i)) >= 0) {
 		ne = X509_NAME_get_entry(name, i);
 		email = X509_NAME_ENTRY_get_data(ne);
 		if(!append_ia5(&ret, email)) return NULL;
diff --git a/crypto/openssl/crypto/x509v3/v3conf.c b/crypto/openssl/crypto/x509v3/v3conf.c
index 21cf746..67ee14f 100644
--- a/crypto/openssl/crypto/x509v3/v3conf.c
+++ b/crypto/openssl/crypto/x509v3/v3conf.c
@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
diff --git a/crypto/openssl/crypto/x509v3/v3err.c b/crypto/openssl/crypto/x509v3/v3err.c
index aa4a605..6458e95 100644
--- a/crypto/openssl/crypto/x509v3/v3err.c
+++ b/crypto/openssl/crypto/x509v3/v3err.c
@@ -63,7 +63,7 @@
 #include <openssl/x509v3.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA X509V3_str_functs[]=
 	{
 {ERR_PACK(0,X509V3_F_COPY_EMAIL,0),	"COPY_EMAIL"},
@@ -98,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),	"v2i_GENERAL_NAME"},
 {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),	"v2i_GENERAL_NAMES"},
 {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),	"V3_GENERIC_EXTENSION"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0),	"X509V3_ADD_I2D"},
 {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),	"X509V3_add_value"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),	"X509V3_EXT_add"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
@@ -106,6 +107,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),	"X509V3_get_value_bool"},
 {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
 {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0),	"X509_PURPOSE_add"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0),	"X509_PURPOSE_set"},
 {0,NULL}
 	};
 
@@ -117,8 +119,10 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
 {X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
 {X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
+{X509V3_R_ERROR_CREATING_EXTENSION       ,"error creating extension"},
 {X509V3_R_ERROR_IN_EXTENSION             ,"error in extension"},
 {X509V3_R_EXPECTED_A_SECTION_NAME        ,"expected a section name"},
+{X509V3_R_EXTENSION_EXISTS               ,"extension exists"},
 {X509V3_R_EXTENSION_NAME_ERROR           ,"extension name error"},
 {X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
 {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
@@ -135,6 +139,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
 {X509V3_R_INVALID_OPTION                 ,"invalid option"},
 {X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_PURPOSE                ,"invalid purpose"},
 {X509V3_R_INVALID_SECTION                ,"invalid section"},
 {X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
 {X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
@@ -167,7 +172,7 @@ void ERR_load_X509V3_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
 		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/x509v3/v3prin.c b/crypto/openssl/crypto/x509v3/v3prin.c
index ee79885..b529814 100644
--- a/crypto/openssl/crypto/x509v3/v3prin.c
+++ b/crypto/openssl/crypto/x509v3/v3prin.c
@@ -59,9 +59,7 @@
 
 
 #include <stdio.h>
-#include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h
index f810d46..daecc55 100644
--- a/crypto/openssl/crypto/x509v3/x509v3.h
+++ b/crypto/openssl/crypto/x509v3/x509v3.h
@@ -88,6 +88,9 @@ typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx
 struct v3_ext_method {
 int ext_nid;
 int ext_flags;
+/* If this is set the following four fields are ignored */
+ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
 X509V3_EXT_NEW ext_new;
 X509V3_EXT_FREE ext_free;
 X509V3_EXT_D2I d2i;
@@ -156,35 +159,56 @@ ASN1_OBJECT *type_id;
 ASN1_TYPE *value;
 } OTHERNAME;
 
+typedef struct EDIPartyName_st {
+	ASN1_STRING *nameAssigner;
+	ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
 typedef struct GENERAL_NAME_st {
 
-#define GEN_OTHERNAME	(0|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_EMAIL	(1|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_DNS		(2|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_X400	(3|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_DIRNAME	(4|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_EDIPARTY	(5|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_URI		(6|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_IPADD	(7|V_ASN1_CONTEXT_SPECIFIC)
-#define GEN_RID		(8|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_OTHERNAME	0
+#define GEN_EMAIL	1
+#define GEN_DNS		2
+#define GEN_X400	3
+#define GEN_DIRNAME	4
+#define GEN_EDIPARTY	5
+#define GEN_URI		6
+#define GEN_IPADD	7
+#define GEN_RID		8
 
 int type;
 union {
 	char *ptr;
-	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+	OTHERNAME *otherName; /* otherName */
+	ASN1_IA5STRING *rfc822Name;
+	ASN1_IA5STRING *dNSName;
+	ASN1_TYPE *x400Address;
+	X509_NAME *directoryName;
+	EDIPARTYNAME *ediPartyName;
+	ASN1_IA5STRING *uniformResourceIdentifier;
+	ASN1_OCTET_STRING *iPAddress;
+	ASN1_OBJECT *registeredID;
+
+	/* Old names */
 	ASN1_OCTET_STRING *ip; /* iPAddress */
 	X509_NAME *dirn;		/* dirn */
+	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
 	ASN1_OBJECT *rid; /* registeredID */
-	OTHERNAME *otherName; /* otherName */
-	ASN1_TYPE *other; /* ediPartyName, x400Address */
+	ASN1_TYPE *other; /* x400Address */
 } d;
 } GENERAL_NAME;
 
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+
 typedef struct ACCESS_DESCRIPTION_st {
 	ASN1_OBJECT *method;
 	GENERAL_NAME *location;
 } ACCESS_DESCRIPTION;
 
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
 DECLARE_STACK_OF(GENERAL_NAME)
 DECLARE_ASN1_SET_OF(GENERAL_NAME)
 
@@ -192,23 +216,27 @@ DECLARE_STACK_OF(ACCESS_DESCRIPTION)
 DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
 
 typedef struct DIST_POINT_NAME_st {
-/* NB: this is a CHOICE type and only one of these should be set */
-STACK_OF(GENERAL_NAME) *fullname;
-STACK_OF(X509_NAME_ENTRY) *relativename;
+int type;
+union {
+	GENERAL_NAMES *fullname;
+	STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
 } DIST_POINT_NAME;
 
 typedef struct DIST_POINT_st {
 DIST_POINT_NAME	*distpoint;
 ASN1_BIT_STRING *reasons;
-STACK_OF(GENERAL_NAME) *CRLissuer;
+GENERAL_NAMES *CRLissuer;
 } DIST_POINT;
 
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_ASN1_SET_OF(DIST_POINT)
 
 typedef struct AUTHORITY_KEYID_st {
 ASN1_OCTET_STRING *keyid;
-STACK_OF(GENERAL_NAME) *issuer;
+GENERAL_NAMES *issuer;
 ASN1_INTEGER *serial;
 } AUTHORITY_KEYID;
 
@@ -254,6 +282,8 @@ typedef struct POLICYINFO_st {
 	STACK_OF(POLICYQUALINFO) *qualifiers;
 } POLICYINFO;
 
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
 DECLARE_STACK_OF(POLICYINFO)
 DECLARE_ASN1_SET_OF(POLICYINFO)
 
@@ -262,32 +292,24 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 
 #define X509V3_set_ctx_test(ctx) \
 			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
-#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
+#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
 
-#define EXT_BITSTRING(nid, table) { nid, 0, \
-			(X509V3_EXT_NEW)ASN1_BIT_STRING_new, \
-			(X509V3_EXT_FREE)ASN1_BIT_STRING_free, \
-			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
-			(X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
-			NULL, NULL, \
+#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+			0,0,0,0, \
+			0,0, \
 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
 			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
 			NULL, NULL, \
-			(char *)table}
+			table}
 
-#define EXT_IA5STRING(nid) { nid, 0, \
-			(X509V3_EXT_NEW)ASN1_IA5STRING_new, \
-			(X509V3_EXT_FREE)ASN1_IA5STRING_free, \
-			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
-			(X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
+#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+			0,0,0,0, \
 			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
 			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
-			NULL, NULL, NULL, NULL, \
+			0,0,0,0, \
 			NULL}
 
-#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
-			 NULL, NULL, NULL, NULL, \
-			 NULL}
+#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 
 
 /* X509_PURPOSE stuff */
@@ -302,6 +324,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define EXFLAG_V1		0x40
 #define EXFLAG_INVALID		0x80
 #define EXFLAG_SET		0x100
+#define EXFLAG_CRITICAL		0x200
 
 #define KU_DIGITAL_SIGNATURE	0x0080
 #define KU_NON_REPUDIATION	0x0040
@@ -320,12 +343,15 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define NS_SSL_CA		0x04
 #define NS_SMIME_CA		0x02
 #define NS_OBJSIGN_CA		0x01
+#define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
 
 #define XKU_SSL_SERVER		0x1	
 #define XKU_SSL_CLIENT		0x2
 #define XKU_SMIME		0x4
 #define XKU_CODE_SIGN		0x8
 #define XKU_SGC			0x10
+#define XKU_OCSP_SIGN		0x20
+#define XKU_TIMESTAMP		0x40
 
 #define X509_PURPOSE_DYNAMIC	0x1
 #define X509_PURPOSE_DYNAMIC_NAME	0x2
@@ -348,32 +374,40 @@ typedef struct x509_purpose_st {
 #define X509_PURPOSE_SMIME_ENCRYPT	5
 #define X509_PURPOSE_CRL_SIGN		6
 #define X509_PURPOSE_ANY		7
+#define X509_PURPOSE_OCSP_HELPER	8
 
 #define X509_PURPOSE_MIN		1
-#define X509_PURPOSE_MAX		7
+#define X509_PURPOSE_MAX		8
+
+/* Flags for X509V3_EXT_print() */
+
+#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT		0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+#define X509V3_ADD_OP_MASK		0xfL
+#define X509V3_ADD_DEFAULT		0L
+#define X509V3_ADD_APPEND		1L
+#define X509V3_ADD_REPLACE		2L
+#define X509V3_ADD_REPLACE_EXISTING	3L
+#define X509V3_ADD_KEEP_EXISTING	4L
+#define X509V3_ADD_DELETE		5L
+#define X509V3_ADD_SILENT		0x10
 
 DECLARE_STACK_OF(X509_PURPOSE)
 
-int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
-BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
-BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
-void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
 
-int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
-GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
-GENERAL_NAME *GENERAL_NAME_new(void);
-void GENERAL_NAME_free(GENERAL_NAME *a);
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
-
-int i2d_SXNET(SXNET *a, unsigned char **pp);
-SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
-SXNET *SXNET_new(void);
-void SXNET_free(SXNET *a);
-
-int i2d_SXNETID(SXNETID *a, unsigned char **pp);
-SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
-SXNETID *SXNETID_new(void);
-void SXNETID_free(SXNETID *a);
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
 
 int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
 int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
@@ -383,108 +417,66 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
 
-int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
-AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
-AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
-void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
 
-int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp);
-PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, unsigned char **pp, long length);
-PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
-void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 
-STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void);
-void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a);
-STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length);
-int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp);
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist);
-STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
-int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp);
-OTHERNAME *OTHERNAME_new(void);
-OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length);
-void OTHERNAME_free(OTHERNAME *a);
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
 
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 
-int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp);
-STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
-					unsigned char **pp, long length);
-void ext_ku_free(STACK_OF(ASN1_OBJECT) *a);
-STACK_OF(ASN1_OBJECT) *ext_ku_new(void);
-
-int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
-STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
-void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
-STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
-
-int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
-POLICYINFO *POLICYINFO_new(void);
-POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
-void POLICYINFO_free(POLICYINFO *a);
-
-int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
-POLICYQUALINFO *POLICYQUALINFO_new(void);
-POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
-								 long length);
-void POLICYQUALINFO_free(POLICYQUALINFO *a);
-
-int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
-USERNOTICE *USERNOTICE_new(void);
-USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
-void USERNOTICE_free(USERNOTICE *a);
-
-int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
-NOTICEREF *NOTICEREF_new(void);
-NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
-void NOTICEREF_free(NOTICEREF *a);
-
-int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp);
-STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void);
-void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a);
-STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
-                unsigned char **pp,long length);
-
-int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp);
-DIST_POINT *DIST_POINT_new(void);
-DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length);
-void DIST_POINT_free(DIST_POINT *a);
-
-int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp);
-DIST_POINT_NAME *DIST_POINT_NAME_new(void);
-void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
-DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
-             long length);
-
-int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp);
-ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
-void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
-ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
-             long length);
-
-STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
-void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
-STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
-					 unsigned char **pp, long length);
-int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
 
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
 
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif
 
@@ -515,11 +507,13 @@ void X509V3_EXT_cleanup(void);
 X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
 X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
-STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
 void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
 
+
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
 
 char *hex_to_string(unsigned char *buffer, long len);
 unsigned char *string_to_hex(char *str, long *len);
@@ -527,10 +521,14 @@ int name_cmp(const char *name, const char *cmp);
 
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
 								 int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 
+int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
+
 int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
@@ -591,6 +589,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_V2I_GENERAL_NAME			 117
 #define X509V3_F_V2I_GENERAL_NAMES			 118
 #define X509V3_F_V3_GENERIC_EXTENSION			 116
+#define X509V3_F_X509V3_ADD_I2D				 140
 #define X509V3_F_X509V3_ADD_VALUE			 105
 #define X509V3_F_X509V3_EXT_ADD				 104
 #define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
@@ -599,6 +598,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_X509V3_GET_VALUE_BOOL			 110
 #define X509V3_F_X509V3_PARSE_LIST			 109
 #define X509V3_F_X509_PURPOSE_ADD			 137
+#define X509V3_F_X509_PURPOSE_SET			 141
 
 /* Reason codes. */
 #define X509V3_R_BAD_IP_ADDRESS				 118
@@ -607,8 +607,10 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
 #define X509V3_R_DUPLICATE_ZONE_ID			 133
 #define X509V3_R_ERROR_CONVERTING_ZONE			 131
+#define X509V3_R_ERROR_CREATING_EXTENSION		 144
 #define X509V3_R_ERROR_IN_EXTENSION			 128
 #define X509V3_R_EXPECTED_A_SECTION_NAME		 137
+#define X509V3_R_EXTENSION_EXISTS			 145
 #define X509V3_R_EXTENSION_NAME_ERROR			 115
 #define X509V3_R_EXTENSION_NOT_FOUND			 102
 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
@@ -625,6 +627,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
 #define X509V3_R_INVALID_OPTION				 138
 #define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
+#define X509V3_R_INVALID_PURPOSE			 146
 #define X509V3_R_INVALID_SECTION			 135
 #define X509V3_R_INVALID_SYNTAX				 143
 #define X509V3_R_ISSUER_DECODE_ERROR			 126
diff --git a/crypto/openssl/demos/asn1/README.ASN1 b/crypto/openssl/demos/asn1/README.ASN1
new file mode 100644
index 0000000..ac497be
--- /dev/null
+++ b/crypto/openssl/demos/asn1/README.ASN1
@@ -0,0 +1,7 @@
+This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
+do much yet other than demonstrate what the new ASN1 modules might look
+like.
+
+It wont even compile yet: the new code isn't in place.
+
+
diff --git a/crypto/openssl/demos/asn1/ocsp.c b/crypto/openssl/demos/asn1/ocsp.c
new file mode 100644
index 0000000..0199fe1
--- /dev/null
+++ b/crypto/openssl/demos/asn1/ocsp.c
@@ -0,0 +1,366 @@
+/* ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+
+
+
+/* Example of new ASN1 code, OCSP request
+
+	OCSPRequest     ::=     SEQUENCE {
+	    tbsRequest                  TBSRequest,
+	    optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+
+	TBSRequest      ::=     SEQUENCE {
+	    version             [0] EXPLICIT Version DEFAULT v1,
+	    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+	    requestList             SEQUENCE OF Request,
+	    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+
+	Signature       ::=     SEQUENCE {
+	    signatureAlgorithm   AlgorithmIdentifier,
+	    signature            BIT STRING,
+	    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+	Version  ::=  INTEGER  {  v1(0) }
+
+	Request ::=     SEQUENCE {
+	    reqCert                    CertID,
+	    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+
+	CertID ::= SEQUENCE {
+	    hashAlgorithm            AlgorithmIdentifier,
+	    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+	    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
+	    serialNumber       CertificateSerialNumber }
+
+	OCSPResponse ::= SEQUENCE {
+	   responseStatus         OCSPResponseStatus,
+	   responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+
+	OCSPResponseStatus ::= ENUMERATED {
+	    successful            (0),      --Response has valid confirmations
+	    malformedRequest      (1),      --Illegal confirmation request
+	    internalError         (2),      --Internal error in issuer
+	    tryLater              (3),      --Try again later
+					    --(4) is not used
+	    sigRequired           (5),      --Must sign the request
+	    unauthorized          (6)       --Request unauthorized
+	}
+
+	ResponseBytes ::=       SEQUENCE {
+	    responseType   OBJECT IDENTIFIER,
+	    response       OCTET STRING }
+
+	BasicOCSPResponse       ::= SEQUENCE {
+	   tbsResponseData      ResponseData,
+	   signatureAlgorithm   AlgorithmIdentifier,
+	   signature            BIT STRING,
+	   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+	ResponseData ::= SEQUENCE {
+	   version              [0] EXPLICIT Version DEFAULT v1,
+	   responderID              ResponderID,
+	   producedAt               GeneralizedTime,
+	   responses                SEQUENCE OF SingleResponse,
+	   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+
+	ResponderID ::= CHOICE {
+	   byName   [1] Name,    --EXPLICIT
+	   byKey    [2] KeyHash }
+
+	KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+				 --(excluding the tag and length fields)
+
+	SingleResponse ::= SEQUENCE {
+	   certID                       CertID,
+	   certStatus                   CertStatus,
+	   thisUpdate                   GeneralizedTime,
+	   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+	   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+
+	CertStatus ::= CHOICE {
+	    good                [0]     IMPLICIT NULL,
+	    revoked             [1]     IMPLICIT RevokedInfo,
+	    unknown             [2]     IMPLICIT UnknownInfo }
+
+	RevokedInfo ::= SEQUENCE {
+	    revocationTime              GeneralizedTime,
+	    revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+
+	UnknownInfo ::= NULL -- this can be replaced with an enumeration
+
+	ArchiveCutoff ::= GeneralizedTime
+
+	AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
+
+	ServiceLocator ::= SEQUENCE {
+	    issuer    Name,
+	    locator   AuthorityInfoAccessSyntax }
+
+	-- Object Identifiers
+
+	id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+	id-pkix-ocsp                 OBJECT IDENTIFIER ::= { id-ad-ocsp }
+	id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+	id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+	id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+	id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+	id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+	id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+	id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+*/
+
+/* Request Structures */
+
+DECLARE_STACK_OF(Request)
+
+typedef struct {
+	ASN1_INTEGER *version;
+	GENERAL_NAME *requestorName;
+	STACK_OF(Request) *requestList;
+	STACK_OF(X509_EXTENSION) *requestExtensions;
+} TBSRequest;
+
+typedef struct {
+	X509_ALGOR *signatureAlgorithm;
+	ASN1_BIT_STRING *signature;
+	STACK_OF(X509) *certs;
+} Signature;
+
+typedef struct {
+	TBSRequest *tbsRequest;
+	Signature *optionalSignature;
+} OCSPRequest;
+
+typedef struct {
+	X509_ALGOR *hashAlgorithm;
+	ASN1_OCTET_STRING *issuerNameHash;
+	ASN1_OCTET_STRING *issuerKeyHash;
+	ASN1_INTEGER *certificateSerialNumber;
+} CertID;
+
+typedef struct {
+	CertID *reqCert;
+	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+} Request;
+
+/* Response structures */
+
+typedef struct {
+	ASN1_OBJECT *responseType;
+	ASN1_OCTET_STRING *response;
+} ResponseBytes;
+
+typedef struct {
+	ASN1_ENUMERATED *responseStatus;
+	ResponseBytes *responseBytes;
+} OCSPResponse;
+
+typedef struct {
+	int type;
+	union {
+	   X509_NAME *byName;
+	   ASN1_OCTET_STRING *byKey;
+	}d;
+} ResponderID;
+
+typedef struct {
+	   ASN1_INTEGER *version;
+	   ResponderID *responderID;
+	   ASN1_GENERALIZEDTIME *producedAt;
+	   STACK_OF(SingleResponse) *responses;
+	   STACK_OF(X509_EXTENSION) *responseExtensions;
+} ResponseData;
+
+typedef struct {
+	   ResponseData *tbsResponseData;
+	   X509_ALGOR *signatureAlgorithm;
+	   ASN1_BIT_STRING *signature;
+	   STACK_OF(X509) *certs;
+} BasicOCSPResponse;
+
+typedef struct {
+	ASN1_GENERALIZEDTIME *revocationTime;
+	ASN1_ENUMERATED * revocationReason;
+} RevokedInfo;
+
+typedef struct {
+	int type;
+	union {
+	    ASN1_NULL *good;
+	    RevokedInfo *revoked;
+	    ASN1_NULL *unknown;
+	} d;
+} CertStatus;
+
+typedef struct {
+	   CertID *certID;
+	   CertStatus *certStatus;
+	   ASN1_GENERALIZEDTIME *thisUpdate;
+	   ASN1_GENERALIZEDTIME *nextUpdate;
+	   STACK_OF(X509_EXTENSION) *singleExtensions;
+} SingleResponse;
+
+
+typedef struct {
+    X509_NAME *issuer;
+    STACK_OF(ACCESS_DESCRIPTION) *locator;
+} ServiceLocator;
+
+
+/* Now the ASN1 templates */
+
+IMPLEMENT_COMPAT_ASN1(X509);
+IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
+//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
+IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
+IMPLEMENT_COMPAT_ASN1(X509_NAME);
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION);
+	
+
+ASN1_SEQUENCE(Signature) = {
+	ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
+	ASN1_SEQUENCE_OF(Signature, certs, X509)
+} ASN1_SEQUENCE_END(Signature);
+
+ASN1_SEQUENCE(CertID) = {
+	ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CertID);
+
+ASN1_SEQUENCE(Request) = {
+	ASN1_SIMPLE(Request, reqCert, CertID),
+	ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(Request);
+
+ASN1_SEQUENCE(TBSRequest) = {
+	ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
+	ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
+	ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(TBSRequest);
+
+ASN1_SEQUENCE(OCSPRequest) = {
+	ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
+	ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
+} ASN1_SEQUENCE_END(OCSPRequest);
+
+
+/* Response templates */
+
+ASN1_SEQUENCE(ResponseBytes) = {
+	    ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
+	    ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(ResponseBytes);
+
+ASN1_SEQUENCE(OCSPResponse) = {
+	ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
+	ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
+} ASN1_SEQUENCE_END(OCSPResponse);
+
+ASN1_CHOICE(ResponderID) = {
+	   ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
+	   ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(ResponderID);
+
+ASN1_SEQUENCE(RevokedInfo) = {
+	ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
+  	ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(RevokedInfo);
+
+ASN1_CHOICE(CertStatus) = {
+	ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
+	ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
+	ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(CertStatus);
+
+ASN1_SEQUENCE(SingleResponse) = {
+	   ASN1_SIMPLE(SingleResponse, certID, CertID),
+	   ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
+	   ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
+	   ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+	   ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(SingleResponse);
+
+ASN1_SEQUENCE(ResponseData) = {
+	   ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
+	   ASN1_SIMPLE(ResponseData, responderID, ResponderID),
+	   ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
+	   ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
+	   ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(ResponseData);
+
+ASN1_SEQUENCE(BasicOCSPResponse) = {
+	   ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
+	   ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
+	   ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
+	   ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
+} ASN1_SEQUENCE_END(BasicOCSPResponse);
+
diff --git a/crypto/openssl/demos/b64.c b/crypto/openssl/demos/b64.c
index 113da89..efdd444 100644
--- a/crypto/openssl/demos/b64.c
+++ b/crypto/openssl/demos/b64.c
@@ -83,7 +83,6 @@ char **argv;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
@@ -92,7 +91,6 @@ char **argv;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
-        char pname[PROG_NAME_SIZE+1];
 
 
 	apps_startup();
diff --git a/crypto/openssl/demos/bio/saccept.c b/crypto/openssl/demos/bio/saccept.c
index 933d669..40cd4da 100644
--- a/crypto/openssl/demos/bio/saccept.c
+++ b/crypto/openssl/demos/bio/saccept.c
@@ -45,6 +45,11 @@ char *argv[];
 
 	SSL_load_error_strings();
 
+#ifdef WATT32
+	dbug_init();
+	sock_init();
+#endif
+
 	/* Add ciphers and message digests */
 	OpenSSL_add_ssl_algorithms();
 
diff --git a/crypto/openssl/demos/bio/sconnect.c b/crypto/openssl/demos/bio/sconnect.c
index 87b380b..880344e 100644
--- a/crypto/openssl/demos/bio/sconnect.c
+++ b/crypto/openssl/demos/bio/sconnect.c
@@ -32,6 +32,11 @@ char *argv[];
 	else
 		host=argv[1];
 
+#ifdef WATT32
+	dbug_init();
+	sock_init();
+#endif
+
 	/* Lets get nice error messages */
 	SSL_load_error_strings();
 
diff --git a/crypto/openssl/demos/easy_tls/Makefile b/crypto/openssl/demos/easy_tls/Makefile
new file mode 100644
index 0000000..2080700
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/Makefile
@@ -0,0 +1,123 @@
+# Makefile for easy-tls example application (rudimentary client and server)
+# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $
+
+SOLARIS_CFLAGS=-Wall -pedantic -g -O2
+SOLARIS_LIBS=-lxnet
+
+LINUX_CFLAGS=-Wall -pedantic -g -O2
+LINUX_LIBS=
+
+
+auto-all:
+	case `uname -s` in \
+	SunOS) echo Using SunOS configuration; \
+	  make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \
+	Linux) echo Using Linux configuration; \
+	  make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \
+	*) echo "unknown system"; exit 1;; \
+	esac
+
+all: test TAGS
+
+# For adapting this Makefile to a different system, only the following
+# definitions should need customizing:
+
+OPENSSLDIR=../..
+CC=gcc
+
+SYSCFLAGS=whatever
+SYSLIBS=whatever
+
+
+#############################################################################
+#
+# SSLeay/OpenSSL imports
+#
+# OPENSSLDIR (set above) can be either the directory where OpenSSL is
+# installed or the directory where it was compiled.
+
+# We rely on having a new OpenSSL release where include files
+# have names like <openssl/ssl.h> (not just <ssl.h>).
+OPENSSLINCLUDES=-I$(OPENSSLDIR)/include
+
+# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is
+# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed
+# library.  With the following definition, we can handle either case.
+OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto
+
+
+#############################################################################
+#
+# Stuff for handling the source files
+#
+
+SOURCES=easy-tls.c test.c
+HEADERS=easy-tls.h test.h
+DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem
+EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)
+
+ls: ls-l
+ls-l:
+	ls -l $(EVERYTHING)
+# For RCS:
+tag:
+	-rcs -n_`date +%y%m%d`: $(EVERYTHING)
+	rcs -nMYTAG $(EVERYTHING)
+	rcs -nMYTAG: $(EVERYTHING)
+diff:
+	-rcsdiff -rMYTAG -u $(EVERYTHING)
+today:
+	-rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)
+ident:
+	for a in $(EVERYTHING); do ident $$a; done
+
+# Distribution .tar:
+easy-tls.tar.gz: $(EVERYTHING)
+	tar cvf - $(EVERYTHING) | \
+	gzip -9 > easy-tls.tar.gz
+
+# Working .tar:
+tls.tgz: $(EVERYTHING)
+	tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \
+	gzip -9 > tls.tgz
+
+# For emacs:
+etags: TAGS
+TAGS: $(SOURCES) $(HEADERS)
+	-etags $(SOURCES) $(HEADERS)
+
+
+#############################################################################
+#
+# Compilation
+#
+# The following definitions are system dependent (and hence defined
+# at the beginning of this Makefile, where they are more easily found):
+
+### CC=gcc
+### SYSCFLAGS=-Wall -pedantic -g -O2
+### SYSLIBS=-lxnet
+
+EXTRACFLAGS=-DTLS_APP=\"test.h\"
+# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS
+
+#
+# The rest shouldn't need to be touched.
+#
+LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)
+INCLUDES=$(OPENSSLINCLUDES)
+CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)
+
+OBJS=easy-tls.o test.o
+
+clean:
+	@rm -f test
+	@rm -f TAGS
+	@rm -f *.o
+	@rm -f core
+
+test: $(OBJS)
+	$(CC) $(OBJS) $(LDFLAGS) -o test
+
+test.o: $(HEADERS)
+easy-tls.o: $(HEADERS)
diff --git a/crypto/openssl/demos/easy_tls/README b/crypto/openssl/demos/easy_tls/README
new file mode 100644
index 0000000..816a580
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/README
@@ -0,0 +1,65 @@
+easy_tls - generic SSL/TLS proxy
+========
+
+(... and example for non-blocking SSL/TLS I/O multiplexing.)
+
+
+  easy_tls.c, easy_tls.h:
+
+     Small generic SSL/TLS proxy library: With a few function calls,
+     an application socket will be replaced by a pipe handled by a
+     separate SSL/TLS proxy process.  This allows easily adding
+     SSL/TLS support to many programs not originally designed for it.
+
+     [Actually easy_tls.c is not a proper library: Customization
+     requires defining preprocessor macros while compiling it.
+     This is quite confusing, so I'll probably change it.]
+
+     These files may be used under the OpenSSL license.
+
+
+
+  test.c, test.h, Makefile, cert.pem, cacerts.pem:
+
+     Rudimentary example program using the easy_tls library, and
+     example key and certificates for it.  Usage examples:
+
+       $ ./test 8443     # create server listening at port 8443
+       $ ./test 127.0.0.1 8443  # create client, connect to port 8443
+                                # at IP address 127.0.0.1
+
+     'test' will not automatically do SSL/TLS, or even read or write
+     data -- it must be told to do so on input lines starting
+     with a command letter.  'W' means write a line, 'R' means
+     read a line, 'C' means close the connection, 'T' means
+     start an SSL/TLS proxy.  E.g. (user input tagged with '*'):
+
+     * R
+       <<< 220 mail.example.net
+     * WSTARTTLS
+       >>> STARTTLS
+     * R
+       <<< 220 Ready to start TLS
+     * T
+       test_process_init(fd = 3, client_p = 1, apparg = (nil))
+       +++ `E:self signed certificate in certificate chain'
+       +++ `<... certificate info ...>'
+     * WHELO localhost
+       >>> HELO localhost
+       R
+       <<< 250 mail.example.net
+
+     You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
+     'T' multiple times.  I have no idea why you would want to though.
+
+
+This code is rather old.  When I find time I will update anything that
+should be changed, and improve code comments.  To compile the sample
+program 'test' on platforms other then Linux or Solaris, you will have
+to edit the Makefile.
+
+As noted above, easy_tls.c will be changed to become a library one
+day, which means that future revisions will not be fully compatible to
+the current version.
+
+Bodo Möller <bodo@openssl.org>
diff --git a/crypto/openssl/demos/easy_tls/cacerts.pem b/crypto/openssl/demos/easy_tls/cacerts.pem
new file mode 100644
index 0000000..acc70ba
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/cacerts.pem
@@ -0,0 +1,18 @@
+$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/demos/easy_tls/cert.pem b/crypto/openssl/demos/easy_tls/cert.pem
new file mode 100644
index 0000000..364fe10
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/cert.pem
@@ -0,0 +1,31 @@
+$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
+
+Example certificate and key.
+
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF
+MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF
+AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL
+tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3
+DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco
+9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9
+MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68
+/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2
+ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB
+AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU
+4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP
+I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri
+dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM
+D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC
+Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06
+5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB
+AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft
+JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08
+Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/easy_tls/easy-tls.c b/crypto/openssl/demos/easy_tls/easy-tls.c
new file mode 100644
index 0000000..9c1d982
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/easy-tls.c
@@ -0,0 +1,1240 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+/*
+ * easy-tls.c -- generic TLS proxy.
+ * $Id: easy-tls.c,v 1.2.2.2 2002/03/05 09:06:57 bodo Exp $
+ */
+/*
+ (c) Copyright 1999 Bodo Moeller.  All rights reserved.
+
+ This is free software; you can redistributed and/or modify it
+ unter the terms of either
+   -  the GNU General Public License as published by the
+      Free Software Foundation, version 1, or (at your option)
+      any later version,
+ or
+   -  the following license:
+*/
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that each of the following
+ * conditions is met:
+ *
+ * 1. Redistributions qualify as "freeware" or "Open Source Software" under
+ *    one of the following terms:
+ * 
+ *    (a) Redistributions are made at no charge beyond the reasonable cost of
+ *        materials and delivery.
+ * 
+ *    (b) Redistributions are accompanied by a copy of the Source Code
+ *        or by an irrevocable offer to provide a copy of the Source Code
+ *        for up to three years at the cost of materials and delivery.
+ *        Such redistributions must allow further use, modification, and
+ *        redistribution of the Source Code under substantially the same
+ *        terms as this license.
+ *
+ * 2. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 3. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 4. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by Bodo Moeller."
+ *    (If available, substitute umlauted o for oe.)
+ *
+ * 5. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by Bodo Moeller."
+ *
+ * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BODO MOELLER OR
+ * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Attribution for OpenSSL library:
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ * This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
+ */
+
+static char const rcsid[] =
+"$Id: easy-tls.c,v 1.2.2.2 2002/03/05 09:06:57 bodo Exp $";
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <unistd.h>
+
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/opensslv.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#ifndef NO_RSA
+ #include <openssl/rsa.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
+# error "This program needs OpenSSL 0.9.4 or later."
+#endif
+
+#include "easy-tls.h" /* include after <openssl/ssl.h> if both are needed */
+
+#if TLS_INFO_SIZE > PIPE_BUF
+# if PIPE_BUF < 512
+#  error "PIPE_BUF < 512" /* non-POSIX */
+# endif
+# error "TLS_INFO_SIZE > PIPE_BUF"
+#endif
+
+/*****************************************************************************/
+
+#ifdef TLS_APP
+# include TLS_APP
+#endif
+
+/* Applications can define:
+ *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
+ *   TLS_CUMULATE_ERRORS 
+ *   TLS_ERROR_BUFSIZ
+ *   TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
+ */
+
+#ifndef TLS_APP_PROCESS_INIT
+# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
+#endif
+
+#ifndef TLS_ERROR_BUFSIZ
+# define TLS_ERROR_BUFSIZ (10*160)
+#endif
+#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */
+# error "TLS_ERROR_BUFSIZE is too small."
+#endif
+
+#ifndef TLS_APP_ERRFLUSH
+# define TLS_APP_ERRFLUSH tls_app_errflush
+static void
+tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+    fputs(errbuf, stderr);
+}
+#endif
+
+/*****************************************************************************/
+
+#ifdef DEBUG_TLS
+# define DEBUG_MSG(x) fprintf(stderr,"  %s\n",x)
+# define DEBUG_MSG2(x,y) fprintf(stderr, "  %s: %d\n",x,y)
+static int tls_loop_count = 0;
+static int tls_select_count = 0;
+#else
+# define DEBUG_MSG(x) (void)0
+# define DEBUG_MSG2(x,y) (void)0
+#endif
+
+static void tls_rand_seed_uniquely(void);
+static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p);
+static int tls_socket_nonblocking(int fd);
+
+static int tls_child_p = 0;
+static void *tls_child_apparg;
+
+
+struct tls_start_proxy_args
+tls_start_proxy_defaultargs(void)
+{
+    struct tls_start_proxy_args ret;
+
+    ret.fd = -1;
+    ret.client_p = -1;
+    ret.ctx = NULL;
+    ret.pid = NULL;
+    ret.infofd = NULL;
+    
+    return ret;
+}
+
+/* Slice in TLS proxy process at fd.
+ * Return value:
+ *   0    ok  (*pid is set to child's PID if pid != NULL),
+ *   < 0  look at errno
+ *   > 0  other error
+ *   (return value encodes place of error)
+ *
+ */
+int
+tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
+{
+    int fds[2] = {-1, -1};
+    int infofds[2] = {-1, -1};
+    int r, getfd, getfl;
+    int ret;
+
+    DEBUG_MSG2("tls_start_proxy fd", a.fd);
+    DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
+
+    if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
+	return 1;
+
+    if (a.pid != NULL) {
+	*a.pid = 0;
+    }
+    if (a.infofd != NULL) {
+	*a.infofd = -1;
+    }
+
+    r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
+    if (r == -1)
+	return -1;
+    if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
+	ret = 2;
+	goto err;
+    }
+    if (a.infofd != NULL) {
+	r = pipe(infofds);
+	if (r == -1) {
+	    ret = -3;
+	    goto err;
+	}
+    }
+
+    r = fork();
+    if (r == -1) {
+	ret = -4;
+	goto err;
+    }
+    if (r == 0) {
+	DEBUG_MSG("fork");
+	tls_child_p = 1;
+	tls_child_apparg = apparg;
+	close(fds[1]);
+	if (infofds[0] != -1)
+	    close(infofds[0]);
+	TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
+	DEBUG_MSG("TLS_APP_PROCESS_INIT");
+	tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
+	exit(0);
+    }
+    if (a.pid != NULL)
+	*a.pid = r;
+    if (infofds[1] != -1) {
+	close(infofds[1]);
+	infofds[1] = -1;
+    }
+    /* install fds[1] in place of fd: */
+    close(fds[0]);
+    fds[0] = -1;
+    getfd = fcntl(a.fd, F_GETFD);
+    getfl = fcntl(a.fd, F_GETFL);
+    r = dup2(fds[1], a.fd);
+    close(fds[1]);
+    fds[1] = -1;
+    if (r == -1) {
+	ret = -5;
+	goto err;
+    }
+    if (getfd != 1)
+	fcntl(a.fd, F_SETFD, getfd);
+    if (getfl & O_NONBLOCK)
+	(void)tls_socket_nonblocking(a.fd);
+    if (a.infofd != NULL)
+	*a.infofd = infofds[0];
+    return 0;
+    
+  err:
+    if (fds[0] != -1)
+	close(fds[0]);
+    if (fds[1] != -1)
+	close(fds[1]);
+    if (infofds[0] != -1)
+	close(infofds[0]);
+    if (infofds[1] != -1)
+	close(infofds[1]);
+    return ret;
+}
+
+/*****************************************************************************/
+
+static char errbuf[TLS_ERROR_BUFSIZ];
+static size_t errbuf_i = 0;
+
+static void
+tls_errflush(void *apparg)
+{
+    if (errbuf_i == 0)
+	return;
+    
+    assert(errbuf_i < sizeof errbuf);
+    assert(errbuf[errbuf_i] == 0);
+    if (errbuf_i == sizeof errbuf - 1) {
+	/* make sure we have a newline, even if string has been truncated */
+	errbuf[errbuf_i - 1] = '\n';
+    }
+
+    /* TLS_APP_ERRFLUSH may modify the string as needed,
+     * e.g. substitute other characters for \n for convenience */
+    TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
+
+    errbuf_i = 0;
+}
+
+static void
+tls_errprintf(int flush, void *apparg, const char *fmt, ...)
+{
+    va_list args;
+    int r;
+    
+    if (errbuf_i < sizeof errbuf - 1) {
+	size_t n;
+
+	va_start(args, fmt);
+	n = (sizeof errbuf) - errbuf_i;
+	r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
+	if (r >= n)
+	    r = n - 1;
+	if (r >= 0) {
+	    errbuf_i += r;
+	} else {
+	    errbuf_i = sizeof errbuf - 1;
+	    errbuf[errbuf_i] = '\0';
+	}
+	assert(errbuf_i < sizeof errbuf);
+	assert(errbuf[errbuf_i] == 0);
+    }
+#ifndef TLS_CUMULATE_ERRORS
+    tls_errflush(apparg);
+#else
+    if (flush)
+	tls_errflush(apparg);
+#endif
+}
+
+/* app_prefix.. are for additional information provided by caller.
+ * If OpenSSL error queue is empty, print default_text ("???" if NULL).
+ */
+static char *
+tls_openssl_errors(const char *app_prefix_1, const char *app_prefix_2, const char *default_text, void *apparg)
+{
+    static char reasons[255];
+    size_t reasons_i;
+    unsigned long err;
+    const char *file;
+    int line;
+    const char *data;
+    int flags;
+    char *errstring;
+    int printed_something = 0;
+    
+    reasons_i = 0;
+
+    assert(app_prefix_1 != NULL);
+    assert(app_prefix_2 != NULL);
+
+    if (default_text == NULL)
+	default_text = "?""?""?";
+    
+    while ((err = ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) {
+	if (reasons_i < sizeof reasons) {
+	    size_t n;
+	    int r;
+
+	    n = (sizeof reasons) - reasons_i;
+	    r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err));
+	    if (r >= n)
+		r = n - 1;
+	    if (r >= 0) {
+		reasons_i += r;
+	    } else {
+		reasons_i = sizeof reasons;
+	    }
+	    assert(reasons_i <= sizeof reasons);
+	}
+	
+	errstring = ERR_error_string(err, NULL);
+	assert(errstring != NULL);
+	tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", app_prefix_1, app_prefix_2, errstring, file, line, (flags & ERR_TXT_STRING) ? data : "");
+	printed_something = 1;
+    }
+
+    if (!printed_something) {
+	assert(reasons_i == 0);
+	snprintf(reasons, sizeof reasons, "%s", default_text);
+	tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text);
+    }
+
+#ifdef TLS_CUMULATE_ERRORS    
+    tls_errflush(apparg);
+#endif
+    assert(errbuf_i == 0);
+
+    return reasons;
+}
+
+/*****************************************************************************/
+
+static int tls_init_done = 0;
+
+static int
+tls_init(void *apparg)
+{
+    if (tls_init_done)
+	return 0;
+    
+    SSL_load_error_strings();
+    if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
+	tls_errprintf(1, apparg, "SSL_library_init failed.\n");
+	return -1;
+    }
+    tls_init_done = 1;
+    tls_rand_seed();
+    return 0;
+}
+
+/*****************************************************************************/
+
+static void
+tls_rand_seed_uniquely(void)
+{
+    struct {
+	pid_t pid;
+	time_t time;
+	void *stack;
+    } data;
+
+    data.pid = getpid();
+    data.time = time(NULL);
+    data.stack = (void *)&data;
+
+    RAND_seed((const void *)&data, sizeof data);
+}
+
+void
+tls_rand_seed(void)
+{
+    struct {
+	struct utsname uname;
+	int uname_1;
+	int uname_2;
+	uid_t uid;
+	uid_t euid;
+	gid_t gid;
+	gid_t egid;
+    } data;
+    
+    data.uname_1 = uname(&data.uname);
+    data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */
+
+    data.uid = getuid();
+    data.euid = geteuid();
+    data.gid = getgid();
+    data.egid = getegid();
+    
+    RAND_seed((const void *)&data, sizeof data);
+    tls_rand_seed_uniquely();
+}
+
+static int tls_rand_seeded_p = 0;
+
+#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */
+int
+tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
+{
+    /* Seed OpenSSL's random number generator from file.
+       Try to read n bytes if n > 0, whole file if n == 0. */
+
+    int r;
+
+    if (tls_init(apparg) == -1)
+	return -1;
+    tls_rand_seed();
+
+    r = RAND_load_file(filename, (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
+    /* r is the number of bytes filled into the random number generator,
+     * which are taken from "stat(filename, ...)" in addition to the
+     * file contents.
+     */
+    assert(1 < my_MIN_SEED_BYTES);
+    /* We need to detect at least those cases when the file does not exist
+     * at all.  With current versions of OpenSSL, this should do it: */
+    if (n == 0)
+	n = my_MIN_SEED_BYTES;
+    if (r < n) {
+	tls_errprintf(1, apparg, "rand_seed_from_file: could not read %d bytes from %s.\n", n, filename);
+	return -1;
+    } else {
+	tls_rand_seeded_p = 1;
+	return 0;
+    }
+}
+
+void
+tls_rand_seed_from_memory(const void *buf, size_t n)
+{
+    size_t i = 0;
+    
+    while (i < n) {
+	size_t rest = n - i;
+	int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
+	RAND_seed((const char *)buf + i, chunk);
+	i += chunk;
+    }
+    tls_rand_seeded_p = 1;
+}
+
+
+/*****************************************************************************/
+
+struct tls_x509_name_string {
+    char str[100];
+};
+
+static void
+tls_get_x509_subject_name_oneline(X509 *cert, struct tls_x509_name_string *namestring)
+{
+    X509_NAME *name;
+
+    if (cert == NULL) {
+	namestring->str[0] = '\0';
+	return;
+    }
+    
+    name = X509_get_subject_name(cert); /* does not increment any reference counter */
+
+    assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
+    
+    if (name == NULL) {
+	namestring->str[0] = '?';
+	namestring->str[1] = 0;
+    } else {
+	size_t len;
+
+	X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
+	len = strlen(namestring->str);
+	assert(namestring->str[len] == 0);
+	assert(len < sizeof namestring->str);
+
+	if (len+1 == sizeof namestring->str) {
+	    /* (Probably something was cut off.)
+	     * Does not really work -- X509_NAME_oneline truncates after
+	     * name components, we cannot tell from the result whether
+	     * anything is missing. */
+
+	    assert(namestring->str[len] == 0);
+	    namestring->str[--len] = '.';
+	    namestring->str[--len] = '.';
+	    namestring->str[--len] = '.';
+	}
+    }
+}
+
+/*****************************************************************************/
+
+/* to hinder OpenSSL from asking for passphrases */
+static int
+no_passphrase_callback(char *buf, int num, int w, void *arg)
+{
+    return -1;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+static int
+verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
+#else
+static int
+verify_dont_fail_cb(X509_STORE_CTX *c)
+#endif
+{
+    int i;
+    
+    i = X509_verify_cert(c); /* sets c->error */
+#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
+					   * certificates -- they could
+					   * survive session reuse, but
+					   * OpenSSL < 0.9.5-dev does not
+					   * preserve their verify_result */
+    if (i == 0)
+	return 1;
+    else
+#endif
+	return i;
+}
+
+static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it just once */
+
+void
+tls_set_dhe1024(int i, void *apparg)
+{
+    DSA *dsaparams;
+    DH *dhparams;
+    const char *seed[] = { ";-)  :-(  :-)  :-(  ",
+			   ";-)  :-(  :-)  :-(  ",
+			   "Random String no. 12",
+			   ";-)  :-(  :-)  :-(  ",
+			   "hackers have even mo", /* from jargon file */
+    };
+    unsigned char seedbuf[20];
+    
+    tls_init(apparg);
+    if (i >= 0) {
+	i %= sizeof seed / sizeof seed[0];
+	assert(strlen(seed[i]) == 20);
+	memcpy(seedbuf, seed[i], 20);
+	dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
+    } else {
+	/* random parameters (may take a while) */
+	dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+    }
+    
+    if (dsaparams == NULL) {
+	tls_openssl_errors("", "", NULL, apparg);
+	return;
+    }
+    dhparams = DSA_dup_DH(dsaparams);
+    DSA_free(dsaparams);
+    if (dhparams == NULL) {
+	tls_openssl_errors("", "", NULL, apparg);
+	return;
+    }
+    if (tls_dhe1024 != NULL)
+	DH_free(tls_dhe1024);
+    tls_dhe1024 = dhparams;
+}
+
+struct tls_create_ctx_args
+tls_create_ctx_defaultargs(void)
+{
+	struct tls_create_ctx_args ret;
+
+	ret.client_p = 0;
+	ret.certificate_file = NULL;
+	ret.key_file = NULL;
+	ret.ca_file = NULL;
+	ret.verify_depth = -1;
+	ret.fail_unless_verified = 0;
+	ret.export_p = 0;
+
+	return ret;
+}
+
+SSL_CTX *
+tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
+{
+    int r;
+    static long context_num = 0;
+    SSL_CTX *ret;
+    const char *err_pref_1 = "", *err_pref_2 = "";
+    
+    if (tls_init(apparg) == -1)
+	return NULL;
+
+    ret = SSL_CTX_new((a.client_p? SSLv23_client_method:SSLv23_server_method)());
+
+    if (ret == NULL)
+	goto err;
+
+    SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
+    SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
+    
+    if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
+	if (a.key_file == NULL) {
+	    tls_errprintf(1, apparg, "Need a key file.\n");
+	    goto err_return;
+	}
+	if (a.certificate_file == NULL) {
+	    tls_errprintf(1, apparg, "Need a certificate chain file.\n");
+	    goto err_return;
+	}
+	
+	if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
+	    goto err;
+	if (!tls_rand_seeded_p) {
+	    /* particularly paranoid people may not like this --
+	     * so provide your own random seeding before calling this */
+	    if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
+		goto err_return;
+	}
+	if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
+	    goto err;
+	if (!SSL_CTX_check_private_key(ret)) {
+	    tls_errprintf(1, apparg, "Private key \"%s\" does not match certificate \"%s\".\n", a.key_file, a.certificate_file);
+	    goto err_peek;
+	}
+    }
+    
+    if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
+	context_num++;
+	r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, (unsigned int)sizeof context_num);
+	if (!r)
+	    goto err;
+	
+	SSL_CTX_set_verify(ret, SSL_VERIFY_PEER | (a.fail_unless_verified ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), 0);
+	if (!a.fail_unless_verified)
+	    SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
+	    
+	if (a.verify_depth > 0)
+	    SSL_CTX_set_verify_depth(ret, a.verify_depth);
+	
+	if (a.ca_file != NULL) {
+	    r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */
+	    if (!r) {
+		err_pref_1 = " while processing certificate file ";
+		err_pref_2 = a.ca_file;
+		goto err;
+	    }
+	    
+	    if (!a.client_p) {
+		/* SSL_load_client_CA_file is a misnomer, it just creates a list of CNs. */
+		SSL_CTX_set_client_CA_list(ret, SSL_load_client_CA_file(a.ca_file));
+		/* SSL_CTX_set_client_CA_list does not have a return value;
+		 * it does not really need one, but make sure
+		 * (we really test if SSL_load_client_CA_file worked) */
+		if (SSL_CTX_get_client_CA_list(ret) == NULL) {
+		    tls_errprintf(1, apparg, "Could not set client CA list from \"%s\".\n", a.ca_file);
+		    goto err_peek;
+		}
+	    }
+	}
+    }
+    
+    if (!a.client_p) {
+	if (tls_dhe1024 == NULL) {
+	    int i;
+
+	    RAND_bytes((unsigned char *) &i, sizeof i);
+	    /* make sure that i is non-negative -- pick one of the provided
+	     * seeds */
+	    if (i < 0)
+		i = -i;
+	    if (i < 0)
+		i = 0;
+	    tls_set_dhe1024(i, apparg);
+	    if (tls_dhe1024 == NULL)
+		goto err_return;
+	}
+	
+	if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
+	    goto err;
+
+	/* avoid small subgroup attacks: */
+	SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
+    }
+	
+#ifndef NO_RSA
+    if (!a.client_p && a.export_p) {
+	RSA *tmpkey;
+
+	tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
+	if (tmpkey == NULL)
+	    goto err;
+	if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
+	    RSA_free(tmpkey);
+	    goto err;
+	}
+	RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
+    }
+#endif
+	
+    return ret;
+    
+ err_peek:
+    if (!ERR_peek_error())
+	goto err_return;
+ err:
+    tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
+ err_return:
+    if (ret != NULL)
+	SSL_CTX_free(ret);
+    return NULL;
+}
+
+
+/*****************************************************************************/
+
+static int
+tls_socket_nonblocking(int fd)
+{
+    int v, r;
+
+    v = fcntl(fd, F_GETFL, 0);
+    if (v == -1) {
+	if (errno == EINVAL)
+	    return 0; /* already shut down -- ignore */
+	return -1;
+    }
+    r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
+    if (r == -1) {
+	if (errno == EINVAL)
+	    return 0; /* already shut down -- ignore */
+	return -1;
+    }
+    return 0;
+}
+
+static int
+max(int a, int b)
+{
+    return a > b ? a : b;
+}
+
+static void
+tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, int write_select_2, int seconds /* timeout, -1 means no timeout */)
+{
+    int maxfd, n;
+    fd_set reads, writes;
+    struct timeval timeout;
+    struct timeval *timeout_p;
+    
+    assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 && write_select_2 >= -1);
+    assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE -1 && write_select_1 < FD_SETSIZE -1 && write_select_2 < FD_SETSIZE -1);
+
+    maxfd = max(max(read_select_1, read_select_2), max(write_select_1, write_select_2));
+    assert(maxfd >= 0);
+
+    FD_ZERO(&reads);
+    FD_ZERO(&writes);
+    
+    for(n = 0; n < 4; ++n) {
+	int i = n % 2;
+	int w = n >= 2;
+	/* loop over all (i, w) in {0,1}x{0,1} */
+	int fd;
+	
+	if (i == 0 && w == 0)
+	    fd = read_select_1;
+	else if (i == 1 && w == 0)
+	    fd = read_select_2;
+	else if (i == 0 && w == 1)
+	    fd = write_select_1;
+	else {
+	    assert(i == 1 && w == 1);
+	    fd = write_select_2;
+	}
+	
+	if (fd >= 0) {
+	    if (w == 0)
+		FD_SET(fd, &reads);
+	    else /* w == 1 */
+		FD_SET(fd, &writes);
+	}
+    }
+
+    if (seconds >= 0) {
+	timeout.tv_sec = seconds;
+	timeout.tv_usec = 0;
+	timeout_p = &timeout;
+    } else 
+	timeout_p = NULL;
+
+    DEBUG_MSG2("select no.", ++tls_select_count);
+    select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
+    DEBUG_MSG("cont.");
+}
+
+/*****************************************************************************/
+
+#define TUNNELBUFSIZE (16*1024)
+struct tunnelbuf {
+    char buf[TUNNELBUFSIZE];
+    size_t len;
+    size_t offset;
+};
+
+static int tls_connect_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int tls_accept_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
+
+static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
+
+static void write_info(SSL *ssl, int *info_fd)
+{
+    if (*info_fd != -1) {
+	long v;
+	int v_ok;
+	struct tls_x509_name_string peer;
+	char infobuf[TLS_INFO_SIZE];
+	int r;
+
+	DEBUG_MSG("write_info");
+	v = SSL_get_verify_result(ssl);
+	v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
+	{
+	    X509 *peercert;
+
+	    peercert = SSL_get_peer_certificate(ssl);
+	    tls_get_x509_subject_name_oneline(peercert, &peer);
+	    if (peercert != NULL)
+		X509_free(peercert);
+	}
+	if (peer.str[0] == '\0')
+	    v_ok = '0'; /* no cert at all */
+	else
+	    if (strchr(peer.str, '\n')) {
+		/* should not happen, but make sure */
+		*strchr(peer.str, '\n') = '\0';
+	    }
+	r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str);
+	DEBUG_MSG2("snprintf", r);
+	if (r == -1 || r >= sizeof infobuf)
+	    r = sizeof infobuf - 1;
+	write(*info_fd, infobuf, r);
+	close (*info_fd);
+	*info_fd = -1;
+    }
+}
+
+
+/* tls_proxy expects that all fds are closed after return */
+static void
+tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
+{
+    struct tunnelbuf clear_to_tls, tls_to_clear;
+    SSL *ssl;
+    BIO *rbio, *wbio;
+    int closed, in_handshake;
+    const char *err_pref_1 = "", *err_pref_2 = "";
+    const char *err_def = NULL;
+
+    assert(clear_fd != -1);
+    assert(tls_fd != -1);
+    assert(clear_fd < FD_SETSIZE);
+    assert(tls_fd < FD_SETSIZE);
+    /* info_fd may be -1 */
+    assert(ctx != NULL);
+
+    tls_rand_seed_uniquely();
+
+    tls_socket_nonblocking(clear_fd);
+    DEBUG_MSG2("clear_fd", clear_fd);
+    tls_socket_nonblocking(tls_fd);
+    DEBUG_MSG2("tls_fd", tls_fd);
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+	goto err;
+    DEBUG_MSG("SSL_new");
+    if (!SSL_set_fd(ssl, tls_fd))
+	goto err;
+    rbio = SSL_get_rbio(ssl);
+    wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */
+    assert(rbio != NULL);
+    assert(wbio != NULL);
+    if (client_p)
+	SSL_set_connect_state(ssl);
+    else
+	SSL_set_accept_state(ssl);
+    
+    closed = 0;
+    in_handshake = 1;
+    tls_to_clear.len = 0;
+    tls_to_clear.offset = 0;
+    clear_to_tls.len = 0;
+    clear_to_tls.offset = 0;
+
+    err_def = "I/O error";
+    
+    /* loop finishes as soon as we detect that one side closed;
+     * when all (program and OS) buffers have enough space,
+     * the data from the last succesful read in each direction is transferred
+     * before close */
+    do {
+	int clear_read_select = 0, clear_write_select = 0,
+	    tls_read_select = 0, tls_write_select = 0,
+	    progress = 0;
+	int r;
+	unsigned long num_read = BIO_number_read(rbio),
+	    num_written = BIO_number_written(wbio);
+
+	DEBUG_MSG2("loop iteration", ++tls_loop_count);
+
+	if (in_handshake) {
+	    DEBUG_MSG("in_handshake");
+	    if (client_p)
+		r = tls_connect_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+	    else
+		r = tls_accept_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+	    if (r != 0) {
+		write_info(ssl, &info_fd);
+		goto err;
+	    }
+	    if (closed)
+		goto err_return;
+	    if (!SSL_in_init(ssl)) {
+		in_handshake = 0;
+		write_info(ssl, &info_fd);
+	    }
+	}
+	
+	if (clear_to_tls.len != 0 && !in_handshake) {
+	    assert(!closed);
+	    
+	    r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+	    if (r != 0)
+		goto err;
+	    if (closed) {
+		assert(progress);
+		tls_to_clear.offset = 0;
+		tls_to_clear.len = 0;
+	    }
+	}
+	
+	if (tls_to_clear.len != 0) {
+	    assert(!closed);
+
+	    r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, &closed, &progress);
+	    if (r != 0)
+		goto err_return;
+	    if (closed) {
+		assert(progress);
+		clear_to_tls.offset = 0;
+		clear_to_tls.len = 0;
+	    }
+	}
+	
+	if (!closed) {
+	    if (clear_to_tls.offset + clear_to_tls.len < sizeof clear_to_tls.buf) {
+		r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress);
+		if (r != 0)
+		    goto err_return;
+		if (closed) {
+		    r = SSL_shutdown(ssl);
+		    DEBUG_MSG2("SSL_shutdown", r);
+		}
+	    }
+	}
+	
+	if (!closed && !in_handshake) {
+	    if (tls_to_clear.offset + tls_to_clear.len < sizeof tls_to_clear.buf) {
+		r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+		if (r != 0)
+		    goto err;
+		if (closed) {
+		    r = SSL_shutdown(ssl);
+		    DEBUG_MSG2("SSL_shutdown", r);
+		}
+	    }
+	}
+
+	if (!progress) {
+	    DEBUG_MSG("!progress?");
+	    if (num_read != BIO_number_read(rbio) || num_written != BIO_number_written(wbio))
+		progress = 1;
+
+	    if (!progress) {
+		DEBUG_MSG("!progress");
+		assert(clear_read_select || tls_read_select || clear_write_select || tls_write_select);
+		tls_sockets_select(clear_read_select ? clear_fd : -1, tls_read_select ? tls_fd : -1, clear_write_select ? clear_fd : -1, tls_write_select ? tls_fd : -1, -1);
+	    }
+	}
+    } while (!closed);
+    return;
+
+ err:
+    tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
+ err_return:
+    return;
+}
+
+
+static int
+tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, int *closed, int *progress)
+{
+    int err = SSL_get_error(ssl, r);
+
+    if (err == SSL_ERROR_NONE) {
+	assert(r > 0);
+	*progress = 1;
+	return 0;
+    }
+
+    assert(r <= 0);
+
+    switch (err) {
+    case SSL_ERROR_ZERO_RETURN:
+	assert(r == 0);
+	*closed = 1;
+	*progress = 1;
+	return 0;
+
+    case SSL_ERROR_WANT_WRITE:
+	*write_select = 1;
+	return 0;
+	
+    case SSL_ERROR_WANT_READ:
+	*read_select = 1;
+	return 0;
+    }
+
+    return -1;
+}
+
+static int
+tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_connect_attempt");
+    n = SSL_connect(ssl);
+    DEBUG_MSG2("SSL_connect",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (r == -1)
+	*err_pref = " during SSL_connect";
+    return r;
+}
+
+static int
+tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_accept_attempt");
+    n = SSL_accept(ssl);
+    DEBUG_MSG2("SSL_accept",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (r == -1)
+	*err_pref = " during SSL_accept";
+    return r;
+}
+
+static int
+tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_write_attempt");
+    n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
+    DEBUG_MSG2("SSL_write",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (n > 0) {
+	buf->len -= n;
+	assert(buf->len >= 0);
+	if (buf->len == 0)
+	    buf->offset = 0;
+	else
+	    buf->offset += n;
+    }
+    if (r == -1)
+	*err_pref = " during SSL_write";
+    return r;
+}
+
+static int
+tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+    size_t total;
+
+    DEBUG_MSG("tls_read_attempt");
+    total = buf->offset + buf->len;
+    assert(total < sizeof buf->buf);
+    n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
+    DEBUG_MSG2("SSL_read",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (n > 0) {
+	buf->len += n;
+	assert(buf->offset + buf->len <= sizeof buf->buf);
+    }
+    if (r == -1)
+	*err_pref = " during SSL_read";
+    return r;
+}
+
+static int
+get_error(int r, int *select, int *closed, int *progress)
+{
+    if (r >= 0) {
+	*progress = 1;
+	if (r == 0)
+	    *closed = 1;
+	return 0;
+    } else {
+	assert(r == -1);
+	if (errno == EAGAIN || errno == EWOULDBLOCK) {
+	    *select = 1;
+	    return 0;
+	} else if (errno == EPIPE) {
+	    *progress = 1;
+	    *closed = 1;
+	    return 0;
+	} else
+	    return -1;
+    }
+}
+
+static int write_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
+{
+    int n, r;
+
+    DEBUG_MSG("write_attempt");
+    n = write(fd, buf->buf + buf->offset, buf->len);
+    DEBUG_MSG2("write",n);
+    r = get_error(n, select, closed, progress);
+    if (n > 0) {
+	buf->len -= n;
+	assert(buf->len >= 0);
+	if (buf->len == 0)
+	    buf->offset = 0;
+	else
+	    buf->offset += n;
+    }
+    if (r == -1)
+	tls_errprintf(1, tls_child_apparg, "write error: %s\n", strerror(errno));
+    return r;
+}
+    
+static int
+read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
+{
+    int n, r;
+    size_t total;
+
+    DEBUG_MSG("read_attempt");
+    total = buf->offset + buf->len;
+    assert(total < sizeof buf->buf);
+    n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
+    DEBUG_MSG2("read",n);
+    r = get_error(n, select, closed, progress);
+    if (n > 0) {
+	buf->len += n;
+	assert(buf->offset + buf->len <= sizeof buf->buf);
+    }
+    if (r == -1)
+	tls_errprintf(1, tls_child_apparg, "read error: %s\n", strerror(errno));
+    return r;
+}
diff --git a/crypto/openssl/demos/easy_tls/easy-tls.h b/crypto/openssl/demos/easy_tls/easy-tls.h
new file mode 100644
index 0000000..52b298e
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/easy-tls.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+/*
+ * easy-tls.h -- generic TLS proxy.
+ * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
+ */
+/*
+ * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
+ */
+
+#ifndef HEADER_TLS_H
+#define HEADER_TLS_H
+
+#ifndef HEADER_SSL_H
+typedef struct ssl_ctx_st SSL_CTX;
+#endif
+
+#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
+
+void tls_set_dhe1024(int i, void* apparg);
+/* Generate DHE parameters:
+ * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
+ * tls_create_ctx calls this with random non-negative i if the application
+ * has never called it.*/
+
+void tls_rand_seed(void);
+int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
+void tls_rand_seed_from_memory(const void *buf, size_t n);
+
+struct tls_create_ctx_args 
+{
+    int client_p;
+    const char *certificate_file;
+    const char *key_file;
+    const char *ca_file;
+    int verify_depth;
+    int fail_unless_verified;
+    int export_p;
+};
+struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
+/* struct tls_create_ctx_args is similar to a conventional argument list,
+ * but it can provide default values and allows for future extension. */
+SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
+
+struct tls_start_proxy_args
+{
+    int fd;
+    int client_p;
+    SSL_CTX *ctx;
+    pid_t *pid;
+    int *infofd;
+};
+struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
+/* tls_start_proxy return value *MUST* be checked!
+ * 0 means ok, otherwise we've probably run out of some resources. */
+int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
+
+#endif
diff --git a/crypto/openssl/demos/easy_tls/test.c b/crypto/openssl/demos/easy_tls/test.c
new file mode 100644
index 0000000..21f679a
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/test.c
@@ -0,0 +1,244 @@
+/* test.c */
+/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
+
+#define L_PORT 9999
+#define C_PORT 443
+
+#include <arpa/inet.h>
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include "test.h"
+#include "easy-tls.h"
+
+void
+test_process_init(int fd, int client_p, void *apparg)
+{
+    fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);
+}
+
+void
+test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+    fputs(errbuf, stderr);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+    int s, fd, r;
+    FILE *conn_in;
+    FILE *conn_out;
+    char buf[256];
+    SSL_CTX *ctx;
+    int client_p = 0;
+    int port;
+    int tls = 0;
+    char infobuf[TLS_INFO_SIZE + 1];
+
+    if (argc > 1 && argv[1][0] == '-') {
+	fputs("Usage: test [port]                   -- server\n"
+	      "       test num.num.num.num [port]   -- client\n",
+	      stderr);
+	exit(1);
+    }
+
+    if (argc > 1) {
+	if (strchr(argv[1], '.')) {
+	    client_p = 1;
+	}
+    }
+    
+    fputs(client_p ? "Client\n" : "Server\n", stderr);
+    
+    {
+	struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
+	a.client_p = client_p;
+	a.certificate_file = "cert.pem";
+	a.key_file = "cert.pem";
+	a.ca_file = "cacerts.pem";
+	
+	ctx = tls_create_ctx(a, NULL);
+	if (ctx == NULL)
+	    exit(1);
+    }
+    
+    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (s == -1) {
+	perror("socket");
+	exit(1);
+    }
+    
+    if (client_p) {
+	struct sockaddr_in addr;
+	size_t addr_len = sizeof addr;
+	    
+	addr.sin_family = AF_INET;
+	assert(argc > 1);
+	if (argc > 2)
+	    sscanf(argv[2], "%d", &port);
+	else
+	    port = C_PORT;
+	addr.sin_port = htons(port);
+	addr.sin_addr.s_addr = inet_addr(argv[1]);
+	    
+	r = connect(s, &addr, addr_len);
+	if (r != 0) {
+	    perror("connect");
+	    exit(1);
+	}
+	fd = s;
+	fprintf(stderr, "Connect (fd = %d).\n", fd);
+    } else {
+	/* server */
+	{
+	    int i = 1;
+
+	    r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);
+	    if (r == -1) {
+		perror("setsockopt");
+		exit(1);
+	    }
+	}
+	
+	{
+	    struct sockaddr_in addr;
+	    size_t addr_len = sizeof addr;
+	    
+	    if (argc > 1)
+		sscanf(argv[1], "%d", &port);
+	    else
+		port = L_PORT;
+	    addr.sin_family = AF_INET;
+	    addr.sin_port = htons(port);
+	    addr.sin_addr.s_addr = INADDR_ANY;
+	    
+	    r = bind(s, &addr, addr_len);
+	    if (r != 0) {
+		perror("bind");
+		exit(1);
+	    }
+	}
+    
+	r = listen(s, 1);
+	if (r == -1) {
+	    perror("listen");
+	    exit(1);
+	}
+
+	fprintf(stderr, "Listening at port %i.\n", port);
+	
+	fd = accept(s, NULL, 0);
+	if (fd == -1) {
+	    perror("accept");
+	    exit(1);
+	}
+	
+	fprintf(stderr, "Accept (fd = %d).\n", fd);
+    }
+
+    conn_in = fdopen(fd, "r");
+    if (conn_in == NULL) {
+	perror("fdopen");
+	exit(1);
+    }
+    conn_out = fdopen(fd, "w");
+    if (conn_out == NULL) {
+	perror("fdopen");
+	exit(1);
+    }
+
+    setvbuf(conn_in, NULL, _IOLBF, 256);
+    setvbuf(conn_out, NULL, _IOLBF, 256);
+	
+    while (fgets(buf, sizeof buf, stdin) != NULL) {
+	if (buf[0] == 'W') {
+	    fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);
+	    fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);
+	} else if (buf[0] == 'C') {
+	    fprintf(stderr, "Closing.\n");
+	    fclose(conn_in);
+	    fclose(conn_out);
+	    exit(0);
+	} else if (buf[0] == 'R') {
+	    int lines = 0;
+
+	    sscanf(buf + 1, "%d", &lines);
+	    do {
+		if (fgets(buf, sizeof buf, conn_in) == NULL) {
+		    if (ferror(conn_in)) {
+			fprintf(stderr, "ERROR\n");
+			exit(1);
+		    }
+		    fprintf(stderr, "CLOSED\n");
+		    return 0;
+		}
+		fprintf(stderr, "<<< %s", buf);
+	    } while (--lines > 0);
+	} else if (buf[0] == 'T') {
+	    int infofd;
+
+	    tls++;
+	    {
+		struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
+		a.fd = fd;
+		a.client_p = client_p;
+		a.ctx = ctx;
+		a.infofd = &infofd;
+		r = tls_start_proxy(a, NULL);
+	    }
+	    assert(r != 1);
+	    if (r != 0) {
+		fprintf(stderr, "tls_start_proxy failed: %d\n", r);
+		switch (r) {
+		case -1:
+		    fputs("socketpair", stderr); break;
+		case 2:
+		    fputs("FD_SETSIZE exceeded", stderr); break;
+		case -3:
+		    fputs("pipe", stderr); break;
+		case -4:
+		    fputs("fork", stderr); break;
+		case -5:
+		    fputs("dup2", stderr); break;
+		default:
+		    fputs("?", stderr);
+		}
+		if (r < 0)
+		    perror("");
+		else
+		    fputc('\n', stderr);
+		exit(1);
+	    }
+	    
+	    r = read(infofd, infobuf, sizeof infobuf - 1);
+	    if (r > 0) {
+		const char *info = infobuf;
+		const char *eol;
+		
+		infobuf[r] = '\0';
+		while ((eol = strchr(info, '\n')) != NULL) {
+		    fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
+		    info = eol+1;
+		}
+		close (infofd);
+	    }
+	} else {
+	    fprintf(stderr, "W...  write line to network\n"
+		    "R[n]  read line (n lines) from network\n"
+		    "C     close\n"
+		    "T     start %sTLS proxy\n", tls ? "another " : "");
+	}
+    }
+    return 0;
+}
diff --git a/crypto/openssl/demos/easy_tls/test.h b/crypto/openssl/demos/easy_tls/test.h
new file mode 100644
index 0000000..dda6678
--- /dev/null
+++ b/crypto/openssl/demos/easy_tls/test.h
@@ -0,0 +1,11 @@
+/* test.h */
+/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
+
+
+void test_process_init(int fd, int client_p, void *apparg);
+#define TLS_APP_PROCESS_INIT test_process_init
+
+#undef TLS_CUMULATE_ERRORS
+
+void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
+#define TLS_APP_ERRFLUSH test_errflush
diff --git a/crypto/openssl/demos/engines/cluster_labs/Makefile b/crypto/openssl/demos/engines/cluster_labs/Makefile
new file mode 100644
index 0000000..956193f
--- /dev/null
+++ b/crypto/openssl/demos/engines/cluster_labs/Makefile
@@ -0,0 +1,114 @@
+LIBNAME=	libclabs
+SRC=		hw_cluster_labs.c
+OBJ=		hw_cluster_labs.o
+HEADER=		hw_cluster_labs.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
+			-nostatic -staticloader -write hw_cluster_labs.c
+
+gnu:		$(SHLIB).gnu
+tru64:		$(SHLIB).tru64
+solaris:	$(SHLIB).solaris
+irix:		$(SHLIB).irix
+hpux32:		$(SHLIB).hpux32
+hpux64:		$(SHLIB).hpux64
+aix:		$(SHLIB).aix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:	$(LIB)
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB)
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB)
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB)
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB)
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h b/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h
new file mode 100644
index 0000000..d092679
--- /dev/null
+++ b/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h
@@ -0,0 +1,35 @@
+typedef int cl_engine_init(void);
+typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *cgx);
+typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+		const BIGNUM *iqmp, BN_CTX *ctx);
+typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_priv_enc(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_priv_dec(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);		
+typedef int cl_rand_bytes(unsigned char *buf, int num);
+typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa);
+
+
+static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
+static const char *CLUSTER_LABS_F1	 = "hw_engine_init";
+static const char *CLUSTER_LABS_F2	 = "hw_mod_exp";
+static const char *CLUSTER_LABS_F3	 = "hw_mod_exp_crt";
+static const char *CLUSTER_LABS_F4	 = "hw_rsa_mod_exp";
+static const char *CLUSTER_LABS_F5	 = "hw_rsa_priv_enc";
+static const char *CLUSTER_LABS_F6	 = "hw_rsa_priv_dec";
+static const char *CLUSTER_LABS_F7	 = "hw_rsa_pub_enc";
+static const char *CLUSTER_LABS_F8	 = "hw_rsa_pub_dec";
+static const char *CLUSTER_LABS_F20	 = "hw_rand_bytes";
+static const char *CLUSTER_LABS_F30	 = "hw_dsa_sign";
+static const char *CLUSTER_LABS_F31	 = "hw_dsa_verify";
+
+
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c
new file mode 100644
index 0000000..036f48b
--- /dev/null
+++ b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c
@@ -0,0 +1,721 @@
+/* crypto/engine/hw_cluster_labs.c */
+/* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define MSC_VER   /* only used cryptic.h */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/des.h>
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_CLUSTER_LABS
+
+#ifdef FLAT_INC
+#include "cluster_labs.h"
+#else
+#include "vendor_defns/cluster_labs.h"
+#endif
+
+#define CL_LIB_NAME "cluster_labs engine"
+#include "hw_cluster_labs_err.c"
+
+
+static int cluster_labs_destroy(ENGINE *e);
+static int cluster_labs_init(ENGINE *e);
+static int cluster_labs_finish(ENGINE *e);
+static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+
+/* BIGNUM stuff */
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+		
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa);
+static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+#endif
+								
+/* DH stuff */
+#ifndef OPENSSL_NO_DH
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+		
+/* RANDOM stuff */						
+static int cluster_labs_rand_bytes(unsigned char *buf, int num);
+
+/* The definitions for control commands specific to this engine */
+#define CLUSTER_LABS_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
+	{
+	{ CLUSTER_LABS_CMD_SO_PATH,
+	  "SO_PATH",
+	  "Specifies the path to the 'cluster labs' shared library",
+	  ENGINE_CMD_FLAG_STRING
+	},
+	{0, NULL, NULL, 0}
+	};
+
+/* Our internal RSA_METHOD that we provide pointers to */
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD cluster_labs_rsa =
+	{
+	"Cluster Labs RSA method",
+	cluster_labs_rsa_pub_enc,	/* rsa_pub_enc */
+	cluster_labs_rsa_pub_dec,	/* rsa_pub_dec */
+	cluster_labs_rsa_priv_enc,	/* rsa_priv_enc */
+	cluster_labs_rsa_priv_dec,	/* rsa_priv_dec */
+	cluster_labs_rsa_mod_exp,	/* rsa_mod_exp */
+	cluster_labs_mod_exp_mont,	/* bn_mod_exp */
+	NULL,				/* init */
+	NULL,				/* finish */
+	0, 				/* flags */
+	NULL,				/* apps_data */
+	NULL,				/* rsa_sign */
+	NULL				/* rsa_verify */
+	};
+#endif
+
+/* Our internal DSA_METHOD that we provide pointers to */
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD cluster_labs_dsa =
+	{
+	"Cluster Labs DSA method",
+	cluster_labs_dsa_sign,  	/* dsa_do_sign */
+	NULL, 				/* dsa_sign_setup */
+	cluster_labs_dsa_verify,	/* dsa_do_verify */
+	cluster_labs_dsa_mod_exp, 	/* dsa_mod_exp */
+	cluster_labs_mod_exp_dsa, 	/* bn_mod_exp */
+	NULL, 				/* init */
+	NULL, 				/* finish */
+	0, 				/* flags */
+	NULL 				/* app_data */
+	};
+#endif	
+
+/* Our internal DH_METHOD that we provide pointers to */
+#ifndef OPENSSL_NO_DH
+static DH_METHOD cluster_labs_dh =
+	{
+	"Cluster Labs DH method",
+	NULL,				/* generate key */
+	NULL,				/* compute key */
+	cluster_labs_mod_exp_dh,	/* bn_mod_exp */
+	NULL,				/* init */
+	NULL,				/* finish */
+	0,				/* flags */
+	NULL				/* app_data */
+	};
+#endif	
+	
+static RAND_METHOD cluster_labs_rand =
+	{
+	/* "Cluster Labs RAND method", */
+	NULL,				/* seed */
+	cluster_labs_rand_bytes,	/* bytes */
+	NULL,				/* cleanup */
+	NULL,				/* add */
+	cluster_labs_rand_bytes,	/* pseudorand */
+	NULL,				/* status */
+	};	
+
+static const char *engine_cluster_labs_id = "cluster_labs";
+static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
+
+/* engine implementation */
+/*-----------------------*/
+static int bind_helper(ENGINE *e)
+	{
+	
+	if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
+			!ENGINE_set_name(e, engine_cluster_labs_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &cluster_labs_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &cluster_labs_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &cluster_labs_dh) ||
+#endif
+			!ENGINE_set_RAND(e, &cluster_labs_rand) ||
+			!ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
+			!ENGINE_set_init_function(e, cluster_labs_init) ||
+			!ENGINE_set_finish_function(e, cluster_labs_finish) ||
+			!ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
+			!ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
+		return 0;
+	/* Ensure the error handling is set up */
+	ERR_load_CL_strings();
+	return 1;
+	}
+	
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_cluster_labs(void)
+	{
+	ENGINE *ret = ENGINE_new();
+
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static
+#endif
+void ENGINE_load_cluster_labs(void)
+	{
+
+	ENGINE *cluster_labs = engine_cluster_labs();
+	
+	if(!cluster_labs) return;
+	ENGINE_add(cluster_labs);
+	ENGINE_free(cluster_labs);
+	ERR_clear_error();
+	}
+#endif /* !ENGINE_DYNAMIC_SUPPORT */
+
+static int cluster_labs_destroy(ENGINE *e)
+	{
+	
+	ERR_unload_CL_strings();
+	return 1;
+	}
+
+
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Cluster Labs library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cluster_labs_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static cl_engine_init	  	*p_cl_engine_init 		 = NULL;
+static cl_mod_exp	 	*p_cl_mod_exp 			 = NULL;
+static cl_mod_exp_crt		*p_cl_mod_exp_crt 		 = NULL;
+static cl_rsa_mod_exp		*p_cl_rsa_mod_exp 		 = NULL;
+static cl_rsa_priv_enc		*p_cl_rsa_priv_enc 		 = NULL;
+static cl_rsa_priv_dec		*p_cl_rsa_priv_dec 		 = NULL;
+static cl_rsa_pub_enc		*p_cl_rsa_pub_enc 		 = NULL;
+static cl_rsa_pub_dec		*p_cl_rsa_pub_dec 		 = NULL;
+static cl_rand_bytes		*p_cl_rand_bytes	 	 = NULL;
+static cl_dsa_sign		*p_cl_dsa_sign		 	 = NULL;
+static cl_dsa_verify		*p_cl_dsa_verify	 	 = NULL;
+
+
+int cluster_labs_init(ENGINE *e)
+	{
+
+	cl_engine_init			*p1;
+	cl_mod_exp			*p2;
+	cl_mod_exp_crt			*p3;
+	cl_rsa_mod_exp			*p4;
+	cl_rsa_priv_enc			*p5;
+	cl_rsa_priv_dec			*p6;	
+	cl_rsa_pub_enc			*p7;
+	cl_rsa_pub_dec			*p8;
+	cl_rand_bytes			*p20;
+	cl_dsa_sign			*p30;	
+	cl_dsa_verify			*p31;		
+	
+	/* engine already loaded */
+	if(cluster_labs_dso != NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* try to load engine	 */	
+	cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
+		goto err;
+		}
+	/* bind functions */
+	if(	!(p1 = (cl_engine_init *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F1)) ||
+		!(p2 = (cl_mod_exp *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F2)) ||			
+		!(p3 = (cl_mod_exp_crt *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F3)) ||				
+		!(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F4)) ||				
+		!(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F5)) ||
+		!(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F6)) ||
+		!(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F7)) ||
+		!(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F8)) ||
+		!(p20= (cl_rand_bytes *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F20)) ||
+		!(p30= (cl_dsa_sign *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F30)) ||
+		!(p31= (cl_dsa_verify *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F31)))
+		{
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
+		goto err;
+		}
+		
+	/* copy function pointers */
+	p_cl_engine_init		= p1;
+	p_cl_mod_exp			= p2;
+	p_cl_mod_exp_crt		= p3;	
+	p_cl_rsa_mod_exp 		= p4;
+	p_cl_rsa_priv_enc	 	= p5;
+	p_cl_rsa_priv_dec	 	= p6;
+	p_cl_rsa_pub_enc	 	= p7;
+	p_cl_rsa_pub_dec	 	= p8;
+	p_cl_rand_bytes			= p20;	
+	p_cl_dsa_sign			= p30;
+	p_cl_dsa_verify			= p31;	
+	
+	
+	
+	/* cluster labs engine init */
+	if(p_cl_engine_init()== 0){
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);		
+		goto err;
+	}
+
+	return(1);
+
+err:	
+	/* reset all pointers */
+	if(cluster_labs_dso)
+		DSO_free(cluster_labs_dso);
+
+	cluster_labs_dso		= NULL;
+	p_cl_engine_init		= NULL;	
+	p_cl_mod_exp			= NULL;
+	p_cl_mod_exp_crt		= NULL;
+	p_cl_rsa_mod_exp		= NULL;
+	p_cl_rsa_priv_enc		= NULL;
+	p_cl_rsa_priv_dec		= NULL;	
+	p_cl_rsa_pub_enc		= NULL;
+	p_cl_rsa_pub_dec		= NULL;	
+	p_cl_rand_bytes			= NULL;	
+	p_cl_dsa_sign			= NULL;
+	p_cl_dsa_verify			= NULL;	
+	
+	return(0);
+	}
+	
+
+static int cluster_labs_finish(ENGINE *e)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(cluster_labs_dso))
+		{
+		CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
+		return 0;
+		}
+		
+	cluster_labs_dso 		= NULL;
+	p_cl_engine_init		= NULL;		
+	p_cl_mod_exp			= NULL;
+	p_cl_rsa_mod_exp		= NULL;	
+	p_cl_mod_exp_crt		= NULL;	
+	p_cl_rsa_priv_enc		= NULL;	
+	p_cl_rsa_priv_dec		= NULL;	
+	p_cl_rsa_pub_enc		= NULL;
+	p_cl_rsa_pub_dec		= NULL;	
+	p_cl_rand_bytes			= NULL;		
+	p_cl_dsa_sign			= NULL;
+	p_cl_dsa_verify			= NULL;	
+	
+	return(1);	
+	
+	}
+	
+static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
+
+	switch(cmd)
+		{
+	case CLUSTER_LABS_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
+			return 0;
+			}
+		CLUSTER_LABS_LIB_NAME = (const char *)p;
+		return 1;
+	default:
+		break;
+		}
+	CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+	
+
+static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
+		return 0;
+		}	
+	if(p_cl_mod_exp == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
+		return 0;
+		}
+
+	return	p_cl_mod_exp(r, a, p, m, ctx);
+
+	}
+	
+static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+		const BIGNUM *iqmp, BN_CTX *ctx)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_mod_exp_crt == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);		
+		return 0;
+		}
+	
+	return	p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
+	
+	}
+	
+static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_mod_exp == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return p_cl_rsa_mod_exp(r0, I, rsa);
+
+	}
+	
+static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_dsa_sign == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return p_cl_dsa_sign(dgst, dlen, dsa);
+	
+	}
+	
+static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	
+	if(p_cl_dsa_verify == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
+	
+	}			
+
+static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int status = 0;
+		
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	status = 1;
+end:
+	BN_free(&t);
+	
+	return(1);
+
+	}
+
+static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return 	cluster_labs_mod_exp(r, a, p, m, ctx);
+	}
+	
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return	cluster_labs_mod_exp(r, a, p, m, ctx);
+	}
+	
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return 	cluster_labs_mod_exp(r, a, p, m, ctx);
+	}
+
+
+static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_priv_enc == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+		
+	return 	p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
+	
+	}  
+	     
+static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_priv_enc == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+		
+	return 	p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
+	
+	}  
+
+
+static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+
+	if(p_cl_rsa_priv_enc == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+		
+	return 	p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
+	
+	}  
+
+static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding)
+	{
+	
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_priv_dec == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return 	p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
+		
+	}  
+
+/************************************************************************************
+* Symmetric algorithms
+************************************************************************************/
+/* this will be come soon! */
+
+/************************************************************************************
+* Random generator
+************************************************************************************/
+
+static int cluster_labs_rand_bytes(unsigned char *buf, int num){
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_mod_exp_crt == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return 	p_cl_rand_bytes(buf, num);
+
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	fprintf(stderr, "bind_fn CLUSTER_LABS\n");
+	if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
+		fprintf(stderr, "bind_fn return(0) first\n");
+		return 0;
+		}
+	if(!bind_helper(e)) {
+		fprintf(stderr, "bind_fn return(1) first\n");
+		return 0;
+		}
+	fprintf(stderr, "bind_fn return(1)\n");		
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+						
+#endif /* !NO_HW_CLUSTER_LABS */
+#endif /* !NO_HW */
+
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec
new file mode 100644
index 0000000..1f64786
--- /dev/null
+++ b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
+#		-nostatic -staticloader -write *.c
+
+L CL		hw_cluster_labs_err.h		hw_cluster_labs_err.c
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c
new file mode 100644
index 0000000..a7fa408
--- /dev/null
+++ b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c
@@ -0,0 +1,151 @@
+/* hw_cluster_labs_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_cluster_labs_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CL_str_functs[]=
+	{
+{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0),	"CLUSTER_LABS_CTRL"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0),	"CLUSTER_LABS_DSA_SIGN"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0),	"CLUSTER_LABS_DSA_VERIFY"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0),	"CLUSTER_LABS_FINISH"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0),	"CLUSTER_LABS_INIT"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0),	"CLUSTER_LABS_MOD_EXP"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0),	"CLUSTER_LABS_MOD_EXP_CRT"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0),	"CLUSTER_LABS_RAND_BYTES"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0),	"CLUSTER_LABS_RSA_MOD_EXP"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0),	"CLUSTER_LABS_RSA_PRIV_DEC"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0),	"CLUSTER_LABS_RSA_PRIV_ENC"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0),	"CLUSTER_LABS_RSA_PUB_DEC"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0),	"CLUSTER_LABS_RSA_PUB_ENC"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CL_str_reasons[]=
+	{
+{CL_R_ALREADY_LOADED                     ,"already loaded"},
+{CL_R_COMMAND_NOT_IMPLEMENTED            ,"command not implemented"},
+{CL_R_DSO_FAILURE                        ,"dso failure"},
+{CL_R_FUNCTION_NOT_BINDED                ,"function not binded"},
+{CL_R_INIT_FAILED                        ,"init failed"},
+{CL_R_NOT_LOADED                         ,"not loaded"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef CL_LIB_NAME
+static ERR_STRING_DATA CL_lib_name[]=
+        {
+{0	,CL_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int CL_lib_error_code=0;
+static int CL_error_init=1;
+
+static void ERR_load_CL_strings(void)
+	{
+	if (CL_lib_error_code == 0)
+		CL_lib_error_code=ERR_get_next_error_library();
+
+	if (CL_error_init)
+		{
+		CL_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(CL_lib_error_code,CL_str_functs);
+		ERR_load_strings(CL_lib_error_code,CL_str_reasons);
+#endif
+
+#ifdef CL_LIB_NAME
+		CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
+		ERR_load_strings(0,CL_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_CL_strings(void)
+	{
+	if (CL_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(CL_lib_error_code,CL_str_functs);
+		ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
+#endif
+
+#ifdef CL_LIB_NAME
+		ERR_unload_strings(0,CL_lib_name);
+#endif
+		CL_error_init=1;
+		}
+	}
+
+static void ERR_CL_error(int function, int reason, char *file, int line)
+	{
+	if (CL_lib_error_code == 0)
+		CL_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
new file mode 100644
index 0000000..afc175b
--- /dev/null
+++ b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CL_ERR_H
+#define HEADER_CL_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CL_strings(void);
+static void ERR_unload_CL_strings(void);
+static void ERR_CL_error(int function, int reason, char *file, int line);
+#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CL functions. */
+
+/* Function codes. */
+#define CL_F_CLUSTER_LABS_CTRL				 100
+#define CL_F_CLUSTER_LABS_DSA_SIGN			 101
+#define CL_F_CLUSTER_LABS_DSA_VERIFY			 102
+#define CL_F_CLUSTER_LABS_FINISH			 103
+#define CL_F_CLUSTER_LABS_INIT				 104
+#define CL_F_CLUSTER_LABS_MOD_EXP			 105
+#define CL_F_CLUSTER_LABS_MOD_EXP_CRT			 106
+#define CL_F_CLUSTER_LABS_RAND_BYTES			 107
+#define CL_F_CLUSTER_LABS_RSA_MOD_EXP			 108
+#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC			 109
+#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC			 110
+#define CL_F_CLUSTER_LABS_RSA_PUB_DEC			 111
+#define CL_F_CLUSTER_LABS_RSA_PUB_ENC			 112
+
+/* Reason codes. */
+#define CL_R_ALREADY_LOADED				 100
+#define CL_R_COMMAND_NOT_IMPLEMENTED			 101
+#define CL_R_DSO_FAILURE				 102
+#define CL_R_FUNCTION_NOT_BINDED			 103
+#define CL_R_INIT_FAILED				 104
+#define CL_R_NOT_LOADED					 105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/demos/engines/ibmca/Makefile b/crypto/openssl/demos/engines/ibmca/Makefile
new file mode 100644
index 0000000..72f3546
--- /dev/null
+++ b/crypto/openssl/demos/engines/ibmca/Makefile
@@ -0,0 +1,114 @@
+LIBNAME=	libibmca
+SRC=		hw_ibmca.c
+OBJ=		hw_ibmca.o
+HEADER=		hw_ibmca.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
+			-nostatic -staticloader -write hw_ibmca.c
+
+gnu:		$(SHLIB).gnu
+tru64:		$(SHLIB).tru64
+solaris:	$(SHLIB).solaris
+irix:		$(SHLIB).irix
+hpux32:		$(SHLIB).hpux32
+hpux64:		$(SHLIB).hpux64
+aix:		$(SHLIB).aix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:	$(LIB)
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB)
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB)
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB)
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB)
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca.c b/crypto/openssl/demos/engines/ibmca/hw_ibmca.c
new file mode 100644
index 0000000..0c2c39b
--- /dev/null
+++ b/crypto/openssl/demos/engines/ibmca/hw_ibmca.c
@@ -0,0 +1,920 @@
+/* crypto/engine/hw_ibmca.c */

+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL

+ * project 2000.

+ */

+/* ====================================================================

+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * 1. Redistributions of source code must retain the above copyright

+ *    notice, this list of conditions and the following disclaimer.

+ *

+ * 2. Redistributions in binary form must reproduce the above copyright

+ *    notice, this list of conditions and the following disclaimer in

+ *    the documentation and/or other materials provided with the

+ *    distribution.

+ *

+ * 3. All advertising materials mentioning features or use of this

+ *    software must display the following acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

+ *

+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

+ *    endorse or promote products derived from this software without

+ *    prior written permission. For written permission, please contact

+ *    licensing@OpenSSL.org.

+ *

+ * 5. Products derived from this software may not be called "OpenSSL"

+ *    nor may "OpenSSL" appear in their names without prior written

+ *    permission of the OpenSSL Project.

+ *

+ * 6. Redistributions of any form whatsoever must retain the following

+ *    acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

+ * OF THE POSSIBILITY OF SUCH DAMAGE.

+ * ====================================================================

+ *

+ * This product includes cryptographic software written by Eric Young

+ * (eay@cryptsoft.com).  This product includes software written by Tim

+ * Hudson (tjh@cryptsoft.com).

+ *

+ */

+

+/* (C) COPYRIGHT International Business Machines Corp. 2001 */

+

+#include <stdio.h>

+#include <openssl/crypto.h>

+#include <openssl/dso.h>

+#include <openssl/engine.h>

+

+#ifndef OPENSSL_NO_HW

+#ifndef OPENSSL_NO_HW_IBMCA

+

+#ifdef FLAT_INC

+#include "ica_openssl_api.h"

+#else

+#include "vendor_defns/ica_openssl_api.h"

+#endif

+

+#define IBMCA_LIB_NAME "ibmca engine"

+#include "hw_ibmca_err.c"

+

+static int ibmca_destroy(ENGINE *e);

+static int ibmca_init(ENGINE *e);

+static int ibmca_finish(ENGINE *e);

+static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());

+

+static const char *IBMCA_F1 = "icaOpenAdapter";

+static const char *IBMCA_F2 = "icaCloseAdapter";

+static const char *IBMCA_F3 = "icaRsaModExpo";

+static const char *IBMCA_F4 = "icaRandomNumberGenerate";

+static const char *IBMCA_F5 = "icaRsaCrt";

+

+ICA_ADAPTER_HANDLE handle=0;

+

+/* BIGNUM stuff */

+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx);

+

+static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,

+        const BIGNUM *iqmp, BN_CTX *ctx);

+

+#ifndef OPENSSL_NO_RSA  

+/* RSA stuff */

+static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);

+#endif

+

+/* This function is aliased to mod_exp (with the mont stuff dropped). */

+static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

+

+#ifndef OPENSSL_NO_DSA 

+/* DSA stuff */

+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

+        BN_CTX *ctx, BN_MONT_CTX *in_mont);

+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

+        BN_MONT_CTX *m_ctx);

+#endif

+

+#ifndef OPENSSL_NO_DH 

+/* DH stuff */

+/* This function is alised to mod_exp (with the DH and mont dropped). */

+static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r, 

+	const BIGNUM *a, const BIGNUM *p,

+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

+#endif

+

+/* RAND stuff */

+static int ibmca_rand_bytes(unsigned char *buf, int num);

+static int ibmca_rand_status(void);

+

+

+/* WJH - check for more commands, like in nuron */

+

+/* The definitions for control commands specific to this engine */

+#define IBMCA_CMD_SO_PATH		ENGINE_CMD_BASE

+static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {

+	{IBMCA_CMD_SO_PATH,

+		"SO_PATH",

+		"Specifies the path to the 'atasi' shared library",

+		ENGINE_CMD_FLAG_STRING},

+	{0, NULL, NULL, 0}

+	};

+

+#ifndef OPENSSL_NO_RSA  

+/* Our internal RSA_METHOD that we provide pointers to */

+static RSA_METHOD ibmca_rsa =

+        {

+        "Ibmca RSA method",

+        NULL,

+        NULL,

+        NULL,

+        NULL,

+        ibmca_rsa_mod_exp,

+        ibmca_mod_exp_mont,

+        NULL,

+        NULL,

+        0,

+        NULL,

+        NULL,

+        NULL

+        };

+#endif

+

+#ifndef OPENSSL_NO_DSA

+/* Our internal DSA_METHOD that we provide pointers to */

+static DSA_METHOD ibmca_dsa =

+        {

+        "Ibmca DSA method",

+        NULL, /* dsa_do_sign */

+        NULL, /* dsa_sign_setup */

+        NULL, /* dsa_do_verify */

+        ibmca_dsa_mod_exp, /* dsa_mod_exp */

+        ibmca_mod_exp_dsa, /* bn_mod_exp */

+        NULL, /* init */

+        NULL, /* finish */

+        0, /* flags */

+        NULL /* app_data */

+        };

+#endif

+

+#ifndef OPENSSL_NO_DH

+/* Our internal DH_METHOD that we provide pointers to */

+static DH_METHOD ibmca_dh =

+        {

+        "Ibmca DH method",

+        NULL,

+        NULL,

+        ibmca_mod_exp_dh,

+        NULL,

+        NULL,

+        0,

+        NULL

+        };

+#endif

+

+static RAND_METHOD ibmca_rand =

+        {

+        /* "IBMCA RAND method", */

+        NULL,

+        ibmca_rand_bytes,

+        NULL,

+        NULL,

+        ibmca_rand_bytes,

+        ibmca_rand_status,

+        };

+

+/* Constants used when creating the ENGINE */

+static const char *engine_ibmca_id = "ibmca";

+static const char *engine_ibmca_name = "Ibmca hardware engine support";

+

+/* This internal function is used by ENGINE_ibmca() and possibly by the

+ * "dynamic" ENGINE support too */

+static int bind_helper(ENGINE *e)

+	{

+#ifndef OPENSSL_NO_RSA

+	const RSA_METHOD *meth1;

+#endif

+#ifndef OPENSSL_NO_DSA

+	const DSA_METHOD *meth2;

+#endif

+#ifndef OPENSSL_NO_DH

+	const DH_METHOD *meth3;

+#endif

+	if(!ENGINE_set_id(e, engine_ibmca_id) ||

+		!ENGINE_set_name(e, engine_ibmca_name) ||

+#ifndef OPENSSL_NO_RSA

+		!ENGINE_set_RSA(e, &ibmca_rsa) ||

+#endif

+#ifndef OPENSSL_NO_DSA

+		!ENGINE_set_DSA(e, &ibmca_dsa) ||

+#endif

+#ifndef OPENSSL_NO_DH

+		!ENGINE_set_DH(e, &ibmca_dh) ||

+#endif

+		!ENGINE_set_RAND(e, &ibmca_rand) ||

+		!ENGINE_set_destroy_function(e, ibmca_destroy) ||

+		!ENGINE_set_init_function(e, ibmca_init) ||

+		!ENGINE_set_finish_function(e, ibmca_finish) ||

+		!ENGINE_set_ctrl_function(e, ibmca_ctrl) ||

+		!ENGINE_set_cmd_defns(e, ibmca_cmd_defns))

+		return 0;

+

+#ifndef OPENSSL_NO_RSA

+	/* We know that the "PKCS1_SSLeay()" functions hook properly

+	 * to the ibmca-specific mod_exp and mod_exp_crt so we use

+	 * those functions. NB: We don't use ENGINE_openssl() or

+	 * anything "more generic" because something like the RSAref

+	 * code may not hook properly, and if you own one of these

+	 * cards then you have the right to do RSA operations on it

+	 * anyway! */ 

+	meth1 = RSA_PKCS1_SSLeay();

+	ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

+	ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

+	ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

+	ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

+#endif

+

+#ifndef OPENSSL_NO_DSA

+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

+	 * bits. */

+	meth2 = DSA_OpenSSL();

+	ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;

+	ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;

+	ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;

+#endif

+

+#ifndef OPENSSL_NO_DH

+	/* Much the same for Diffie-Hellman */

+	meth3 = DH_OpenSSL();

+	ibmca_dh.generate_key = meth3->generate_key;

+	ibmca_dh.compute_key = meth3->compute_key;

+#endif

+

+	/* Ensure the ibmca error handling is set up */

+	ERR_load_IBMCA_strings(); 

+	return 1;

+	}

+

+static ENGINE *engine_ibmca(void)

+	{

+	ENGINE *ret = ENGINE_new();

+	if(!ret)

+		return NULL;

+	if(!bind_helper(ret))

+		{

+		ENGINE_free(ret);

+		return NULL;

+		}

+	return ret;

+	}

+

+#ifdef ENGINE_DYNAMIC_SUPPORT

+static

+#endif

+void ENGINE_load_ibmca(void)

+	{

+	/* Copied from eng_[openssl|dyn].c */

+	ENGINE *toadd = engine_ibmca();

+	if(!toadd) return;

+	ENGINE_add(toadd);

+	ENGINE_free(toadd);

+	ERR_clear_error();

+	}

+

+/* Destructor (complements the "ENGINE_ibmca()" constructor) */

+static int ibmca_destroy(ENGINE *e)

+	{

+	/* Unload the ibmca error strings so any error state including our

+	 * functs or reasons won't lead to a segfault (they simply get displayed

+	 * without corresponding string data because none will be found). */

+        ERR_unload_IBMCA_strings(); 

+	return 1;

+	}

+

+

+/* This is a process-global DSO handle used for loading and unloading

+ * the Ibmca library. NB: This is only set (or unset) during an

+ * init() or finish() call (reference counts permitting) and they're

+ * operating with global locks, so this should be thread-safe

+ * implicitly. */

+

+static DSO *ibmca_dso = NULL;

+

+/* These are the function pointers that are (un)set when the library has

+ * successfully (un)loaded. */

+

+static unsigned int    (ICA_CALL *p_icaOpenAdapter)();

+static unsigned int    (ICA_CALL *p_icaCloseAdapter)();

+static unsigned int    (ICA_CALL *p_icaRsaModExpo)();

+static unsigned int    (ICA_CALL *p_icaRandomNumberGenerate)();

+static unsigned int    (ICA_CALL *p_icaRsaCrt)();

+

+/* utility function to obtain a context */

+static int get_context(ICA_ADAPTER_HANDLE *p_handle)

+        {

+        unsigned int status=0;

+

+        status = p_icaOpenAdapter(0, p_handle);

+        if(status != 0)

+                return 0;

+        return 1;

+        }

+

+/* similarly to release one. */

+static void release_context(ICA_ADAPTER_HANDLE handle)

+        {

+        p_icaCloseAdapter(handle);

+        }

+

+/* (de)initialisation functions. */

+static int ibmca_init(ENGINE *e)

+        {

+

+        void          (*p1)();

+        void          (*p2)();

+        void          (*p3)();

+        void          (*p4)();

+        void          (*p5)();

+

+        if(ibmca_dso != NULL)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);

+                goto err;

+                }

+        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be

+         * changed unfortunately because the Ibmca drivers don't have

+         * standard library names that can be platform-translated well. */

+        /* TODO: Work out how to actually map to the names the Ibmca

+         * drivers really use - for now a symbollic link needs to be

+         * created on the host system from libatasi.so to atasi.so on

+         * unix variants. */

+

+	/* WJH XXX check name translation */

+

+        ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,

+			     /* DSO_FLAG_NAME_TRANSLATION */ 0);

+        if(ibmca_dso == NULL)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);

+                goto err;

+                }

+

+        if(!(p1 = DSO_bind_func(

+                ibmca_dso, IBMCA_F1)) ||

+                !(p2 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F2)) ||

+                !(p3 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F3)) ||

+                !(p4 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F4)) ||

+                !(p5 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F5)))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);

+                goto err;

+                }

+

+        /* Copy the pointers */

+

+	p_icaOpenAdapter =           (unsigned int (ICA_CALL *)())p1;

+	p_icaCloseAdapter =          (unsigned int (ICA_CALL *)())p2;

+	p_icaRsaModExpo =            (unsigned int (ICA_CALL *)())p3;

+	p_icaRandomNumberGenerate =  (unsigned int (ICA_CALL *)())p4;

+	p_icaRsaCrt =                (unsigned int (ICA_CALL *)())p5;

+

+        if(!get_context(&handle))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);

+                goto err;

+                }

+

+        return 1;

+ err:

+        if(ibmca_dso)

+                DSO_free(ibmca_dso);

+

+        p_icaOpenAdapter = NULL;

+        p_icaCloseAdapter = NULL;

+        p_icaRsaModExpo = NULL;

+        p_icaRandomNumberGenerate = NULL;

+

+        return 0;

+        }

+

+static int ibmca_finish(ENGINE *e)

+        {

+        if(ibmca_dso == NULL)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);

+                return 0;

+                }

+        release_context(handle);

+        if(!DSO_free(ibmca_dso))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);

+                return 0;

+                }

+        ibmca_dso = NULL;

+

+        return 1;

+        }

+

+static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())

+	{

+	int initialised = ((ibmca_dso == NULL) ? 0 : 1);

+	switch(cmd)

+		{

+	case IBMCA_CMD_SO_PATH:

+		if(p == NULL)

+			{

+			IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);

+			return 0;

+			}

+		if(initialised)

+			{

+			IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);

+			return 0;

+			}

+		IBMCA_LIBNAME = (const char *)p;

+		return 1;

+	default:

+		break;

+		}

+	IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);

+	return 0;

+	}

+

+

+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx)

+        {

+        /* I need somewhere to store temporary serialised values for

+         * use with the Ibmca API calls. A neat cheat - I'll use

+         * BIGNUMs from the BN_CTX but access their arrays directly as

+         * byte arrays <grin>. This way I don't have to clean anything

+         * up. */

+

+        BIGNUM *argument=NULL;

+        BIGNUM *result=NULL;

+        BIGNUM *key=NULL;

+        int to_return;

+	int inLen, outLen, tmpLen;

+

+

+        ICA_KEY_RSA_MODEXPO *publKey=NULL;

+        unsigned int rc;

+

+        to_return = 0; /* expect failure */

+

+        if(!ibmca_dso)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);

+                goto err;

+                }

+        /* Prepare the params */

+	BN_CTX_start(ctx);

+        argument = BN_CTX_get(ctx);

+        result = BN_CTX_get(ctx);

+        key = BN_CTX_get(ctx);

+

+        if( !argument || !result || !key)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);

+                goto err;

+                }

+

+

+	if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||

+                !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))

+

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);

+                goto err;

+                }

+

+        publKey = (ICA_KEY_RSA_MODEXPO *)key->d;

+

+        if (publKey == NULL)

+                {

+                goto err;

+                }

+        memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));

+

+        publKey->keyType   =  CORRECT_ENDIANNESS(ME_KEY_TYPE);

+        publKey->keyLength =  CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));

+        publKey->expOffset =  (char *) publKey->keyRecord - (char *) publKey;

+

+        /* A quirk of the card: the exponent length has to be the same

+     as the modulus (key) length */

+

+	outLen = BN_num_bytes(m);

+

+/* check for modulus length SAB*/

+	if (outLen > 256 ) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);

+		goto err;

+	}

+/* check for modulus length SAB*/

+

+

+	publKey->expLength = publKey->nLength = outLen;

+/* SAB Check for underflow condition

+    the size of the exponent is less than the size of the parameter

+    then we have a big problem and will underflow the keyRecord

+   buffer.  Bad stuff could happen then

+*/

+if (outLen < BN_num_bytes(p)){

+	IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);

+	goto err;

+}

+/* SAB End check for underflow */

+

+

+        BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -

+                BN_num_bytes(p)]);

+        BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);

+

+

+

+        publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);

+        publKey->nOffset   = CORRECT_ENDIANNESS(publKey->expOffset + 

+						publKey->expLength);

+

+        publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord - 

+						(char *) publKey);

+

+	tmpLen = outLen;

+	publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);

+

+  /* Prepare the argument */

+

+	memset(argument->d, 0, outLen);

+	BN_bn2bin(a, (unsigned char *)argument->d + outLen -

+                 BN_num_bytes(a));

+

+	inLen = outLen;

+

+  /* Perform the operation */

+

+          if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,

+                publKey, &outLen, (unsigned char *)result->d))

+                !=0 )

+

+                {

+                printf("rc = %d\n", rc);

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);

+                goto err;

+                }

+

+

+        /* Convert the response */

+        BN_bin2bn((unsigned char *)result->d, outLen, r);

+        to_return = 1;

+ err:

+	BN_CTX_end(ctx);

+        return to_return;

+        }

+

+#ifndef OPENSSL_NO_RSA 

+static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)

+        {

+        BN_CTX *ctx;

+        int to_return = 0;

+

+        if((ctx = BN_CTX_new()) == NULL)

+                goto err;

+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

+                {

+                if(!rsa->d || !rsa->n)

+                        {

+                        IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,

+                                IBMCA_R_MISSING_KEY_COMPONENTS);

+                        goto err;

+                        }

+                to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);

+                }

+        else

+                {

+                to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,

+                        rsa->dmq1, rsa->iqmp, ctx);

+                }

+ err:

+        if(ctx)

+                BN_CTX_free(ctx);

+        return to_return;

+        }

+#endif

+

+/* Ein kleines chinesisches "Restessen"  */

+static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *q, const BIGNUM *dmp1,

+        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)

+        {

+

+        BIGNUM *argument = NULL;

+        BIGNUM *result = NULL;

+        BIGNUM *key = NULL;

+

+        int to_return = 0; /* expect failure */

+

+        char                *pkey=NULL;

+        ICA_KEY_RSA_CRT     *privKey=NULL;

+        int inLen, outLen;

+

+        int rc;

+        unsigned int        offset, pSize, qSize;

+/* SAB New variables */

+	unsigned int keyRecordSize;

+	unsigned int pbytes = BN_num_bytes(p);

+	unsigned int qbytes = BN_num_bytes(q);

+	unsigned int dmp1bytes = BN_num_bytes(dmp1);

+	unsigned int dmq1bytes = BN_num_bytes(dmq1);

+	unsigned int iqmpbytes = BN_num_bytes(iqmp);

+

+        /* Prepare the params */

+

+	BN_CTX_start(ctx);

+        argument = BN_CTX_get(ctx);

+        result = BN_CTX_get(ctx);

+        key = BN_CTX_get(ctx);

+

+        if(!argument || !result || !key)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);

+                goto err;

+                }

+

+	if(!bn_wexpand(argument, p->top + q->top) ||

+                !bn_wexpand(result, p->top + q->top) ||

+                !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);

+                goto err;

+                }

+

+

+        privKey = (ICA_KEY_RSA_CRT *)key->d;

+/* SAB Add check for total size in bytes of the parms does not exceed

+   the buffer space we have

+   do this first

+*/

+      keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;

+     if (  keyRecordSize > sizeof(privKey->keyRecord )) {

+	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

+         goto err;

+     }

+

+     if ( (qbytes + dmq1bytes)  > 256 ){

+	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

+         goto err;

+     }

+

+     if ( pbytes + dmp1bytes > 256 ) {

+	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

+         goto err;

+     }

+

+/* end SAB additions */

+  

+        memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));

+        privKey->keyType =  CORRECT_ENDIANNESS(CRT_KEY_TYPE);

+        privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));

+        privKey->modulusBitLength = 

+	  CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);

+

+        /*

+         * p,dp & qInv are 1 QWORD Larger

+         */

+        privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);

+        privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));

+        privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);

+        privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));

+        privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);

+

+        offset = (char *) privKey->keyRecord

+                  - (char *) privKey;

+

+        qSize = BN_num_bytes(q);

+        pSize = qSize + 8;   /*  1 QWORD larger */

+

+

+/* SAB  probably aittle redundant, but we'll verify that each of the

+   components which make up a key record sent ot the card does not exceed

+   the space that is allocated for it.  this handles the case where even if

+   the total length does not exceed keyrecord zied, if the operands are funny sized

+they could cause potential side affects on either the card or the result */

+

+     if ( (pbytes > pSize) || (dmp1bytes > pSize) ||

+          (iqmpbytes > pSize) || ( qbytes >qSize) ||

+          (dmq1bytes > qSize) ) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);

+		goto err;

+

+	}

+     

+

+        privKey->dpOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += pSize;

+	privKey->dqOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += qSize;

+	privKey->pOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += pSize;

+	privKey->qOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += qSize;

+	privKey->qInvOffset = CORRECT_ENDIANNESS(offset);

+

+        pkey = (char *) privKey->keyRecord;

+

+

+/* SAB first check that we don;t under flow the buffer */

+	if ( pSize < pbytes ) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);

+		goto err;

+	}

+

+        /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */

+        pkey += pSize - BN_num_bytes(dmp1);

+        BN_bn2bin(dmp1, pkey);   

+        pkey += BN_num_bytes(dmp1);  /* move the pointer */

+

+        BN_bn2bin(dmq1, pkey);  /* Copy over dmq1 */

+

+        pkey += qSize;     /* move pointer */

+	pkey += pSize - BN_num_bytes(p);  /* set up for zero padding of next field */

+

+        BN_bn2bin(p, pkey);

+        pkey += BN_num_bytes(p);  /* increment pointer by number of bytes moved  */

+

+        BN_bn2bin(q, pkey);

+        pkey += qSize ;  /* move the pointer */

+	pkey +=  pSize - BN_num_bytes(iqmp); /* Adjust for padding */

+        BN_bn2bin(iqmp, pkey);

+

+        /* Prepare the argument and response */

+

+	outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2;  /* Correct endianess is used 

+						because the fields were converted above */

+

+        if (outLen > 256) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);

+		goto err;

+	}

+

+	/* SAB check for underflow here on the argeument */

+	if ( outLen < BN_num_bytes(a)) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);

+		goto err;

+	}

+

+        BN_bn2bin(a, (unsigned char *)argument->d + outLen -

+                          BN_num_bytes(a));

+        inLen = outLen;

+

+        memset(result->d, 0, outLen);

+

+        /* Perform the operation */

+

+        if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,

+                privKey, &outLen, (unsigned char *)result->d)) != 0)

+                {

+                printf("rc = %d\n", rc);

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);

+                goto err;

+                }

+

+        /* Convert the response */

+

+        BN_bin2bn((unsigned char *)result->d, outLen, r);

+        to_return = 1;

+

+ err:

+	BN_CTX_end(ctx);

+        return to_return;

+

+        }

+

+#ifndef OPENSSL_NO_DSA

+/* This code was liberated and adapted from the commented-out code in

+ * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration

+ * (it doesn't have a CRT form for RSA), this function means that an

+ * Ibmca system running with a DSA server certificate can handshake

+ * around 5 or 6 times faster/more than an equivalent system running with

+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts

+ * of "openssl speed -engine ibmca dsa1024 rsa1024". */

+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

+        BN_CTX *ctx, BN_MONT_CTX *in_mont)

+        {

+        BIGNUM t;

+        int to_return = 0;

+

+        BN_init(&t);

+        /* let rr = a1 ^ p1 mod m */

+        if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;

+        /* let t = a2 ^ p2 mod m */

+        if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;

+        /* let rr = rr * t mod m */

+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

+        to_return = 1;

+ end:

+        BN_free(&t);

+        return to_return;

+        }

+

+

+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

+        BN_MONT_CTX *m_ctx)

+        {

+        return ibmca_mod_exp(r, a, p, m, ctx);

+        }

+#endif

+

+/* This function is aliased to mod_exp (with the mont stuff dropped). */

+static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

+        {

+        return ibmca_mod_exp(r, a, p, m, ctx);

+        }

+

+#ifndef OPENSSL_NO_DH 

+/* This function is aliased to mod_exp (with the dh and mont dropped). */

+static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r, 

+	const BIGNUM *a, const BIGNUM *p, 

+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

+        {

+        return ibmca_mod_exp(r, a, p, m, ctx);

+        }

+#endif

+

+/* Random bytes are good */

+static int ibmca_rand_bytes(unsigned char *buf, int num)

+        {

+        int to_return = 0; /* assume failure */

+        unsigned int ret;

+

+

+        if(handle == 0)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);

+                goto err;

+                }

+

+        ret = p_icaRandomNumberGenerate(handle, num, buf);

+        if (ret < 0)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);

+                goto err;

+                }

+        to_return = 1;

+ err:

+        return to_return;

+        }

+

+static int ibmca_rand_status(void)

+        {

+        return 1;

+        }

+

+/* This stuff is needed if this ENGINE is being compiled into a self-contained

+ * shared-library. */

+#ifdef ENGINE_DYNAMIC_SUPPORT

+static int bind_fn(ENGINE *e, const char *id)

+	{

+	if(id && (strcmp(id, engine_ibmca_id) != 0))  /* WJH XXX */

+		return 0;

+	if(!bind_helper(e))

+		return 0;

+	return 1;

+	}

+IMPLEMENT_DYNAMIC_CHECK_FN()

+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

+#endif /* ENGINE_DYNAMIC_SUPPORT */

+

+

+#endif /* !OPENSSL_NO_HW_IBMCA */

+#endif /* !OPENSSL_NO_HW */

diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca.ec b/crypto/openssl/demos/engines/ibmca/hw_ibmca.ec
new file mode 100644
index 0000000..f68646d
--- /dev/null
+++ b/crypto/openssl/demos/engines/ibmca/hw_ibmca.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
+#		-nostatic -staticloader -write *.c
+
+L IBMCA		hw_ibmca_err.h			hw_ibmca_err.c
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c b/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c
new file mode 100644
index 0000000..c4053f6
--- /dev/null
+++ b/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c
@@ -0,0 +1,154 @@
+/* hw_ibmca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ibmca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA IBMCA_str_functs[]=
+	{
+{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0),	"IBMCA_CTRL"},
+{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0),	"IBMCA_FINISH"},
+{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0),	"IBMCA_INIT"},
+{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0),	"IBMCA_MOD_EXP"},
+{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0),	"IBMCA_MOD_EXP_CRT"},
+{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0),	"IBMCA_RAND_BYTES"},
+{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0),	"IBMCA_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA IBMCA_str_reasons[]=
+	{
+{IBMCA_R_ALREADY_LOADED                  ,"already loaded"},
+{IBMCA_R_BN_CTX_FULL                     ,"bn ctx full"},
+{IBMCA_R_BN_EXPAND_FAIL                  ,"bn expand fail"},
+{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{IBMCA_R_DSO_FAILURE                     ,"dso failure"},
+{IBMCA_R_MEXP_LENGTH_TO_LARGE            ,"mexp length to large"},
+{IBMCA_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{IBMCA_R_NOT_INITIALISED                 ,"not initialised"},
+{IBMCA_R_NOT_LOADED                      ,"not loaded"},
+{IBMCA_R_OPERANDS_TO_LARGE               ,"operands to large"},
+{IBMCA_R_OUTLEN_TO_LARGE                 ,"outlen to large"},
+{IBMCA_R_REQUEST_FAILED                  ,"request failed"},
+{IBMCA_R_UNDERFLOW_CONDITION             ,"underflow condition"},
+{IBMCA_R_UNDERFLOW_KEYRECORD             ,"underflow keyrecord"},
+{IBMCA_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef IBMCA_LIB_NAME
+static ERR_STRING_DATA IBMCA_lib_name[]=
+        {
+{0	,IBMCA_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int IBMCA_lib_error_code=0;
+static int IBMCA_error_init=1;
+
+static void ERR_load_IBMCA_strings(void)
+	{
+	if (IBMCA_lib_error_code == 0)
+		IBMCA_lib_error_code=ERR_get_next_error_library();
+
+	if (IBMCA_error_init)
+		{
+		IBMCA_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
+		ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
+#endif
+
+#ifdef IBMCA_LIB_NAME
+		IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
+		ERR_load_strings(0,IBMCA_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_IBMCA_strings(void)
+	{
+	if (IBMCA_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
+		ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
+#endif
+
+#ifdef IBMCA_LIB_NAME
+		ERR_unload_strings(0,IBMCA_lib_name);
+#endif
+		IBMCA_error_init=1;
+		}
+	}
+
+static void ERR_IBMCA_error(int function, int reason, char *file, int line)
+	{
+	if (IBMCA_lib_error_code == 0)
+		IBMCA_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h b/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
new file mode 100644
index 0000000..da64bde
--- /dev/null
+++ b/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
@@ -0,0 +1,98 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_IBMCA_ERR_H
+#define HEADER_IBMCA_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_IBMCA_strings(void);
+static void ERR_unload_IBMCA_strings(void);
+static void ERR_IBMCA_error(int function, int reason, char *file, int line);
+#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the IBMCA functions. */
+
+/* Function codes. */
+#define IBMCA_F_IBMCA_CTRL				 100
+#define IBMCA_F_IBMCA_FINISH				 101
+#define IBMCA_F_IBMCA_INIT				 102
+#define IBMCA_F_IBMCA_MOD_EXP				 103
+#define IBMCA_F_IBMCA_MOD_EXP_CRT			 104
+#define IBMCA_F_IBMCA_RAND_BYTES			 105
+#define IBMCA_F_IBMCA_RSA_MOD_EXP			 106
+
+/* Reason codes. */
+#define IBMCA_R_ALREADY_LOADED				 100
+#define IBMCA_R_BN_CTX_FULL				 101
+#define IBMCA_R_BN_EXPAND_FAIL				 102
+#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define IBMCA_R_DSO_FAILURE				 104
+#define IBMCA_R_MEXP_LENGTH_TO_LARGE			 105
+#define IBMCA_R_MISSING_KEY_COMPONENTS			 106
+#define IBMCA_R_NOT_INITIALISED				 107
+#define IBMCA_R_NOT_LOADED				 108
+#define IBMCA_R_OPERANDS_TO_LARGE			 109
+#define IBMCA_R_OUTLEN_TO_LARGE				 110
+#define IBMCA_R_REQUEST_FAILED				 111
+#define IBMCA_R_UNDERFLOW_CONDITION			 112
+#define IBMCA_R_UNDERFLOW_KEYRECORD			 113
+#define IBMCA_R_UNIT_FAILURE				 114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h b/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h
new file mode 100644
index 0000000..c77e0fd
--- /dev/null
+++ b/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h
@@ -0,0 +1,189 @@
+
+#ifndef __ICA_OPENSSL_API_H__
+#define __ICA_OPENSSL_API_H__
+
+/**
+ ** abstract data types for API
+ **/
+
+#define ICA_ADAPTER_HANDLE int
+
+#if defined(linux) || defined (_AIX)
+#define ICA_CALL 
+#endif
+
+#if defined(WIN32) || defined(_WIN32)
+#define ICA_CALL  __stdcall
+#endif
+
+/*------------------------------------------------*
+ | RSA defines and typedefs                       |
+ *------------------------------------------------*/
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Modulus-Exponent form of key
+ *
+ */
+ #define MAX_EXP_SIZE 256
+ #define MAX_MODULUS_SIZE 256
+ #define MAX_MODEXP_SIZE  (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
+
+ #define MAX_OPERAND_SIZE  MAX_EXP_SIZE
+
+ typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Chinese Remainder Thereom(CRT) form of key
+ * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
+ *
+ */
+ #define MAX_BP_SIZE 136
+ #define MAX_BQ_SIZE 128
+ #define MAX_NP_SIZE 136
+ #define MAX_NQ_SIZE 128
+ #define MAX_QINV_SIZE 136
+ #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
+
+#define RSA_GEN_OPERAND_MAX   256 /* bytes */
+
+typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
+/*------------------------------------------------*
+ | RSA key token types                            |
+ *------------------------------------------------*/
+
+#define  RSA_PUBLIC_MODULUS_EXPONENT        3
+#define  RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
+
+#define KEYTYPE_MODEXPO         1
+#define KEYTYPE_PKCSCRT         2
+
+
+/*------------------------------------------------*
+ | RSA Key Token format                           |
+ *------------------------------------------------*/
+
+/*
+ * NOTE:  All the fields in the ICA_KEY_RSA_MODEXPO structure
+ *        (lengths, offsets, exponents, modulus, etc.) are
+ *        stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_MODEXPO
+{   unsigned int  keyType;             /* RSA key type.               */
+    unsigned int  keyLength;           /* Total length of the token.  */
+    unsigned int  modulusBitLength;    /* Modulus n bit length.       */
+                                       /* -- Start of the data length.*/
+    unsigned int  nLength;             /* Modulus n = p * q           */
+    unsigned int  expLength;           /* exponent (public or private)*/
+                                       /*   e = 1/d * mod(p-1)(q-1)   */
+                                       /* -- Start of the data offsets*/
+    unsigned int  nOffset;             /* Modulus n .                 */
+    unsigned int  expOffset;           /* exponent (public or private)*/
+    unsigned char reserved[112];       /* reserved area               */
+                                       /* -- Start of the variable -- */
+                                       /* -- length token data.    -- */
+    ICA_KEY_RSA_MODEXPO_REC keyRecord;
+} ICA_KEY_RSA_MODEXPO;
+#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
+
+/*
+ * NOTE:  All the fields in the ICA_KEY_RSA_CRT structure
+ *        (lengths, offsets, exponents, modulus, etc.) are
+ *        stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_CRT
+{   unsigned int  keyType;             /* RSA key type.               */
+    unsigned int  keyLength;           /* Total length of the token.  */
+    unsigned int  modulusBitLength;    /* Modulus n bit length.       */
+                                       /* -- Start of the data length.*/
+#if _AIX
+    unsigned int  nLength;             /* Modulus n = p * q           */
+#endif
+    unsigned int  pLength;             /* Prime number p .            */
+    unsigned int  qLength;             /* Prime number q .            */
+    unsigned int  dpLength;            /* dp = d * mod(p-1) .         */
+    unsigned int  dqLength;            /* dq = d * mod(q-1) .         */
+    unsigned int  qInvLength;          /* PKCS: qInv = Ap/q           */
+                                       /* -- Start of the data offsets*/
+#if _AIX
+    unsigned int  nOffset;             /* Modulus n .                 */
+#endif
+    unsigned int  pOffset;             /* Prime number p .            */
+    unsigned int  qOffset;             /* Prime number q .            */
+    unsigned int  dpOffset;            /* dp .                        */
+    unsigned int  dqOffset;            /* dq .                        */
+    unsigned int  qInvOffset;          /* qInv for PKCS               */
+#if _AIX
+    unsigned char reserved[80];        /* reserved area               */
+#else
+    unsigned char reserved[88];        /* reserved area               */
+#endif
+                                       /* -- Start of the variable -- */
+                                       /* -- length token data.    -- */
+    ICA_KEY_RSA_CRT_REC keyRecord;
+} ICA_KEY_RSA_CRT;
+#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
+
+unsigned int
+icaOpenAdapter( unsigned int        adapterId,
+	        ICA_ADAPTER_HANDLE *pAdapterHandle );
+
+unsigned int
+icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
+
+unsigned int
+icaRsaModExpo( ICA_ADAPTER_HANDLE    hAdapterHandle,
+	       unsigned int          inputDataLength,
+	       unsigned char        *pInputData,
+	       ICA_KEY_RSA_MODEXPO  *pKeyModExpo,
+	       unsigned int         *pOutputDataLength,
+	       unsigned char        *pOutputData );
+
+unsigned int
+icaRsaCrt( ICA_ADAPTER_HANDLE     hAdapterHandle,
+	   unsigned int           inputDataLength,
+	   unsigned char         *pInputData,
+	   ICA_KEY_RSA_CRT       *pKeyCrt,
+	   unsigned int          *pOutputDataLength,
+	   unsigned char         *pOutputData );
+
+unsigned int
+icaRandomNumberGenerate( ICA_ADAPTER_HANDLE  hAdapterHandle,
+			 unsigned int        outputDataLength,
+			 unsigned char      *pOutputData );
+
+/* Specific macros and definitions to not have IFDEF;s all over the
+   main code */
+
+#if (_AIX)
+static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
+#elif (WIN32)
+static const char *IBMCA_LIBNAME = "cryptica";
+#else
+static const char *IBMCA_LIBNAME = "ica";
+#endif
+
+#if (WIN32)
+/*
+ The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
+ offsets must be in big-endian format.
+
+*/
+#define CORRECT_ENDIANNESS(b) (  \
+                             (((unsigned long) (b) & 0x000000ff) << 24) |  \
+                             (((unsigned long) (b) & 0x0000ff00) <<  8) |  \
+                             (((unsigned long) (b) & 0x00ff0000) >>  8) |  \
+                             (((unsigned long) (b) & 0xff000000) >> 24)    \
+                             )
+#define CRT_KEY_TYPE   RSA_PKCS_PRIVATE_CHINESE_REMAINDER
+#define ME_KEY_TYPE    RSA_PUBLIC_MODULUS_EXPONENT
+#else
+#define CORRECT_ENDIANNESS(b) (b)
+#define CRT_KEY_TYPE       KEYTYPE_PKCSCRT
+#define ME_KEY_TYPE        KEYTYPE_MODEXPO
+#endif
+
+
+
+#endif   /* __ICA_OPENSSL_API_H__ */
diff --git a/crypto/openssl/demos/engines/rsaref/Makefile b/crypto/openssl/demos/engines/rsaref/Makefile
new file mode 100644
index 0000000..63b8c79
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/Makefile
@@ -0,0 +1,135 @@
+LIBNAME=	librsaref
+SRC=		rsaref.c
+OBJ=		rsaref.o
+HEADER=		rsaref.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.install:
+install:	FORCE.install
+		cd install; \
+			make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf rsaref.ec \
+			-nostatic -staticloader -write rsaref.c
+
+darwin:		install $(SHLIB).darwin
+cygwin:		install $(SHLIB).cygwin
+gnu:		install $(SHLIB).gnu
+alpha-osf1:	install $(SHLIB).alpha-osf1
+tru64:		install $(SHLIB).tru64
+solaris:	install $(SHLIB).solaris
+irix:		install $(SHLIB).irix
+hpux32:		install $(SHLIB).hpux32
+hpux64:		install $(SHLIB).hpux64
+aix:		install $(SHLIB).aix
+reliantunix:	install $(SHLIB).reliantunix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).darwin:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-all_load' \
+		SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).darwin
+$(SHLIB).cygwin:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).cygwin
+$(SHLIB).gnu:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/rsaref/README b/crypto/openssl/demos/engines/rsaref/README
new file mode 100644
index 0000000..00b1f74
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/README
@@ -0,0 +1,22 @@
+librsaref.so is a demonstration dynamic engine that does RSA
+operations using the old RSAref 2.0 implementation.
+
+To make proper use of this engine, you must download RSAref 2.0
+(search the web for rsaref.tar.Z for example) and unpack it in this
+directory, so you'll end up having the subdirectories "install" and
+"source" among others.
+
+To build, do the following:
+
+	make
+
+This will list a number of available targets to choose from.  Most of
+them are architecture-specific.  The exception is "gnu" which is to be
+used on systems where GNU ld and gcc have been installed in such a way
+that gcc uses GNU ld to link together programs and shared libraries.
+
+The make file assumes you use gcc.  To change that, just reassign CC:
+
+	make CC=cc
+
+The result is librsaref.so, which you can copy to any place you wish.
diff --git a/crypto/openssl/demos/engines/rsaref/build.com b/crypto/openssl/demos/engines/rsaref/build.com
new file mode 100644
index 0000000..b956912
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/build.com
@@ -0,0 +1,85 @@
+$! BUILD.COM -- Building procedure for the RSAref engine
+$
+$	if f$search("source.dir") .eqs. "" -
+	   .or. f$search("install.dir") .eqs. ""
+$	then
+$	    write sys$error "RSAref 2.0 hasn't been properly extracted."
+$	    exit
+$	endif
+$
+$	_save_default = f$environment("default")
+$	set default [.install]
+$	files := desc,digit,md2c,md5c,nn,prime,-
+		rsa,r_encode,r_dh,r_enhanc,r_keygen,r_random,-
+		r_stdlib
+$	delete rsaref.olb;*
+$	library/create/object rsaref.olb
+$	files_i = 0
+$ rsaref_loop:
+$	files_e = f$edit(f$element(files_i,",",files),"trim")
+$	files_i = files_i + 1
+$	if files_e .eqs. "," then goto rsaref_loop_end
+$	cc/include=([-.source],[])/define=PROTOTYPES=1/object=[]'files_e'.obj -
+		[-.source]'files_e'.c
+$	library/replace/object rsaref.olb 'files_e'.obj
+$	goto rsaref_loop
+$ rsaref_loop_end:
+$
+$	set default [-]
+$	define/user openssl [---.include.openssl]
+$	cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
+$
+$	if f$getsyi("CPU") .ge. 128
+$	then
+$	    link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.axp.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$	else
+$	    macro/object=rsaref_vec.obj sys$input:
+;
+; Transfer vector for VAX shareable image
+;
+	.TITLE librsaref
+;
+; Define macro to assist in building transfer vector entries.  Each entry
+; should take no more than 8 bytes.
+;
+	.MACRO FTRANSFER_ENTRY routine
+	.ALIGN QUAD
+	.TRANSFER routine
+	.MASK	routine
+	JMP	routine+2
+	.ENDM FTRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+	.PSECT $$LIBRSAREF,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
+
+LIBRSAREF_xfer:
+	FTRANSFER_ENTRY bind_engine
+	FTRANSFER_ENTRY v_check
+
+;
+; Allocate extra storage at end of vector to allow for expansion.
+;
+	.BLKB 512-<.-LIBRSAREF_xfer>	; 1 page.
+	.END
+$	    link/share=librsaref.exe sys$input:/option
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+COLLECT=FIRST,$$LIBRSAREF
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
+[]rsaref_vec.obj
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.vax.exe.crypto]libcrypto.olb/lib
+$	endif
+$
+$	set default '_save_default'
diff --git a/crypto/openssl/demos/engines/rsaref/rsaref.c b/crypto/openssl/demos/engines/rsaref/rsaref.c
new file mode 100644
index 0000000..872811b
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/rsaref.c
@@ -0,0 +1,685 @@
+/* Demo of how to construct your own engine and using it.  The basis of this
+   engine is RSAref, an old reference of the RSA algorithm which can still
+   be found a little here and there. */
+
+#include <stdio.h>
+#include <string.h>
+#include "./source/global.h"
+#include "./source/rsaref.h"
+#include "./source/rsa.h"
+#include "./source/des.h"
+#include <openssl/err.h>
+#define OPENSSL_NO_MD2
+#define OPENSSL_NO_MD5
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+#define RSAREF_LIB_NAME "rsaref engine"
+#include "rsaref_err.c"
+
+/*****************************************************************************
+ *** Function declarations and global variable definitions                 ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Constants used when creating the ENGINE
+ **/
+static const char *engine_rsaref_id = "rsaref";
+static const char *engine_rsaref_name = "RSAref engine support";
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+static int rsaref_destroy(ENGINE *e);
+static int rsaref_init(ENGINE *e);
+static int rsaref_finish(ENGINE *e);
+#if 0
+static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+#endif
+
+/*****************************************************************************
+ * Engine commands
+ **/
+static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
+	{0, NULL, NULL, 0}
+	};
+
+/*****************************************************************************
+ * RSA functions
+ **/
+static int rsaref_private_decrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int rsaref_private_encrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_encrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_decrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
+			  BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+
+/*****************************************************************************
+ * Our RSA method
+ **/
+static RSA_METHOD rsaref_rsa =
+{
+  "RSAref PKCS#1 RSA",
+  rsaref_public_encrypt,
+  rsaref_public_decrypt,
+  rsaref_private_encrypt,
+  rsaref_private_decrypt,
+  rsaref_mod_exp,
+  bnref_mod_exp,
+  NULL,
+  NULL,
+  0,
+  NULL,
+  NULL,
+  NULL
+};
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+	const int **nids, int nid);
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+	const int **nids, int nid);
+
+static int rsaref_cipher_nids[] =
+	{ NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
+static int rsaref_digest_nids[] =
+	{ NID_md2, NID_md5, 0 };
+
+/*****************************************************************************
+ * DES functions
+ **/
+static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
+static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
+static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
+static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
+static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
+static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
+
+/*****************************************************************************
+ * Our DES ciphers
+ **/
+static const EVP_CIPHER cipher_des_cbc =
+	{
+	NID_des_cbc,
+	8, 8, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	cipher_des_cbc_init,
+	cipher_des_cbc_code,
+	cipher_des_cbc_clean,
+	sizeof(DES_CBC_CTX),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+	};
+
+static const EVP_CIPHER cipher_des_ede3_cbc =
+	{
+	NID_des_ede3_cbc,
+	8, 24, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	cipher_des_ede3_cbc_init,
+	cipher_des_ede3_cbc_code,
+	cipher_des_ede3_cbc_clean,
+	sizeof(DES3_CBC_CTX),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+	};
+
+static const EVP_CIPHER cipher_desx_cbc =
+	{
+	NID_desx_cbc,
+	8, 24, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	cipher_desx_cbc_init,
+	cipher_desx_cbc_code,
+	cipher_desx_cbc_clean,
+	sizeof(DESX_CBC_CTX),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+	};
+
+/*****************************************************************************
+ * MD functions
+ **/
+static int digest_md2_init(EVP_MD_CTX *ctx);
+static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count);
+static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count);
+static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);
+
+/*****************************************************************************
+ * Our MD digests
+ **/
+static const EVP_MD digest_md2 =
+	{
+	NID_md2,
+	NID_md2WithRSAEncryption,
+	16,
+	0,
+	digest_md2_init,
+	digest_md2_update,
+	digest_md2_final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	16,
+	sizeof(MD2_CTX)
+	};
+
+static const EVP_MD digest_md5 =
+	{
+	NID_md5,
+	NID_md5WithRSAEncryption,
+	16,
+	0,
+	digest_md5_init,
+	digest_md5_update,
+	digest_md5_final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	64,
+	sizeof(MD5_CTX)
+	};
+
+/*****************************************************************************
+ *** Function definitions                                                  ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+
+static int bind_rsaref(ENGINE *e)
+	{
+	const RSA_METHOD *meth1;
+	if(!ENGINE_set_id(e, engine_rsaref_id)
+		|| !ENGINE_set_name(e, engine_rsaref_name)
+		|| !ENGINE_set_RSA(e, &rsaref_rsa)
+		|| !ENGINE_set_ciphers(e, rsaref_ciphers)
+		|| !ENGINE_set_digests(e, rsaref_digests)
+		|| !ENGINE_set_destroy_function(e, rsaref_destroy)
+		|| !ENGINE_set_init_function(e, rsaref_init)
+		|| !ENGINE_set_finish_function(e, rsaref_finish)
+		/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
+		/* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
+		return 0;
+
+	/* Ensure the rsaref error handling is set up */
+	ERR_load_RSAREF_strings();
+	return 1;
+	}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_rsaref_id) != 0))
+		return 0;
+	if(!bind_rsaref(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_rsaref(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_rsaref(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_rsaref(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_rsaref();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* Initiator which is only present to make sure this engine looks available */
+static int rsaref_init(ENGINE *e)
+	{
+	return 1;
+	}
+
+/* Finisher which is only present to make sure this engine looks available */
+static int rsaref_finish(ENGINE *e)
+	{
+	return 1;
+	}
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int rsaref_destroy(ENGINE *e)
+	{
+	ERR_unload_RSAREF_strings();
+	return 1;
+	}
+
+/*****************************************************************************
+ * RSA functions
+ **/
+
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+/* unsigned char *to:  [max]    */
+static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
+	{
+	int i;
+
+	i=BN_num_bytes(from);
+	if (i > max)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
+		return(0);
+		}
+
+	memset(to,0,(unsigned int)max);
+	if (!BN_bn2bin(from,&(to[max-i])))
+		return(0);
+	return(1);
+	}
+
+#ifdef undef
+/* unsigned char *from:  [max]    */
+static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
+	{
+	int i;
+	BIGNUM *ret;
+
+	for (i=0; i<max; i++)
+		if (from[i]) break;
+
+	ret=BN_bin2bn(&(from[i]),max-i,to);
+	return(ret);
+	}
+
+static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)
+	{
+	to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
+	to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
+	if ((to->n == NULL) || (to->e == NULL)) return(0);
+	return(1);
+	}
+#endif
+
+static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)
+	{
+	to->bits=BN_num_bits(from->n);
+	if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
+	return(1);
+	}
+
+#ifdef undef
+static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
+	{
+	if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
+		== NULL)
+		return(0);
+	if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
+		== NULL)
+		return(0);
+	if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	return(1);
+	}
+#endif
+
+static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)
+	{
+	to->bits=BN_num_bits(from->n);
+	if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);
+	return(1);
+	}
+
+static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	R_RSA_PRIVATE_KEY RSAkey;
+
+	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	R_RSA_PRIVATE_KEY RSAkey;
+
+	if (padding != RSA_PKCS1_PADDING)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+	}
+	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPrivateEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	R_RSA_PUBLIC_KEY RSAkey;
+
+	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPublicDecrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int outlen= -1;
+	int i;
+	R_RSA_PUBLIC_KEY RSAkey;
+	R_RANDOM_STRUCT rnd;
+	unsigned char buf[16];
+
+	if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) 
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	
+	R_RandomInit(&rnd);
+	R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
+	while (i > 0)
+		{
+		if (RAND_bytes(buf,16) <= 0)
+			goto err;
+		R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
+		i-=16;
+		}
+
+	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPublicEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
+		outlen= -1;
+		goto err;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	R_RandomFinal(&rnd);
+	memset(&rnd,0,sizeof(rnd));
+	return(outlen);
+	}
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+	const int **nids, int nid)
+	{
+	int ok = 1;
+	if(!cipher)
+		{
+		/* We are returning a list of supported nids */
+		*nids = rsaref_cipher_nids;
+		return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);
+		}
+	/* We are being asked for a specific cipher */
+	switch (nid)
+		{
+	case NID_des_cbc:
+		*cipher = &cipher_des_cbc; break;
+	case NID_des_ede3_cbc:
+		*cipher = &cipher_des_ede3_cbc; break;
+	case NID_desx_cbc:
+		*cipher = &cipher_desx_cbc; break;
+	default:
+		ok = 0;
+		*cipher = NULL;
+		break;
+		}
+	return ok;
+	}
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+	const int **nids, int nid)
+	{
+	int ok = 1;
+	if(!digest)
+		{
+		/* We are returning a list of supported nids */
+		*nids = rsaref_digest_nids;
+		return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);
+		}
+	/* We are being asked for a specific digest */
+	switch (nid)
+		{
+	case NID_md2:
+		*digest = &digest_md2; break;
+	case NID_md5:
+		*digest = &digest_md5; break;
+	default:
+		ok = 0;
+		*digest = NULL;
+		break;
+		}
+	return ok;
+	}
+
+/*****************************************************************************
+ * DES functions
+ **/
+#undef data
+#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+	{
+	DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
+	return 1;
+	}
+static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl)
+	{
+	int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+	switch (ret)
+		{
+	case RE_LEN:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+		break;
+	case 0:
+		break;
+	default:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+		}
+	return !ret;
+	}
+static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
+	{
+	memset(data(ctx), 0, ctx->cipher->ctx_size);
+	return 1;
+	}
+
+#undef data
+#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+	{
+	DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
+		enc);
+	return 1;
+	}
+static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl)
+	{
+	int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+	switch (ret)
+		{
+	case RE_LEN:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+		break;
+	case 0:
+		break;
+	default:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+		}
+	return !ret;
+	}
+static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
+	{
+	memset(data(ctx), 0, ctx->cipher->ctx_size);
+	return 1;
+	}
+
+#undef data
+#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+	{
+	DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
+		enc);
+	return 1;
+	}
+static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl)
+	{
+	int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+	switch (ret)
+		{
+	case RE_LEN:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+		break;
+	case 0:
+		break;
+	default:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+		}
+	return !ret;
+	}
+static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
+	{
+	memset(data(ctx), 0, ctx->cipher->ctx_size);
+	return 1;
+	}
+
+/*****************************************************************************
+ * MD functions
+ **/
+#undef data
+#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
+static int digest_md2_init(EVP_MD_CTX *ctx)
+	{
+	MD2Init(data(ctx));
+	return 1;
+	}
+static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count)
+	{
+	MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+	return 1;
+	}
+static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{
+	MD2Final(md, data(ctx));
+	return 1;
+	}
+
+#undef data
+#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
+static int digest_md5_init(EVP_MD_CTX *ctx)
+	{
+	MD5Init(data(ctx));
+	return 1;
+	}
+static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count)
+	{
+	MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+	return 1;
+	}
+static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{
+	MD5Final(md, data(ctx));
+	return 1;
+	}
diff --git a/crypto/openssl/demos/engines/rsaref/rsaref.ec b/crypto/openssl/demos/engines/rsaref/rsaref.ec
new file mode 100644
index 0000000..c690ae3
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/rsaref.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf rsaref.ec \
+#		-nostatic -staticloader -write *.c
+
+L RSAREF	rsaref_err.h			rsaref_err.c
diff --git a/crypto/openssl/demos/engines/rsaref/rsaref_err.c b/crypto/openssl/demos/engines/rsaref/rsaref_err.c
new file mode 100644
index 0000000..ceaf057
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/rsaref_err.c
@@ -0,0 +1,161 @@
+/* rsaref_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "rsaref_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RSAREF_str_functs[]=
+	{
+{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0),	"BNREF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0),	"CIPHER_DES_CBC_CODE"},
+{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0),	"RSAREF_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0),	"RSAREF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0),	"RSAREF_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0),	"RSAREF_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0),	"RSAREF_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0),	"RSAREF_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0),	"RSA_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0),	"RSA_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0),	"RSA_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0),	"RSA_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0),	"RSA_PUBLIC_ENCRYPT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA RSAREF_str_reasons[]=
+	{
+{RSAREF_R_CONTENT_ENCODING               ,"content encoding"},
+{RSAREF_R_DATA                           ,"data"},
+{RSAREF_R_DIGEST_ALGORITHM               ,"digest algorithm"},
+{RSAREF_R_ENCODING                       ,"encoding"},
+{RSAREF_R_ENCRYPTION_ALGORITHM           ,"encryption algorithm"},
+{RSAREF_R_KEY                            ,"key"},
+{RSAREF_R_KEY_ENCODING                   ,"key encoding"},
+{RSAREF_R_LEN                            ,"len"},
+{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED       ,"length not block aligned"},
+{RSAREF_R_MODULUS_LEN                    ,"modulus len"},
+{RSAREF_R_NEED_RANDOM                    ,"need random"},
+{RSAREF_R_PRIVATE_KEY                    ,"private key"},
+{RSAREF_R_PUBLIC_KEY                     ,"public key"},
+{RSAREF_R_SIGNATURE                      ,"signature"},
+{RSAREF_R_SIGNATURE_ENCODING             ,"signature encoding"},
+{RSAREF_R_UNKNOWN_FAULT                  ,"unknown fault"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef RSAREF_LIB_NAME
+static ERR_STRING_DATA RSAREF_lib_name[]=
+        {
+{0	,RSAREF_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int RSAREF_lib_error_code=0;
+static int RSAREF_error_init=1;
+
+static void ERR_load_RSAREF_strings(void)
+	{
+	if (RSAREF_lib_error_code == 0)
+		RSAREF_lib_error_code=ERR_get_next_error_library();
+
+	if (RSAREF_error_init)
+		{
+		RSAREF_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);
+		ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+		RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);
+		ERR_load_strings(0,RSAREF_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_RSAREF_strings(void)
+	{
+	if (RSAREF_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);
+		ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+		ERR_unload_strings(0,RSAREF_lib_name);
+#endif
+		RSAREF_error_init=1;
+		}
+	}
+
+static void ERR_RSAREF_error(int function, int reason, char *file, int line)
+	{
+	if (RSAREF_lib_error_code == 0)
+		RSAREF_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/demos/engines/rsaref/rsaref_err.h b/crypto/openssl/demos/engines/rsaref/rsaref_err.h
new file mode 100644
index 0000000..1975970
--- /dev/null
+++ b/crypto/openssl/demos/engines/rsaref/rsaref_err.h
@@ -0,0 +1,109 @@
+/* rsaref_err.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RSAREF_ERR_H
+#define HEADER_RSAREF_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_RSAREF_strings(void);
+static void ERR_unload_RSAREF_strings(void);
+static void ERR_RSAREF_error(int function, int reason, char *file, int line);
+#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the RSAREF functions. */
+
+/* Function codes. */
+#define RSAREF_F_BNREF_MOD_EXP				 100
+#define RSAREF_F_CIPHER_DES_CBC_CODE			 112
+#define RSAREF_F_RSAREF_BN2BIN				 101
+#define RSAREF_F_RSAREF_MOD_EXP				 102
+#define RSAREF_F_RSAREF_PRIVATE_DECRYPT			 103
+#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT			 104
+#define RSAREF_F_RSAREF_PUBLIC_DECRYPT			 105
+#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT			 106
+#define RSAREF_F_RSA_BN2BIN				 107
+#define RSAREF_F_RSA_PRIVATE_DECRYPT			 108
+#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 109
+#define RSAREF_F_RSA_PUBLIC_DECRYPT			 110
+#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 111
+
+/* Reason codes. */
+#define RSAREF_R_CONTENT_ENCODING			 100
+#define RSAREF_R_DATA					 101
+#define RSAREF_R_DIGEST_ALGORITHM			 102
+#define RSAREF_R_ENCODING				 103
+#define RSAREF_R_ENCRYPTION_ALGORITHM			 104
+#define RSAREF_R_KEY					 105
+#define RSAREF_R_KEY_ENCODING				 106
+#define RSAREF_R_LEN					 107
+#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED		 114
+#define RSAREF_R_MODULUS_LEN				 108
+#define RSAREF_R_NEED_RANDOM				 109
+#define RSAREF_R_PRIVATE_KEY				 110
+#define RSAREF_R_PUBLIC_KEY				 111
+#define RSAREF_R_SIGNATURE				 112
+#define RSAREF_R_SIGNATURE_ENCODING			 113
+#define RSAREF_R_UNKNOWN_FAULT				 115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/demos/engines/zencod/Makefile b/crypto/openssl/demos/engines/zencod/Makefile
new file mode 100644
index 0000000..5b6a339
--- /dev/null
+++ b/crypto/openssl/demos/engines/zencod/Makefile
@@ -0,0 +1,114 @@
+LIBNAME=	libzencod
+SRC=		hw_zencod.c
+OBJ=		hw_zencod.o
+HEADER=		hw_zencod.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf hw_zencod.ec \
+			-nostatic -staticloader -write hw_zencod.c
+
+gnu:		$(SHLIB).gnu
+tru64:		$(SHLIB).tru64
+solaris:	$(SHLIB).solaris
+irix:		$(SHLIB).irix
+hpux32:		$(SHLIB).hpux32
+hpux64:		$(SHLIB).hpux64
+aix:		$(SHLIB).aix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:	$(LIB)
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB)
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB)
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB)
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB)
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.c b/crypto/openssl/demos/engines/zencod/hw_zencod.c
new file mode 100644
index 0000000..29206b4
--- /dev/null
+++ b/crypto/openssl/demos/engines/zencod/hw_zencod.c
@@ -0,0 +1,1739 @@
+/* crypto/engine/hw_zencod.c */
+ /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod"
+ * engine integration in order to redirect crypto computing on a crypto
+ * hardware accelerator zenssl32  ;-)
+ *
+ * Date : 25 jun 2002
+ * Revision : 17 Ju7 2002
+ * Version : zencod_engine-0.9.7
+ */
+
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* ENGINE general include */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_ZENCOD
+
+#ifdef FLAT_INC
+#  include "hw_zencod.h"
+#else
+#  include "vendor_defns/hw_zencod.h"
+#endif
+
+#define ZENCOD_LIB_NAME "zencod engine"
+#include "hw_zencod_err.c"
+
+#define FAIL_TO_SOFTWARE		-15
+
+#define	ZEN_LIBRARY	"zenbridge"
+
+#if 0
+#  define PERROR(s)	perror(s)
+#  define CHEESE()	fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
+#else
+#  define PERROR(s)
+#  define CHEESE()
+#endif
+
+
+/* Sorry ;) */
+#ifndef WIN32
+static inline void esrever ( unsigned char *d, int l )
+{
+	for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
+}
+
+static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
+{
+	for(d+=l;l--;)*--d=*s++;
+}
+#else
+static __inline void esrever ( unsigned char *d, int l )
+{
+	for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
+}
+
+static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
+{
+	for(d+=l;l--;)*--d=*s++;
+}
+#endif
+
+
+#define BIGNUM2ZEN(n, bn)	(ptr_zencod_init_number((n), \
+					(unsigned long) ((bn)->top * BN_BITS2), \
+					(unsigned char *) ((bn)->d)))
+
+#define ZEN_BITS(n, bytes)	(ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
+#define ZEN_BYTES(bits)	(ptr_zencod_bits2bytes((unsigned long) (bits)))
+
+
+/* Function for ENGINE detection and control */
+static int zencod_destroy ( ENGINE *e ) ;
+static int zencod_init ( ENGINE *e ) ;
+static int zencod_finish ( ENGINE *e ) ;
+static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
+
+/* BIGNUM stuff */
+static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
+
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
+static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
+#endif
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx ) ;
+
+static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
+static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		DSA *dsa ) ;
+#endif
+
+/* DH stuff */
+#ifndef OPENSSL_NO_DH
+static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx ) ;
+static int DH_zencod_generate_key ( DH *dh ) ;
+static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
+#endif
+
+/* Rand stuff */
+static void RAND_zencod_seed ( const void *buf, int num ) ;
+static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
+static int RAND_zencod_rand_status ( void ) ;
+
+/* Digest Stuff */
+static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
+
+/* Cipher Stuff */
+static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
+
+
+#define ZENCOD_CMD_SO_PATH			ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
+{
+	{ ZENCOD_CMD_SO_PATH,
+	  "SO_PATH",
+	  "Specifies the path to the 'zenbridge' shared library",
+	  ENGINE_CMD_FLAG_STRING},
+	{ 0, NULL, NULL, 0 }
+} ;
+
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
+static RSA_METHOD zencod_rsa =
+{
+	"ZENCOD RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	RSA_zencod_rsa_mod_exp,
+	RSA_zencod_bn_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+} ;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
+static DSA_METHOD zencod_dsa =
+{
+	"ZENCOD DSA method",
+	DSA_zencod_do_sign,
+	NULL,
+	DSA_zencod_do_verify,
+	NULL,
+	DSA_zencod_bn_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL
+} ;
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
+static DH_METHOD zencod_dh =
+{
+	"ZENCOD DH method",
+	DH_zencod_generate_key,
+	DH_zencod_compute_key,
+	DH_zencod_bn_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL
+} ;
+#endif
+
+/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to  our function */
+static RAND_METHOD zencod_rand =
+{
+	RAND_zencod_seed,
+	RAND_zencod_rand_bytes,
+	NULL,
+	NULL,
+	RAND_zencod_rand_bytes,
+	RAND_zencod_rand_status
+} ;
+
+
+/* Constants used when creating the ENGINE */
+static const char *engine_zencod_id = "zencod";
+static const char *engine_zencod_name = "ZENCOD hardware engine support";
+
+
+/* This internal function is used by ENGINE_zencod () and possibly by the
+ * "dynamic" ENGINE support too   ;-)
+ */
+static int bind_helper ( ENGINE *e )
+{
+
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth_rsa ;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth_dsa ;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth_dh ;
+#endif
+
+	const RAND_METHOD *meth_rand ;
+
+
+	if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
+			!ENGINE_set_name ( e, engine_zencod_name ) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA ( e, &zencod_rsa ) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA ( e, &zencod_dsa ) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH ( e, &zencod_dh ) ||
+#endif
+			!ENGINE_set_RAND ( e, &zencod_rand ) ||
+
+			!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
+			!ENGINE_set_init_function ( e, zencod_init ) ||
+			!ENGINE_set_finish_function ( e, zencod_finish ) ||
+			!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
+			!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
+			!ENGINE_set_digests ( e, engine_digests ) ||
+			!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
+		return 0 ;
+	}
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the Zencod-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway!
+	 */
+	meth_rsa = RSA_PKCS1_SSLeay () ;
+
+	zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
+	zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
+	zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
+	zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
+	/* meth_rsa->rsa_mod_exp */
+	/* meth_rsa->bn_mod_exp */
+	zencod_rsa.init = meth_rsa->init ;
+	zencod_rsa.finish = meth_rsa->finish ;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* We use OpenSSL meth to supply what we don't provide ;-*)
+	 */
+	meth_dsa = DSA_OpenSSL () ;
+
+	/* meth_dsa->dsa_do_sign */
+	zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
+	/* meth_dsa->dsa_do_verify */
+	zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
+	/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
+	zencod_dsa.init = meth_dsa->init ;
+	zencod_dsa.finish = meth_dsa->finish ;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* We use OpenSSL meth to supply what we don't provide ;-*)
+	 */
+	meth_dh = DH_OpenSSL () ;
+
+	/* zencod_dh.generate_key = meth_dh->generate_key ; */
+	/* zencod_dh.compute_key = meth_dh->compute_key ; */
+	/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
+	zencod_dh.init = meth_dh->init ;
+	zencod_dh.finish = meth_dh->finish ;
+
+#endif
+
+	/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
+	 */
+	meth_rand = RAND_SSLeay () ;
+
+	/* meth_rand->seed ; */
+	/* zencod_rand.seed = meth_rand->seed ; */
+	/* meth_rand->bytes ; */
+	/* zencod_rand.bytes = meth_rand->bytes ; */
+	zencod_rand.cleanup = meth_rand->cleanup ;
+	zencod_rand.add = meth_rand->add ;
+	/* meth_rand->pseudorand ; */
+	/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
+	/* zencod_rand.status = meth_rand->status ; */
+	/* meth_rand->status ; */
+
+	/* Ensure the zencod error handling is set up */
+	ERR_load_ZENCOD_strings () ;
+	return 1 ;
+}
+
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!)
+ */
+static ENGINE *ENGINE_zencod ( void )
+{
+
+	ENGINE *eng = ENGINE_new () ;
+
+	if ( !eng ) {
+		return NULL ;
+	}
+	if ( !bind_helper ( eng ) ) {
+		ENGINE_free ( eng ) ;
+		return NULL ;
+	}
+
+	return eng ;
+}
+
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static
+#endif
+void ENGINE_load_zencod ( void )
+{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = ENGINE_zencod ( ) ;
+	if ( !toadd ) return ;
+	ENGINE_add ( toadd ) ;
+	ENGINE_free ( toadd ) ;
+	ERR_clear_error ( ) ;
+}
+
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the ZENBRIDGE library.
+ * NB: This is only set (or unset) during an * init () or finish () call
+ * (reference counts permitting) and they're  * operating with global locks,
+ * so this should be thread-safe * implicitly.
+ */
+static DSO *zencod_dso = NULL ;
+
+static t_zencod_test *ptr_zencod_test = NULL ;
+static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
+static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
+static t_zencod_new_number *ptr_zencod_new_number = NULL ;
+static t_zencod_init_number *ptr_zencod_init_number = NULL ;
+
+static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
+static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
+static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
+static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
+static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
+static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
+static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
+static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
+
+static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
+static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
+static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
+static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
+static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
+static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
+
+static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
+static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to.
+ */
+static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
+
+static const char *ZENCOD_Fct_0 = "test_device" ;
+static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
+static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
+static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
+static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
+
+static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
+static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
+static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
+static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
+static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
+static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
+static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
+static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
+
+static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
+static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
+static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
+static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
+static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
+static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
+
+static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
+static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
+
+/* Destructor (complements the "ENGINE_zencod ()" constructor)
+ */
+static int zencod_destroy (ENGINE *e )
+{
+
+	ERR_unload_ZENCOD_strings () ;
+
+	return 1 ;
+}
+
+
+/* (de)initialisation functions. Control Function
+ */
+static int zencod_init ( ENGINE *e )
+{
+
+	t_zencod_test *ptr_0 ;
+	t_zencod_bytes2bits *ptr_1 ;
+	t_zencod_bits2bytes *ptr_2 ;
+	t_zencod_new_number *ptr_3 ;
+	t_zencod_init_number *ptr_4 ;
+	t_zencod_rsa_mod_exp *ptr_exp_1 ;
+	t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
+	t_zencod_dsa_do_sign *ptr_dsa_1 ;
+	t_zencod_dsa_do_verify *ptr_dsa_2 ;
+	t_zencod_dh_generate_key *ptr_dh_1 ;
+	t_zencod_dh_compute_key *ptr_dh_2 ;
+	t_zencod_rand_bytes *ptr_rand_1 ;
+	t_zencod_math_mod_exp *ptr_math_1 ;
+	t_zencod_md5_init *ptr_md5_1 ;
+	t_zencod_md5_update *ptr_md5_2 ;
+	t_zencod_md5_do_final *ptr_md5_3 ;
+	t_zencod_sha1_init *ptr_sha1_1 ;
+	t_zencod_sha1_update *ptr_sha1_2 ;
+	t_zencod_sha1_do_final *ptr_sha1_3 ;
+	t_zencod_xdes_cipher *ptr_xdes_1 ;
+	t_zencod_rc4_cipher *ptr_rc4_1 ;
+
+	CHEESE () ;
+
+	/*
+	 * We Should add some tests for non NULL parameters or bad value !!
+	 * Stuff to be done ...
+	 */
+
+	if ( zencod_dso != NULL ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
+		goto err ;
+	}
+	/* Trying to load the Library "cryptozen"
+	 */
+	zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
+	if ( zencod_dso == NULL ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
+		goto err ;
+	}
+
+	/* Trying to load Function from the Library
+	 */
+	if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
+			! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
+			! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
+			! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
+			! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
+			! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
+			! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
+			! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
+			! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
+			! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
+			! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
+			! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
+			! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
+			! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
+			! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
+			! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
+			! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
+			! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
+			! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
+			! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
+			! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
+
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
+		goto err ;
+	}
+
+	/* The function from "cryptozen" Library have been correctly loaded so copy them
+	 */
+	ptr_zencod_test = ptr_0 ;
+	ptr_zencod_bytes2bits = ptr_1 ;
+	ptr_zencod_bits2bytes = ptr_2 ;
+	ptr_zencod_new_number = ptr_3 ;
+	ptr_zencod_init_number = ptr_4 ;
+	ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
+	ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
+	ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
+	ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
+	ptr_zencod_dh_generate_key = ptr_dh_1 ;
+	ptr_zencod_dh_compute_key = ptr_dh_2 ;
+	ptr_zencod_rand_bytes = ptr_rand_1 ;
+	ptr_zencod_math_mod_exp = ptr_math_1 ;
+	ptr_zencod_test = ptr_0 ;
+	ptr_zencod_md5_init = ptr_md5_1 ;
+	ptr_zencod_md5_update = ptr_md5_2 ;
+	ptr_zencod_md5_do_final = ptr_md5_3 ;
+	ptr_zencod_sha1_init = ptr_sha1_1 ;
+	ptr_zencod_sha1_update = ptr_sha1_2 ;
+	ptr_zencod_sha1_do_final = ptr_sha1_3 ;
+	ptr_zencod_xdes_cipher = ptr_xdes_1 ;
+	ptr_zencod_rc4_cipher = ptr_rc4_1 ;
+
+	/* We should peform a test to see if there is actually any unit runnig on the system ...
+	 * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
+	 * For now we may just open and close the device !!
+	 */
+
+	if ( ptr_zencod_test () != 0 ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
+		goto err ;
+	}
+
+	return 1 ;
+err :
+	if ( zencod_dso ) {
+		DSO_free ( zencod_dso ) ;
+	}
+	zencod_dso = NULL ;
+	ptr_zencod_bytes2bits = NULL ;
+	ptr_zencod_bits2bytes = NULL ;
+	ptr_zencod_new_number = NULL ;
+	ptr_zencod_init_number = NULL ;
+	ptr_zencod_rsa_mod_exp = NULL ;
+	ptr_zencod_rsa_mod_exp_crt = NULL ;
+	ptr_zencod_dsa_do_sign = NULL ;
+	ptr_zencod_dsa_do_verify = NULL ;
+	ptr_zencod_dh_generate_key = NULL ;
+	ptr_zencod_dh_compute_key = NULL ;
+	ptr_zencod_rand_bytes = NULL ;
+	ptr_zencod_math_mod_exp = NULL ;
+	ptr_zencod_test = NULL ;
+	ptr_zencod_md5_init = NULL ;
+	ptr_zencod_md5_update = NULL ;
+	ptr_zencod_md5_do_final = NULL ;
+	ptr_zencod_sha1_init = NULL ;
+	ptr_zencod_sha1_update = NULL ;
+	ptr_zencod_sha1_do_final = NULL ;
+	ptr_zencod_xdes_cipher = NULL ;
+	ptr_zencod_rc4_cipher = NULL ;
+
+	return 0 ;
+}
+
+
+static int zencod_finish ( ENGINE *e )
+{
+
+	CHEESE () ;
+
+	/*
+	 * We Should add some tests for non NULL parameters or bad value !!
+	 * Stuff to be done ...
+	 */
+	if ( zencod_dso == NULL ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
+		return 0 ;
+	}
+	if ( !DSO_free ( zencod_dso ) ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
+		return 0 ;
+	}
+
+	zencod_dso = NULL ;
+
+	ptr_zencod_bytes2bits = NULL ;
+	ptr_zencod_bits2bytes = NULL ;
+	ptr_zencod_new_number = NULL ;
+	ptr_zencod_init_number = NULL ;
+	ptr_zencod_rsa_mod_exp = NULL ;
+	ptr_zencod_rsa_mod_exp_crt = NULL ;
+	ptr_zencod_dsa_do_sign = NULL ;
+	ptr_zencod_dsa_do_verify = NULL ;
+	ptr_zencod_dh_generate_key = NULL ;
+	ptr_zencod_dh_compute_key = NULL ;
+	ptr_zencod_rand_bytes = NULL ;
+	ptr_zencod_math_mod_exp = NULL ;
+	ptr_zencod_test = NULL ;
+	ptr_zencod_md5_init = NULL ;
+	ptr_zencod_md5_update = NULL ;
+	ptr_zencod_md5_do_final = NULL ;
+	ptr_zencod_sha1_init = NULL ;
+	ptr_zencod_sha1_update = NULL ;
+	ptr_zencod_sha1_do_final = NULL ;
+	ptr_zencod_xdes_cipher = NULL ;
+	ptr_zencod_rc4_cipher = NULL ;
+
+	return 1 ;
+}
+
+
+static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
+{
+
+	int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
+
+	CHEESE () ;
+
+	/*
+	 * We Should add some tests for non NULL parameters or bad value !!
+	 * Stuff to be done ...
+	 */
+	switch ( cmd ) {
+	case ZENCOD_CMD_SO_PATH :
+		if ( p == NULL ) {
+			ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
+			return 0 ;
+		}
+		if ( initialised ) {
+			ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
+			return 0 ;
+		}
+		ZENCOD_LIBNAME = (const char *) p ;
+		return 1 ;
+	default :
+		break ;
+	}
+
+	ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
+
+	return 0 ;
+}
+
+
+/* BIGNUM stuff Functions
+ */
+static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
+{
+	zen_nb_t y, x, e, n;
+	int ret;
+
+	CHEESE () ;
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( !bn_wexpand(r, m->top + 1) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
+		return 0;
+	}
+
+	memset(r->d, 0, BN_num_bytes(m));
+
+	ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
+	BIGNUM2ZEN ( &x, a ) ;
+	BIGNUM2ZEN ( &e, p ) ;
+	BIGNUM2ZEN ( &n, m ) ;
+
+	/* Must invert x and e parameter due to BN mod exp prototype ... */
+	ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
+
+	if ( ret )  {
+		PERROR("zenbridge_math_mod_exp");
+		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+
+	return 1;
+}
+
+
+/* RSA stuff Functions
+ */
+#ifndef OPENSSL_NO_RSA
+static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
+{
+
+	CHEESE () ;
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
+		return 0;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
+		const RSA_METHOD *meth;
+
+		meth = RSA_PKCS1_SSLeay();
+		return meth->rsa_mod_exp(r0, i, rsa);
+	} else {
+		zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
+
+		if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
+			return 0;
+		}
+		r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
+
+		BIGNUM2ZEN ( &x, i ) ;
+		BIGNUM2ZEN ( &y, r0 ) ;
+		BIGNUM2ZEN ( &p, rsa->p ) ;
+		BIGNUM2ZEN ( &q, rsa->q ) ;
+		BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
+		BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
+		BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
+
+		if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
+			PERROR("zenbridge_rsa_mod_exp_crt");
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
+			return 0;
+		}
+
+		return 1;
+	}
+}
+
+
+/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
+ */
+static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
+{
+
+	CHEESE () ;
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
+		const RSA_METHOD *meth;
+
+		meth = RSA_PKCS1_SSLeay();
+		return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+	} else {
+		zen_nb_t y, x, e, n;
+
+		if ( !bn_expand(r, BN_num_bits(m)) ) {
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
+			return 0;
+		}
+		r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+
+		BIGNUM2ZEN ( &x, a ) ;
+		BIGNUM2ZEN ( &y, r ) ;
+		BIGNUM2ZEN ( &e, p ) ;
+		BIGNUM2ZEN ( &n, m ) ;
+
+		if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
+			PERROR("zenbridge_rsa_mod_exp");
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
+			return 0;
+		}
+
+		return 1;
+	}
+}
+#endif /* !OPENSSL_NO_RSA */
+
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff Functions
+ */
+static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
+{
+	zen_nb_t p, q, g, x, y, r, s, data;
+	DSA_SIG *sig;
+	BIGNUM *bn_r = NULL;
+	BIGNUM *bn_s = NULL;
+	char msg[20];
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
+		goto FAILED;
+	}
+
+	if ( dlen > 160 ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
+		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
+		const DSA_METHOD *meth;
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+		meth = DSA_OpenSSL();
+		return meth->dsa_do_sign(dgst, dlen, dsa);
+	}
+
+	if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+		goto FAILED;
+	}
+
+	if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
+		goto FAILED;
+	}
+
+	bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+	BIGNUM2ZEN ( &p, dsa->p ) ;
+	BIGNUM2ZEN ( &q, dsa->q ) ;
+	BIGNUM2ZEN ( &g, dsa->g ) ;
+	BIGNUM2ZEN ( &x, dsa->priv_key ) ;
+	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
+	BIGNUM2ZEN ( &r, bn_r ) ;
+	BIGNUM2ZEN ( &s, bn_s ) ;
+	q.len = x.len = 160;
+
+	ypcmem(msg, dgst, 20);
+	ptr_zencod_init_number ( &data, 160, msg ) ;
+
+	if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
+		PERROR("zenbridge_dsa_do_sign");
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+
+	if ( !( sig = DSA_SIG_new () ) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+	sig->r = bn_r;
+	sig->s = bn_s;
+	return sig;
+
+ FAILED:
+	if (bn_r)
+		BN_free(bn_r);
+	if (bn_s)
+		BN_free(bn_s);
+	return NULL;
+}
+
+
+static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
+{
+	zen_nb_t data, p, q, g, y, r, s, v;
+	char msg[20];
+	char v_data[20];
+	int ret;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( dlen > 160 ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
+		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
+		const DSA_METHOD *meth;
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+		meth = DSA_OpenSSL();
+		return meth->dsa_do_verify(dgst, dlen, sig, dsa);
+	}
+
+	BIGNUM2ZEN ( &p, dsa->p ) ;
+	BIGNUM2ZEN ( &q, dsa->q ) ;
+	BIGNUM2ZEN ( &g, dsa->g ) ;
+	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
+	BIGNUM2ZEN ( &r, sig->r ) ;
+	BIGNUM2ZEN ( &s, sig->s ) ;
+	ptr_zencod_init_number ( &v, 160, v_data ) ;
+	ypcmem(msg, dgst, 20);
+	ptr_zencod_init_number ( &data, 160, msg ) ;
+
+	if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
+		PERROR("zenbridge_dsa_do_verify");
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	return ( ( ret == 0 ) ? 1 : ret ) ;
+}
+
+
+static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+			     BN_CTX *ctx, BN_MONT_CTX *m_ctx )
+{
+	CHEESE () ;
+
+	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
+}
+#endif /* !OPENSSL_NO_DSA */
+
+
+#ifndef OPENSSl_NO_DH
+/* DH stuff Functions
+ */
+static int DH_zencod_generate_key ( DH *dh )
+{
+	BIGNUM *bn_prv = NULL;
+	BIGNUM *bn_pub = NULL;
+	zen_nb_t y, x, g, p;
+	int generate_x;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	/* Private key */
+	if ( dh->priv_key ) {
+		bn_prv = dh->priv_key;
+		generate_x = 0;
+	} else {
+		if (!(bn_prv = BN_new())) {
+			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+			goto FAILED;
+		}
+		generate_x = 1;
+	}
+
+	/* Public key */
+	if ( dh->pub_key )
+		bn_pub = dh->pub_key;
+	else
+		if ( !( bn_pub = BN_new () ) ) {
+			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+			goto FAILED;
+		}
+
+	/* Expand */
+	if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
+	    !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+		goto FAILED;
+	}
+	bn_prv->top = dh->p->top;
+	bn_pub->top = dh->p->top;
+
+	/* Convert all keys */
+	BIGNUM2ZEN ( &p, dh->p ) ;
+	BIGNUM2ZEN ( &g, dh->g ) ;
+	BIGNUM2ZEN ( &y, bn_pub ) ;
+	BIGNUM2ZEN ( &x, bn_prv ) ;
+	x.len = DH_size(dh) * 8;
+
+	/* Adjust the lengths of P and G */
+	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
+	g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
+
+	/* Send the request to the driver */
+	if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
+		perror("zenbridge_dh_generate_key");
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+
+	dh->priv_key = bn_prv;
+	dh->pub_key  = bn_pub;
+
+	return 1;
+
+ FAILED:
+	if (!dh->priv_key && bn_prv)
+		BN_free(bn_prv);
+	if (!dh->pub_key && bn_pub)
+		BN_free(bn_pub);
+
+	return 0;
+}
+
+
+static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
+{
+	zen_nb_t y, x, p, k;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( !dh->priv_key ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
+		return 0;
+	}
+
+	/* Convert all keys */
+	BIGNUM2ZEN ( &y, pub_key ) ;
+	BIGNUM2ZEN ( &x, dh->priv_key ) ;
+	BIGNUM2ZEN ( &p, dh->p ) ;
+	ptr_zencod_init_number ( &k, p.len, key ) ;
+
+	/* Adjust the lengths */
+	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
+	y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
+	x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
+
+	/* Call the hardware */
+	if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	/* The key must be written MSB -> LSB */
+	k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
+	esrever ( key, ZEN_BYTES ( k.len ) ) ;
+
+	return ZEN_BYTES ( k.len ) ;
+}
+
+
+static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx )
+{
+	CHEESE () ;
+
+	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
+}
+#endif	/* !OPENSSL_NO_DH */
+
+
+/* RAND stuff Functions
+ */
+static void RAND_zencod_seed ( const void *buf, int num )
+{
+	/* Nothing to do cause our crypto accelerator provide a true random generator */
+}
+
+
+static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
+{
+	zen_nb_t r;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	ptr_zencod_init_number ( &r, num * 8, buf ) ;
+
+	if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
+		PERROR("zenbridge_rand_bytes");
+		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	return 1;
+}
+
+
+static int RAND_zencod_rand_status ( void )
+{
+	CHEESE () ;
+
+	return 1;
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library.
+ */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn ( ENGINE *e, const char *id )
+{
+
+	if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
+		return 0 ;
+	}
+	if ( !bind_helper ( e ) )  {
+		return 0 ;
+	}
+
+	return 1 ;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN ()
+IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+
+
+
+/*
+ * Adding "Digest" and "Cipher" tools ...
+ * This is in development ... ;-)
+ * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
+ * and evp, sha md5 definitions etc ...
+ */
+/* First add some include ... */
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/rc4.h>
+#include <openssl/des.h>
+
+
+/* Some variables declaration ... */
+/* DONS:
+ * Disable symetric computation except DES and 3DES, but let part of the code
+ */
+/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
+static int engine_digest_nids [ ] = {  } ;
+static int engine_digest_nids_num = 0 ;
+/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
+static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
+static int engine_cipher_nids_num = 2 ;
+
+
+/* Function prototype ... */
+/*  SHA stuff */
+static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
+static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
+static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
+
+/*  MD5 stuff */
+static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
+static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
+static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
+
+static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
+static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
+
+
+/* RC4 Stuff */
+static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
+static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
+
+/* DES Stuff */
+static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
+static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
+
+/*  3DES Stuff */
+static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
+static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
+
+static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ;	/* cleanup ctx */
+
+
+/* The one for SHA ... */
+static const EVP_MD engine_sha1_md =
+{
+	NID_sha1,
+	NID_sha1WithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	EVP_MD_FLAG_ONESHOT,
+	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
+				* XXX: set according to device info ... */
+	engine_sha1_init,
+	engine_sha1_update,
+	engine_sha1_final,
+	engine_md_copy,		/* dev_crypto_sha_copy */
+	engine_md_cleanup,		/* dev_crypto_sha_cleanup */
+	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	/* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
+	sizeof ( ZEN_MD_DATA )
+	/* sizeof ( MD_CTX_DATA )	The message digest data stucture ... */
+} ;
+
+/* The one for MD5 ... */
+static const EVP_MD engine_md5_md =
+{
+	NID_md5,
+	NID_md5WithRSAEncryption,
+	MD5_DIGEST_LENGTH,
+	EVP_MD_FLAG_ONESHOT,
+	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
+				* XXX: set according to device info ... */
+	engine_md5_init,
+	engine_md5_update,
+	engine_md5_final,
+	engine_md_copy,		/* dev_crypto_md5_copy */
+	engine_md_cleanup,		/* dev_crypto_md5_cleanup */
+	EVP_PKEY_RSA_method,
+	MD5_CBLOCK,
+	/* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
+	sizeof ( ZEN_MD_DATA )
+	/* sizeof ( MD_CTX_DATA )	The message digest data stucture ... */
+} ;
+
+
+/* The one for RC4 ... */
+#define EVP_RC4_KEY_SIZE			16
+
+/* Try something static ... */
+typedef struct
+{
+	unsigned int len ;
+	unsigned int first ;
+	unsigned char rc4_state [ 260 ] ;
+} NEW_ZEN_RC4_KEY ;
+
+#define rc4_data(ctx)				( (EVP_RC4_KEY *) ( ctx )->cipher_data )
+
+static const EVP_CIPHER engine_rc4 =
+{
+	NID_rc4,
+	1,
+	16,				/* EVP_RC4_KEY_SIZE should be 128 bits */
+	0,				/* FIXME: key should be up to 256 bytes */
+	EVP_CIPH_VARIABLE_LENGTH,
+	engine_rc4_init_key,
+	engine_rc4_cipher,
+	engine_cipher_cleanup,
+	sizeof ( NEW_ZEN_RC4_KEY ),
+	NULL,
+	NULL,
+	NULL
+} ;
+
+/* The one for RC4_40 ... */
+static const EVP_CIPHER engine_rc4_40 =
+{
+	NID_rc4_40,
+	1,
+	5,				/* 40 bits */
+	0,
+	EVP_CIPH_VARIABLE_LENGTH,
+	engine_rc4_init_key,
+	engine_rc4_cipher,
+	engine_cipher_cleanup,
+	sizeof ( NEW_ZEN_RC4_KEY ),
+	NULL,
+	NULL,
+	NULL
+} ;
+
+/* The one for DES ... */
+
+/* Try something static ... */
+typedef struct
+{
+	unsigned char des_key [ 24 ] ;
+	unsigned char des_iv [ 8 ] ;
+} ZEN_DES_KEY ;
+
+static const EVP_CIPHER engine_des_cbc =
+	{
+	NID_des_cbc,
+	8, 8, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	engine_des_init_key,
+	engine_des_cbc_cipher,
+	engine_cipher_cleanup,
+	sizeof(ZEN_DES_KEY),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL,
+	NULL
+	};
+
+/* The one for 3DES ... */
+
+/* Try something static ... */
+typedef struct
+{
+	unsigned char des3_key [ 24 ] ;
+	unsigned char des3_iv [ 8 ] ;
+} ZEN_3DES_KEY ;
+
+#define des_data(ctx)				 ( (DES_EDE_KEY *) ( ctx )->cipher_data )
+
+static const EVP_CIPHER engine_des_ede3_cbc =
+	{
+	NID_des_ede3_cbc,
+	8, 8, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	engine_des_ede3_init_key,
+	engine_des_ede3_cbc_cipher,
+	engine_cipher_cleanup,
+	sizeof(ZEN_3DES_KEY),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL,
+	NULL
+	};
+
+
+/* General function cloned on hw_openbsd_dev_crypto one ... */
+static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
+{
+
+#ifdef DEBUG_ZENCOD_MD
+	fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
+#endif
+
+	if ( !digest ) {
+		/* We are returning a list of supported nids */
+		*nids = engine_digest_nids ;
+		return engine_digest_nids_num ;
+	}
+	/* We are being asked for a specific digest */
+	if ( nid == NID_md5 ) {
+		*digest = &engine_md5_md ;
+	}
+	else if ( nid == NID_sha1 ) {
+		*digest = &engine_sha1_md ;
+	}
+	else {
+		*digest = NULL ;
+		return 0 ;
+	}
+	return 1 ;
+}
+
+
+/* SHA stuff Functions
+ */
+static int engine_sha1_init ( EVP_MD_CTX *ctx )
+{
+
+	int to_return = 0 ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
+{
+
+	zen_nb_t input ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = count ;
+	input.data = (unsigned char *) data ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
+{
+
+	zen_nb_t output ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	output.len = SHA_DIGEST_LENGTH ;
+	output.data = md ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+
+/* MD5 stuff Functions
+ */
+static int engine_md5_init ( EVP_MD_CTX *ctx )
+{
+
+	int to_return = 0 ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
+{
+
+	zen_nb_t input ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = count ;
+	input.data = (unsigned char *) data ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
+{
+
+	zen_nb_t output ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	output.len = MD5_DIGEST_LENGTH ;
+	output.data = md ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_md_cleanup ( EVP_MD_CTX *ctx )
+{
+
+	ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
+
+	if ( zen_md_data->HashBuffer != NULL ) {
+		OPENSSL_free ( zen_md_data->HashBuffer ) ;
+		zen_md_data->HashBufferSize = 0 ;
+		ctx->md_data = NULL ;
+	}
+
+	return 1 ;
+}
+
+
+static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
+{
+	const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
+	ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
+
+	to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
+	memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
+
+	return 1;
+}
+
+
+/* General function cloned on hw_openbsd_dev_crypto one ... */
+static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
+{
+
+	if ( !cipher ) {
+		/* We are returning a list of supported nids */
+		*nids = engine_cipher_nids ;
+		return engine_cipher_nids_num ;
+	}
+	/* We are being asked for a specific cipher */
+	if ( nid == NID_rc4 ) {
+		*cipher = &engine_rc4 ;
+	}
+	else if ( nid == NID_rc4_40 ) {
+		*cipher = &engine_rc4_40 ;
+	}
+	else if ( nid == NID_des_cbc ) {
+		*cipher = &engine_des_cbc ;
+	}
+	else if ( nid == NID_des_ede3_cbc ) {
+		*cipher = &engine_des_ede3_cbc ;
+	}
+	else {
+		*cipher = NULL ;
+		return 0 ;
+	}
+
+	return 1 ;
+}
+
+
+static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
+{
+	int to_return = 0 ;
+	int i = 0 ;
+	int nb = 0 ;
+	NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
+
+	tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
+	tmp_rc4_key->first = 0 ;
+	tmp_rc4_key->len = ctx->key_len ;
+	tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
+	tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
+	nb = 256 / ctx->key_len ;
+	for ( i = 0; i < nb ; i++ ) {
+		memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
+	}
+
+	to_return = 1 ;
+
+	return to_return ;
+}
+
+
+static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
+{
+
+	zen_nb_t output, input ;
+	zen_nb_t rc4key ;
+	int to_return = 0 ;
+	NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
+
+	/* Convert parameters ... */
+	input.len = in_len ;
+	input.data = (unsigned char *) in ;
+	output.len = in_len ;
+	output.data = (unsigned char *) out ;
+
+	tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
+	rc4key.len = 260 ;
+	rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
+	to_return = !to_return ;
+
+	/* Update encryption state ... */
+	tmp_rc4_key->first = 1 ;
+	tmp_rc4_key = NULL ;
+
+	return to_return ;
+}
+
+
+static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
+{
+
+	ZEN_DES_KEY *tmp_des_key = NULL ;
+	int to_return = 0 ;
+
+	tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
+	memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
+	memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
+	memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
+	memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
+
+	to_return = 1 ;
+
+	return to_return ;
+}
+
+
+static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
+{
+
+	zen_nb_t output, input ;
+	zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = inl ;
+	input.data = (unsigned char *) in ;
+	output.len = inl ;
+	output.data = out ;
+
+	/* Set key parameters ... */
+	deskey_1.len = 8 ;
+	deskey_2.len = 8 ;
+	deskey_3.len = 8 ;
+	deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
+	deskey_2.data =  (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
+	deskey_3.data =  (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
+
+	/* Key correct iv ... */
+	memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
+	iv.len = 8 ;
+	iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
+
+	if ( ctx->encrypt == 0 ) {
+		memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
+	}
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_xdes_cipher ( &output, &input,
+			(zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
+	to_return = !to_return ;
+
+	/* But we need to set up the rigth iv ...
+	 * Test ENCRYPT or DECRYPT mode to set iv ... */
+	if ( ctx->encrypt == 1 ) {
+		memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
+	}
+
+	return to_return ;
+}
+
+
+static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
+{
+
+	ZEN_3DES_KEY *tmp_3des_key = NULL ;
+	int to_return = 0 ;
+
+	tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
+	memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
+	memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
+
+	to_return = 1;
+
+	return to_return ;
+}
+
+
+static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
+	unsigned int in_len )
+{
+
+	zen_nb_t output, input ;
+	zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = in_len ;
+	input.data = (unsigned char *) in ;
+	output.len = in_len ;
+	output.data = out ;
+
+	/* Set key ... */
+	deskey_1.len = 8 ;
+	deskey_2.len = 8 ;
+	deskey_3.len = 8 ;
+	deskey_1.data =  (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
+	deskey_2.data =  (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
+	deskey_3.data =  (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
+
+	/* Key correct iv ... */
+	memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
+	iv.len = 8 ;
+	iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
+
+	if ( ctx->encrypt == 0 ) {
+		memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
+	}
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_xdes_cipher ( &output, &input,
+			(zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
+	to_return = !to_return ;
+
+	if ( ctx->encrypt == 1 ) {
+		memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
+	}
+
+	return to_return ;
+}
+
+
+static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
+{
+
+	/* Set the key pointer ... */
+	if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
+	}
+	else if ( ctx->cipher->nid == NID_des_cbc ) {
+	}
+	else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
+	}
+
+	return 1 ;
+}
+
+
+#endif /* !OPENSSL_NO_HW_ZENCOD */
+#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.ec b/crypto/openssl/demos/engines/zencod/hw_zencod.ec
new file mode 100644
index 0000000..1552c79
--- /dev/null
+++ b/crypto/openssl/demos/engines/zencod/hw_zencod.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf hw_zencod.ec \
+#		-nostatic -staticloader -write *.c
+
+L ZENCOD	hw_zencod_err.h			hw_zencod_err.c
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.h b/crypto/openssl/demos/engines/zencod/hw_zencod.h
new file mode 100644
index 0000000..195345d
--- /dev/null
+++ b/crypto/openssl/demos/engines/zencod/hw_zencod.h
@@ -0,0 +1,160 @@
+/* File : /crypto/engine/vendor_defns/hw_zencod.h */
+/* ====================================================================
+ * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
+ * for "zencod" ENGINE integration in OpenSSL project.
+ */
+
+
+ #ifndef	_HW_ZENCOD_H_
+#define	_HW_ZENCOD_H_
+
+#include <stdio.h>
+
+#ifdef	__cplusplus
+extern "C" {
+#endif	/* __cplusplus */
+
+#define ZENBRIDGE_MAX_KEYSIZE_RSA	2048
+#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT	1024
+#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN	1024
+#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY	1024
+
+/* Library version computation */
+#define	ZENBRIDGE_VERSION_MAJOR(x)	(((x) >> 16) | 0xff)
+#define	ZENBRIDGE_VERSION_MINOR(x)	(((x) >>  8) | 0xff)
+#define	ZENBRIDGE_VERSION_PATCH(x)	(((x) >>  0) | 0xff)
+#define	ZENBRIDGE_VERSION(x, y, z)		((x) << 16 | (y) << 8 | (z))
+
+/*
+ * Memory type
+ */
+typedef struct zencod_number_s {
+	unsigned long len;
+	unsigned char *data;
+} zen_nb_t;
+
+#define KEY	zen_nb_t
+
+
+/*
+ * Misc
+ */
+typedef int t_zencod_lib_version (void);
+typedef int t_zencod_hw_version (void);
+typedef int t_zencod_test (void);
+typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
+
+
+/*
+ * Key managment tools
+ */
+typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
+typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
+typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
+typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
+
+
+/*
+ * RSA API
+ */
+/* Compute modular exponential : y = x**e | n */
+typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
+/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
+typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
+					KEY *edp, KEY *edq, KEY *qinv);
+
+
+/*
+ * DSA API
+ */
+typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
+				    KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
+typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
+				      KEY *p, KEY *q, KEY *g, KEY *y,
+				      KEY *r, KEY *s, KEY *v);
+
+
+/*
+ * DH API
+ */
+ /* Key generation : compute public value y = g**x | n */
+typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
+typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
+
+
+/*
+ * RNG API
+ */
+#define ZENBRIDGE_RNG_DIRECT		0
+#define ZENBRIDGE_RNG_SHA1		1
+typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
+
+
+/*
+ * Math API
+ */
+typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
+
+
+
+
+/*
+ * Symetric API
+ */
+/* Define a data structure for digests operations */
+typedef struct ZEN_data_st
+{
+	unsigned int HashBufferSize ;
+	unsigned char *HashBuffer ;
+} ZEN_MD_DATA ;
+
+/*
+ * Functions for Digest (MD5, SHA1) stuff
+ */
+/* output : output data buffer */
+/* input : input data buffer */
+/* algo : hash algorithm, MD5 or SHA1 */
+/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+ * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
+ */
+/* For now separate this stuff that mad it easier to test */
+typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
+typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
+typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
+
+typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
+typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
+typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
+
+
+/*
+ * Functions for Cipher (RC4, DES, 3DES) stuff
+ */
+/* output : output data buffer */
+/* input : input data buffer */
+/* key : rc4 key data */
+/* index_1 : value of index x from RC4 key structure */
+/* index_2 : value of index y from RC4 key structure */
+/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
+typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
+		unsigned char *index_1, unsigned char *index_2, int mode ) ;
+
+/* output : output data buffer */
+/* input : input data buffer */
+/* key_1 : des first key data */
+/* key_2 : des second key data */
+/* key_3 : des third key data */
+/* iv : initial vector */
+/* mode : xdes mode (encrypt or decrypt) */
+/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
+typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
+		const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
+
+
+#undef KEY
+
+#ifdef	__cplusplus
+}
+#endif	/* __cplusplus */
+
+#endif	/* !_HW_ZENCOD_H_ */
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod_err.c b/crypto/openssl/demos/engines/zencod/hw_zencod_err.c
new file mode 100644
index 0000000..8ed0fff
--- /dev/null
+++ b/crypto/openssl/demos/engines/zencod/hw_zencod_err.c
@@ -0,0 +1,151 @@
+/* hw_zencod_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_zencod_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ZENCOD_str_functs[]=
+	{
+{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0),	"ZENCOD_BN_MOD_EXP"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0),	"ZENCOD_CTRL"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0),	"ZENCOD_DH_COMPUTE"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0),	"ZENCOD_DH_GENERATE"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0),	"ZENCOD_DSA_DO_SIGN"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0),	"ZENCOD_DSA_DO_VERIFY"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0),	"ZENCOD_FINISH"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0),	"ZENCOD_INIT"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0),	"ZENCOD_RAND"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0),	"ZENCOD_RSA_MOD_EXP"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0),	"ZENCOD_RSA_MOD_EXP_CRT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ZENCOD_str_reasons[]=
+	{
+{ZENCOD_R_ALREADY_LOADED                 ,"already loaded"},
+{ZENCOD_R_BAD_KEY_COMPONENTS             ,"bad key components"},
+{ZENCOD_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ZENCOD_R_DSO_FAILURE                    ,"dso failure"},
+{ZENCOD_R_NOT_LOADED                     ,"not loaded"},
+{ZENCOD_R_REQUEST_FAILED                 ,"request failed"},
+{ZENCOD_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+static ERR_STRING_DATA ZENCOD_lib_name[]=
+        {
+{0	,ZENCOD_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int ZENCOD_lib_error_code=0;
+static int ZENCOD_error_init=1;
+
+static void ERR_load_ZENCOD_strings(void)
+	{
+	if (ZENCOD_lib_error_code == 0)
+		ZENCOD_lib_error_code=ERR_get_next_error_library();
+
+	if (ZENCOD_error_init)
+		{
+		ZENCOD_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
+		ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+		ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
+		ERR_load_strings(0,ZENCOD_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_ZENCOD_strings(void)
+	{
+	if (ZENCOD_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
+		ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+		ERR_unload_strings(0,ZENCOD_lib_name);
+#endif
+		ZENCOD_error_init=1;
+		}
+	}
+
+static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
+	{
+	if (ZENCOD_lib_error_code == 0)
+		ZENCOD_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
+	}
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod_err.h b/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
new file mode 100644
index 0000000..1b5dcb5
--- /dev/null
+++ b/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ZENCOD_ERR_H
+#define HEADER_ZENCOD_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ZENCOD_strings(void);
+static void ERR_unload_ZENCOD_strings(void);
+static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
+#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ZENCOD functions. */
+
+/* Function codes. */
+#define ZENCOD_F_ZENCOD_BN_MOD_EXP			 100
+#define ZENCOD_F_ZENCOD_CTRL				 101
+#define ZENCOD_F_ZENCOD_DH_COMPUTE			 102
+#define ZENCOD_F_ZENCOD_DH_GENERATE			 103
+#define ZENCOD_F_ZENCOD_DSA_DO_SIGN			 104
+#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY			 105
+#define ZENCOD_F_ZENCOD_FINISH				 106
+#define ZENCOD_F_ZENCOD_INIT				 107
+#define ZENCOD_F_ZENCOD_RAND				 108
+#define ZENCOD_F_ZENCOD_RSA_MOD_EXP			 109
+#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT			 110
+
+/* Reason codes. */
+#define ZENCOD_R_ALREADY_LOADED				 100
+#define ZENCOD_R_BAD_KEY_COMPONENTS			 101
+#define ZENCOD_R_BN_EXPAND_FAIL				 102
+#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define ZENCOD_R_DSO_FAILURE				 104
+#define ZENCOD_R_NOT_LOADED				 105
+#define ZENCOD_R_REQUEST_FAILED				 106
+#define ZENCOD_R_UNIT_FAILURE				 107
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/demos/maurice/example1.c b/crypto/openssl/demos/maurice/example1.c
index 52152704..1ef8299 100644
--- a/crypto/openssl/demos/maurice/example1.c
+++ b/crypto/openssl/demos/maurice/example1.c
@@ -126,11 +126,11 @@ void main_encrypt(void)
 
 void main_decrypt(void)
 {
-	char buf[512];
+	char buf[520];
 	char ebuf[512];
 	unsigned int buflen;
         EVP_CIPHER_CTX ectx;
-        unsigned char iv[8];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
 	unsigned char *encryptKey; 
 	unsigned int ekeylen; 
 	EVP_PKEY *privateKey;
@@ -164,7 +164,6 @@ void main_decrypt(void)
 
 	read(STDIN, encryptKey, ekeylen);
 	read(STDIN, iv, sizeof(iv));
-
 	EVP_OpenInit(&ectx,
 		   EVP_des_ede3_cbc(), 
 		   encryptKey,
@@ -185,7 +184,6 @@ void main_decrypt(void)
 		}
 
 		EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
-
 		write(STDOUT, buf, buflen);
 	}
 
diff --git a/crypto/openssl/demos/maurice/example3.c b/crypto/openssl/demos/maurice/example3.c
index c8462a4..03d8a20 100644
--- a/crypto/openssl/demos/maurice/example3.c
+++ b/crypto/openssl/demos/maurice/example3.c
@@ -57,7 +57,8 @@ void do_cipher(char *pw, int operation)
 
 	EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
 
-	EVP_CipherInit(&ectx, ALG, key, iv, operation);
+	EVP_CIPHER_CTX_init(&ectx);
+	EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
 
 	while(1)
 	{
@@ -79,7 +80,8 @@ void do_cipher(char *pw, int operation)
 		write(STDOUT, ebuf, ebuflen);
 	}
 
-        EVP_CipherFinal(&ectx, ebuf, &ebuflen); 
+        EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); 
+	EVP_CIPHER_CTX_cleanup(&ectx);
 
 	write(STDOUT, ebuf, ebuflen); 
 }
diff --git a/crypto/openssl/demos/maurice/loadkeys.c b/crypto/openssl/demos/maurice/loadkeys.c
index 792371c..82fd22a 100644
--- a/crypto/openssl/demos/maurice/loadkeys.c
+++ b/crypto/openssl/demos/maurice/loadkeys.c
@@ -31,9 +31,7 @@ EVP_PKEY * ReadPublicKey(const char *certfile)
   if (!fp) 
      return NULL; 
 
-  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
-                                   PEM_STRING_X509,
-                                   fp, NULL, NULL, NULL);
+  x509 = PEM_read_X509(fp, NULL, 0, NULL);
 
   if (x509 == NULL) 
   {  
@@ -61,10 +59,7 @@ EVP_PKEY *ReadPrivateKey(const char *keyfile)
 	if (!fp)
 		return NULL;
 
-	pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
-                              PEM_STRING_EVP_PKEY,
-                              fp,
-                              NULL, NULL, NULL);
+	pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);
 
 	fclose (fp);
 
diff --git a/crypto/openssl/demos/sign/sign.c b/crypto/openssl/demos/sign/sign.c
index 0fdf0de..a6c66e1 100644
--- a/crypto/openssl/demos/sign/sign.c
+++ b/crypto/openssl/demos/sign/sign.c
@@ -96,7 +96,7 @@ int main ()
   
   fp = fopen (keyfile, "r");
   if (fp == NULL) exit (1);
-  pkey = PEM_read_PrivateKey(fp, NULL, NULL);
+  pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
   fclose (fp);
 
   if (pkey == NULL) { 
@@ -122,7 +122,7 @@ int main ()
   
   fp = fopen (certfile, "r");
   if (fp == NULL) exit (1);
-  x509 = PEM_read_X509(fp, NULL, NULL);
+  x509 = PEM_read_X509(fp, NULL, NULL, NULL);
   fclose (fp);
 
   if (x509 == NULL) {
diff --git a/crypto/openssl/demos/spkigen.c b/crypto/openssl/demos/spkigen.c
index d878811..2cd5dfe 100644
--- a/crypto/openssl/demos/spkigen.c
+++ b/crypto/openssl/demos/spkigen.c
@@ -65,7 +65,8 @@ char *argv[];
 
 	fprintf(stderr,"please enter challenge string:");
 	fflush(stderr);
-	fgets(buf,120,stdin);
+	buf[0]='\0';
+	fgets(buf,sizeof buf,stdin);
 	i=strlen(buf);
 	if (i > 0) buf[--i]='\0';
 	if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
diff --git a/crypto/openssl/demos/ssl/cli.cpp b/crypto/openssl/demos/ssl/cli.cpp
index daea2bd..49cba5d 100644
--- a/crypto/openssl/demos/ssl/cli.cpp
+++ b/crypto/openssl/demos/ssl/cli.cpp
@@ -79,12 +79,12 @@ void main ()
   str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
   CHK_NULL(str);
   printf ("\t subject: %s\n", str);
-  Free (str);
+  OPENSSL_free (str);
 
   str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
   CHK_NULL(str);
   printf ("\t issuer: %s\n", str);
-  Free (str);
+  OPENSSL_free (str);
 
   /* We could do all sorts of certificate verification stuff here before
      deallocating the certificate. */
diff --git a/crypto/openssl/demos/ssl/inetdsrv.cpp b/crypto/openssl/demos/ssl/inetdsrv.cpp
index 5b09227..efd70d2 100644
--- a/crypto/openssl/demos/ssl/inetdsrv.cpp
+++ b/crypto/openssl/demos/ssl/inetdsrv.cpp
@@ -65,12 +65,12 @@ void main ()
     str = X509_NAME_oneline (X509_get_subject_name (client_cert));
     CHK_NULL(str);
     fprintf (log, "\t subject: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
     CHK_NULL(str);
     fprintf (log, "\t issuer: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     /* We could do all sorts of certificate verification stuff here before
        deallocating the certificate. */
diff --git a/crypto/openssl/demos/ssl/serv.cpp b/crypto/openssl/demos/ssl/serv.cpp
index aec610d..b142c75 100644
--- a/crypto/openssl/demos/ssl/serv.cpp
+++ b/crypto/openssl/demos/ssl/serv.cpp
@@ -121,12 +121,12 @@ void main ()
     str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
     CHK_NULL(str);
     printf ("\t subject: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
     CHK_NULL(str);
     printf ("\t issuer: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     /* We could do all sorts of certificate verification stuff here before
        deallocating the certificate. */
diff --git a/crypto/openssl/demos/state_machine/state_machine.c b/crypto/openssl/demos/state_machine/state_machine.c
index 0140fbc..fef3f3e 100644
--- a/crypto/openssl/demos/state_machine/state_machine.c
+++ b/crypto/openssl/demos/state_machine/state_machine.c
@@ -191,6 +191,9 @@ int SSLStateMachine_read_extract(SSLStateMachine *pMachine,
 	    fprintf(stderr,"SSL_read wants more data\n");
 	    return 0;
 	    }
+
+	SSLStateMachine_print_error(pMachine,"SSL_read error");
+	exit(8);
 	}
 
     fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);
@@ -289,6 +292,8 @@ int main(int argc,char **argv)
     int nFD;
     const char *szCertificateFile;
     const char *szKeyFile;
+    char rbuf[1];
+    int nrbuf=0;
 
     if(argc != 4)
 	{
@@ -321,6 +326,14 @@ int main(int argc,char **argv)
 	/* Select socket for input */
 	FD_SET(nFD,&rfds);
 
+	/* check whether there's decrypted data */
+	if(!nrbuf)
+	    nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);
+
+	/* if there's decrypted data, check whether we can write it */
+	if(nrbuf)
+	    FD_SET(1,&wfds);
+
 	/* Select socket for output */
 	if(SSLStateMachine_write_can_extract(pMachine))
 	    FD_SET(nFD,&wfds);
@@ -346,21 +359,29 @@ int main(int argc,char **argv)
 	    SSLStateMachine_read_inject(pMachine,buf,n);
 	    }
 
-	/* FIXME: we should only extract if stdout is ready */
-	n=SSLStateMachine_read_extract(pMachine,buf,n);
-	if(n < 0)
+	/* stdout is ready for output (and hence we have some to send it) */
+	if(FD_ISSET(1,&wfds))
 	    {
-	    SSLStateMachine_print_error(pMachine,"read extract failed");
-	    break;
-	    }
-	assert(n >= 0);
-	if(n > 0)
-	    {
-	    int w;
+	    assert(nrbuf == 1);
+	    buf[0]=rbuf[0];
+	    nrbuf=0;
 
-	    w=write(1,buf,n);
-	    /* FIXME: we should push back any unwritten data */
-	    assert(w == n);
+	    n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);
+	    if(n < 0)
+		{
+		SSLStateMachine_print_error(pMachine,"read extract failed");
+		break;
+		}
+	    assert(n >= 0);
+	    ++n;
+	    if(n > 0) /* FIXME: has to be true now */
+		{
+		int w;
+		
+		w=write(1,buf,n);
+		/* FIXME: we should push back any unwritten data */
+		assert(w == n);
+		}
 	    }
 
 	/* Socket is ready for output (and therefore we have output to send) */
diff --git a/crypto/openssl/demos/tunala/A-client.pem b/crypto/openssl/demos/tunala/A-client.pem
new file mode 100644
index 0000000..a4caf6ef
--- /dev/null
+++ b/crypto/openssl/demos/tunala/A-client.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
+        Validity
+            Not Before: Jan 16 05:19:30 2002 GMT
+            Not After : Jan 14 05:19:30 2012 GMT
+        Subject: C=NZ, L=Auckland, O=Mordor, OU=SSL grunt things, CN=tunala-client/Email=client@fake.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:d3:56:5c:c8:7f:fb:f4:95:9d:04:84:4f:82:
+                    b7:a2:75:5c:81:48:8c:56:5d:52:ee:38:e1:5c:c8:
+                    9a:70:8e:72:f2:00:1c:17:ef:df:b7:06:59:82:04:
+                    f1:f6:49:11:12:a6:4d:cb:1e:ed:ac:59:1c:4a:d0:
+                    3d:de:e6:f2:8d:cd:39:c2:0f:e0:46:2f:db:cb:9f:
+                    47:f7:56:e7:f8:16:5f:68:71:fb:3a:e3:ab:d2:e5:
+                    05:b7:da:65:61:fe:6d:30:e4:12:a8:b5:c1:71:24:
+                    6b:aa:80:05:41:17:a0:8b:6e:8b:e6:04:cf:85:7b:
+                    2a:ac:a1:79:7d:f4:96:6e:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F8:43:CB:4F:4D:4F:BC:6E:52:1A:FD:F9:7B:E1:12:3F:A7:A3:BA:93
+            X509v3 Authority Key Identifier: 
+                keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
+                DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        8f:5f:0e:43:da:9d:61:43:7e:03:38:9a:e6:50:9d:42:e8:95:
+        34:49:75:ec:04:8d:5c:85:99:94:70:a0:e7:1f:1e:a0:8b:0f:
+        d6:e2:cb:f7:35:d9:96:72:bd:a6:e9:8d:4e:b1:e2:ac:97:7f:
+        2f:70:01:9d:aa:04:bc:d4:01:2b:63:77:a5:de:63:3c:a8:f5:
+        f2:72:af:ec:11:12:c0:d4:70:cf:71:a6:fb:e9:1d:b3:27:07:
+        aa:f2:b1:f3:87:d6:ab:8b:ce:c2:08:1b:3c:f9:ba:ff:77:71:
+        86:09:ef:9e:4e:04:06:63:44:e9:93:20:90:c7:2d:50:c6:50:
+        f8:66
+-----BEGIN CERTIFICATE-----
+MIID9TCCA16gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
+EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
+YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
+dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
+DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE5MzBaFw0xMjAxMTQw
+NTE5MzBaMIGHMQswCQYDVQQGEwJOWjERMA8GA1UEBxMIQXVja2xhbmQxDzANBgNV
+BAoTBk1vcmRvcjEZMBcGA1UECxMQU1NMIGdydW50IHRoaW5nczEWMBQGA1UEAxMN
+dHVuYWxhLWNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGZha2UuZG9tYWlu
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw01ZcyH/79JWdBIRPgreidVyB
+SIxWXVLuOOFcyJpwjnLyABwX79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnC
+D+BGL9vLn0f3Vuf4Fl9ocfs646vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovm
+BM+FeyqsoXl99JZudwIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPhD
+y09NT7xuUhr9+XvhEj+no7qTMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6V
+xCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3Rv
+bjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBB
+dXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQD
+ExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9t
+YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAI9fDkPanWFDfgM4muZQnULolTRJdewE
+jVyFmZRwoOcfHqCLD9biy/c12ZZyvabpjU6x4qyXfy9wAZ2qBLzUAStjd6XeYzyo
+9fJyr+wREsDUcM9xpvvpHbMnB6rysfOH1quLzsIIGzz5uv93cYYJ755OBAZjROmT
+IJDHLVDGUPhm
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCw01ZcyH/79JWdBIRPgreidVyBSIxWXVLuOOFcyJpwjnLyABwX
+79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnCD+BGL9vLn0f3Vuf4Fl9ocfs6
+46vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovmBM+FeyqsoXl99JZudwIDAQAB
+AoGAU4chbqbPvkclPYzaq2yGLlneHrwUft+KwzlfS6L/QVgo+CQRIUWQmjaHpaGM
+YtjVFcg1S1QK1bUqZjTEZT0XKhfbYmqW8yYTfbcDEbnY7esoYlvIlW8qRlPRlTBE
+utKrtZafmVhLgoNawYGD0aLZofPqpYjbGUlrC7nrem2vNJECQQDVLD3Qb+OlEMET
+73ApnJhYsK3e+G2LTrtjrS8y5zS4+Xv61XUqvdV7ogzRl0tpvSAmMOItVyoYadkB
+S3xSIWX9AkEA1Fm1FhkQSZwGG5rf4c6gMN71jJ6JE3/kocdVa0sUjRevIupo4XQ2
+Vkykxi84MRP8cfHqyjewq7Ozv3op2MGWgwJBAKemsb66IJjzAkaBav7u70nhOf0/
++Dc1Zl7QF2y7NVW8sGrnccx5m+ot2lMD4AV6/kvK6jaqdKrapBZGnbGiHqkCQQDI
+T1r33mqz1R8Z2S2Jtzz6/McKf930a/dC+GLGVEutkILf39lRmytKmv/wB0jtWtoO
+rlJ5sLDSNzC+1cE1u997AkEAu3IrtGmLKiuS6kDj6W47m+iiTIsuSJtTJb1SbUaK
+fIoBNFxbvJYW6rUU9+PxpMRaEhzh5s24/jBOE+mlb17mRQ==
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/tunala/A-server.pem b/crypto/openssl/demos/tunala/A-server.pem
new file mode 100644
index 0000000..e9f37b1
--- /dev/null
+++ b/crypto/openssl/demos/tunala/A-server.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
+        Validity
+            Not Before: Jan 16 05:14:06 2002 GMT
+            Not After : Jan 14 05:14:06 2012 GMT
+        Subject: C=NZ, L=Wellington, O=Middle Earth, OU=SSL dev things, CN=tunala-server/Email=server@fake.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a9:3e:62:87:97:13:6b:de:8f:bc:1d:0a:3f:65:
+                    0c:f9:76:a3:53:ce:97:30:27:0d:c6:df:72:1f:8d:
+                    5a:ce:58:23:6a:65:e5:e3:72:1a:8d:7f:fe:90:01:
+                    ea:42:f1:9f:6e:7b:0a:bd:eb:52:15:7b:f4:3d:9c:
+                    4e:db:74:29:2b:d1:81:9d:b9:9e:18:2b:87:e1:da:
+                    50:20:3c:59:6c:c9:83:3e:2c:11:0b:78:1e:03:f4:
+                    56:3a:db:95:6a:75:33:85:a9:7b:cc:3c:4a:67:96:
+                    f2:24:b2:a0:cb:2e:cc:52:18:16:6f:44:d9:29:64:
+                    07:2e:fb:56:cc:7c:dc:a2:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                70:AC:7A:B5:6E:97:C2:82:AF:11:9E:32:CB:8D:48:49:93:B7:DC:22
+            X509v3 Authority Key Identifier: 
+                keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
+                DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        2e:cb:a3:cd:6d:a8:9d:d1:dc:e5:f0:e0:27:7e:4b:5a:90:a8:
+        85:43:f0:05:f7:04:43:d7:5f:d1:a5:8f:5c:58:eb:fc:da:c6:
+        7c:e0:0b:2b:98:72:95:f6:79:48:96:7a:fa:0c:6b:09:ec:c6:
+        8c:91:74:45:9f:8f:0f:16:78:e3:66:14:fa:1e:f4:f0:23:ec:
+        cd:a9:52:77:20:4d:c5:05:2c:52:b6:7b:f3:42:33:fd:90:1f:
+        3e:88:6f:9b:23:61:c8:80:3b:e6:57:84:2e:f7:26:c7:35:ed:
+        00:8b:08:30:9b:aa:21:83:b6:6d:b8:7c:8a:9b:2a:ef:79:3d:
+        96:31
+-----BEGIN CERTIFICATE-----
+MIID+zCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
+EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
+YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
+dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
+DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE0MDZaFw0xMjAxMTQw
+NTE0MDZaMIGNMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjEVMBMG
+A1UEChMMTWlkZGxlIEVhcnRoMRcwFQYDVQQLEw5TU0wgZGV2IHRoaW5nczEWMBQG
+A1UEAxMNdHVuYWxhLXNlcnZlcjEhMB8GCSqGSIb3DQEJARYSc2VydmVyQGZha2Uu
+ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPmKHlxNr3o+8HQo/
+ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXjchqNf/6QAepC8Z9uewq961IVe/Q9nE7b
+dCkr0YGduZ4YK4fh2lAgPFlsyYM+LBELeB4D9FY625VqdTOFqXvMPEpnlvIksqDL
+LsxSGBZvRNkpZAcu+1bMfNyi1wIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFHCserVul8KCrxGeMsuNSEmTt9wiMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzh
+RaHTCJ6VxCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2Vs
+bGluZ3RvbjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNh
+dGlvbiBBdXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkw
+FwYDVQQDExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZh
+a2UuZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAC7Lo81tqJ3R3OXw4Cd+S1qQ
+qIVD8AX3BEPXX9Glj1xY6/zaxnzgCyuYcpX2eUiWevoMawnsxoyRdEWfjw8WeONm
+FPoe9PAj7M2pUncgTcUFLFK2e/NCM/2QHz6Ib5sjYciAO+ZXhC73Jsc17QCLCDCb
+qiGDtm24fIqbKu95PZYx
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCpPmKHlxNr3o+8HQo/ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXj
+chqNf/6QAepC8Z9uewq961IVe/Q9nE7bdCkr0YGduZ4YK4fh2lAgPFlsyYM+LBEL
+eB4D9FY625VqdTOFqXvMPEpnlvIksqDLLsxSGBZvRNkpZAcu+1bMfNyi1wIDAQAB
+AoGANCwqHZhiAU/TyW6+WPqivEhpYw19p/dyFMuPF9DwnEmpaUROUQY8z0AUznn4
+qHhp6Jn/nrprTHowucl0ucweYIYVxZoUiUDFpxdFUbzMdFvo6HcyV1Pe4Rt81HaY
+KYWrTZ6PaPtN65hLms8NhPEdGcGAFlY1owYv4QNGq2bU1JECQQDd32LM0NSfyGmK
+4ziajqGcvzK9NO2XyV/nJsGlJZNgMh2zm1t7yR28l/6Q2uyU49cCN+2aYULZCAfs
+taNvxBspAkEAw0alNub+xj2AVQvaxOB1sGfKzsJjHCzKIxUXn/tJi3j0+2asmkBZ
+Umx1MWr9jKQBnCMciCRUbnMEZiElOxCN/wJAfAeQl6Z19gx206lJzzzEo3dOye54
+k02DSxijT8q9pBzf9bN3ZK987BybtiZr8p+bZiYVsSOF1wViSLURdD1QYQJAIaMU
+qH1n24wShBPTrmAfxbBLTgxL+Dl65Eoo1KT7iSvfv0JzbuqwuDL4iPeuD0DdCiE+
+M/FWHeRwGIuTFzaFzwJBANKwx0jZS/h093w9g0Clw6UzeA1P5VcAt9y+qMC9hO3c
+4KXwIxQAt9yRaFLpiIR9do5bjjKNnMguf3aO/XRSDQM=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/tunala/CA.pem b/crypto/openssl/demos/tunala/CA.pem
new file mode 100644
index 0000000..7a55b54
--- /dev/null
+++ b/crypto/openssl/demos/tunala/CA.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
+EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
+YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
+dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
+DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTA5NTlaFw0xMjAxMTQw
+NTA5NTlaMIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoG
+A1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3Jp
+dHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNr
+b3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7QdDfFIrJn3X24hKmpkyk3TG0Ivxd
+K2wWmDPXq1wjr8lUTwrA6hM5Ba9N36jLieWpXhviLOWu9DBza5GmtgCuXloATKTC
+94xOdKHlciTVujG3wDlLDB5e710Kar84nnj6VueL1RyZ0bmP5PANa4mbGW9Tqc7J
+CkBTTW2y9d0SgQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEn7RXISxMzhRaHTCJ6V
+xCxtVT8XMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6VxCxtVT8XoYG6pIG3
+MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoGA1UEChMz
+UmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3JpdHkgKFJJ
+QUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNrb3YgYWwt
+VHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluggEAMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYQo95V/NY+eKxYxkhibZiUQygph+
+gTfgbDG20MsnH6+8//w5ArHauFCgDrf0P2VyACgq+N4pBTWFGaAaLwbjKy9HCe2E
+j9C91tO1CqDS4MJkDB5AP13FTkK6fP1ZCiTQranOAp3DlGWTTWsFVyW5kVfQ9diS
+ZOyJZ9Fit5XM2X0=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/demos/tunala/INSTALL b/crypto/openssl/demos/tunala/INSTALL
new file mode 100644
index 0000000..a65bbeb
--- /dev/null
+++ b/crypto/openssl/demos/tunala/INSTALL
@@ -0,0 +1,107 @@
+There are two ways to build this code;
+
+(1) Manually
+
+(2) Using all-singing all-dancing (all-confusing) autotools, ie. autoconf,
+automake, and their little friends (autoheader, etc).
+
+=================
+Building Manually
+=================
+
+There is a basic "Makefile" in this directory that gets moved out of the way and
+ignored when building with autoconf et al. This Makefile is suitable for
+building tunala on Linux using gcc. Any other platform probably requires some
+tweaking. Here are the various bits you might need to do if you want to build
+this way and the default Makefile isn't sufficient;
+
+* Compiler: Edit the "CC" definition in Makefile
+
+* Headers, features: tunala.h controls what happens in the non-autoconf world.
+  It, by default, assumes the system has *everything* (except autoconf's
+  "config.h") so if a target system is missing something it must define the
+  appropriate "NO_***" symbols in CFLAGS. These include;
+
+  - NO_HAVE_UNISTD_H, NO_HAVE_FCNTL_H, NO_HAVE_LIMITS_H
+    Indicates the compiling system doesn't have (or need) these header files.
+  - NO_HAVE_STRSTR, NO_HAVE_STRTOUL
+    Indicates the compiling system doesn't have these functions. Replacements
+    are compiled and used in breakage.c
+  - NO_HAVE_SELECT, NO_HAVE_SOCKET
+    Pointless symbols - these indicate select() and/or socket() are missing in
+    which case the program won't compile anyway.
+
+  If you want to specify any of these, add them with "-D" prefixed to each in
+  the CFLAGS definition in Makefile.
+
+* Compilation flags: edit DEBUG_FLAGS and/or CFLAGS directly to control the
+  flags passed to the compiler. This can also be used to change the degree of
+  optimisation.
+
+* Linker flags: some systems (eg. Solaris) require extra linker flags such as;
+  -ldl, -lsocket, -lnsl, etc. If unsure, bring up the man page for whichever
+  function is "undefined" when the linker fails - that usually indicates what
+  you need to add. Make changes to the LINK_FLAGS symbol.
+
+* Linker command: if a different linker syntax or even a different program is
+  required to link, edit the linker line directly in the "tunala:" target
+  definition - it currently assumes the "CC" (compiler) program is used to link.
+
+======================
+Building Automagically
+======================
+
+Automagic building is handled courtesy of autoconf, automake, etc. There are in
+fact two steps required to build, and only the first has to be done on a system
+with these tools installed (and if I was prepared to bloat out the CVS
+repository, I could store these extra files, but I'm not).
+
+First step: "autogunk.sh"
+-------------------------
+
+The "./autogunk.sh" script will call all the necessary autotool commands to
+create missing files and run automake and autoconf. The result is that a
+"./configure" script should be generated and a "Makefile.in" generated from the
+supplied "Makefile.am". NB: This script also moves the "manual" Makefile (see
+above) out of the way and calls it "Makefile.plain" - the "ungunk" script
+reverses this to leave the directory it was previously.
+
+Once "ungunk" has been run, the resulting directory should be able to build on
+other systems without autoconf, automake, or libtool. Which is what the second
+step describes;
+
+Second step: "./configure"
+--------------------------
+
+The second step is to run the generated "./configure" script to create a
+config.h header for your system and to generate a "Makefile" (generated from
+"Makefile.in") tweaked to compile on your system. This is the standard sort of
+thing you see in GNU packages, for example, and the standard tricks also work.
+Eg. to override "configure"'s choice of compiler, set the CC environment
+variable prior to running configure, eg.
+
+    CC=gcc ./configure
+
+would cause "gcc" to be used even if there is an otherwise preferable (to
+autoconf) native compiler on your system.
+
+After this run "make" and it should build the "tunala" executable.
+
+Notes
+-----
+
+- Some versions of autoconf (or automake?) generate a Makefile syntax that gives
+  trouble to some "make" programs on some systems (eg. OpenBSD). If this
+  happens, either build 'Manually' (see above) or use "gmake" instead of "make".
+  I don't like this either but like even less the idea of sifting into all the
+  script magic crud that's involved.
+
+- On a solaris system I tried, the "configure" script specified some broken
+  compiler flags in the resulting Makefile that don't even get echoed to
+  stdout/err when the error happens (evil!). If this happens, go into the
+  generated Makefile, find the two affected targets ("%.o:" and "%.lo"), and
+  remove the offending hidden option in the $(COMPILE) line all the sludge after
+  the two first lines of script (ie. after the "echo" and the "COMPILE" lines).
+  NB: This will probably only function if "--disable-shared" was used, otherwise
+  who knows what would result ...
+
diff --git a/crypto/openssl/demos/tunala/Makefile b/crypto/openssl/demos/tunala/Makefile
new file mode 100644
index 0000000..bef1704
--- /dev/null
+++ b/crypto/openssl/demos/tunala/Makefile
@@ -0,0 +1,41 @@
+# Edit these to suit
+#
+# Oh yeah, and please read the README too.
+
+
+SSL_HOMEDIR=../..
+SSL_INCLUDEDIR=$(SSL_HOMEDIR)/include
+SSL_LIBDIR=$(SSL_HOMEDIR)
+
+RM=rm -f
+CC=gcc
+DEBUG_FLAGS=-g -ggdb3 -Wall -Wshadow
+INCLUDE_FLAGS=-I$(SSL_INCLUDEDIR)
+CFLAGS=$(DEBUG_FLAGS) $(INCLUDE_FLAGS) -DNO_CONFIG_H
+COMPILE=$(CC) $(CFLAGS) -c
+
+# Edit, particularly the "-ldl" if not building with "dlfcn" support
+LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl
+
+SRCS=buffer.c cb.c ip.c sm.c tunala.c breakage.c
+OBJS=buffer.o cb.o ip.o sm.o tunala.o breakage.o
+
+TARGETS=tunala
+
+default: $(TARGETS)
+
+clean:
+	$(RM) $(OBJS) $(TARGETS) *.bak core
+
+.c.o:
+	$(COMPILE) $<
+
+tunala: $(OBJS)
+	$(CC) -o tunala $(OBJS) $(LINK_FLAGS)
+
+# Extra dependencies, should really use makedepend
+buffer.o: buffer.c tunala.h
+cb.o: cb.c tunala.h
+ip.o: ip.c tunala.h
+sm.o: sm.c tunala.h
+tunala.o: tunala.c tunala.h
diff --git a/crypto/openssl/demos/tunala/Makefile.am b/crypto/openssl/demos/tunala/Makefile.am
new file mode 100644
index 0000000..706c780
--- /dev/null
+++ b/crypto/openssl/demos/tunala/Makefile.am
@@ -0,0 +1,7 @@
+# Our includes come from the OpenSSL build-tree we're in
+INCLUDES		= -I$(top_builddir)/../../include
+
+bin_PROGRAMS		= tunala
+
+tunala_SOURCES		= tunala.c buffer.c cb.c ip.c sm.c breakage.c
+tunala_LDADD		= -L$(top_builddir)/../.. -lssl -lcrypto
diff --git a/crypto/openssl/demos/tunala/README b/crypto/openssl/demos/tunala/README
new file mode 100644
index 0000000..1569008
--- /dev/null
+++ b/crypto/openssl/demos/tunala/README
@@ -0,0 +1,233 @@
+This is intended to be an example of a state-machine driven SSL application. It
+acts as an SSL tunneler (functioning as either the server or client half,
+depending on command-line arguments). *PLEASE* read the comments in tunala.h
+before you treat this stuff as anything more than a curiosity - YOU HAVE BEEN
+WARNED!! There, that's the draconian bit out of the way ...
+
+
+Why "tunala"??
+--------------
+
+I thought I asked you to read tunala.h?? :-)
+
+
+Show me
+-------
+
+If you want to simply see it running, skip to the end and see some example
+command-line arguments to demonstrate with.
+
+
+Where to look and what to do?
+-----------------------------
+
+The code is split up roughly coinciding with the detaching of an "abstract" SSL
+state machine (which is the purpose of all this) and its surrounding application
+specifics. This is primarily to make it possible for me to know when I could cut
+corners and when I needed to be rigorous (or at least maintain the pretense as
+such :-).
+
+Network stuff:
+
+Basically, the network part of all this is what is supposed to be abstracted out
+of the way. The intention is to illustrate one way to stick OpenSSL's mechanisms
+inside a little memory-driven sandbox and operate it like a pure state-machine.
+So, the network code is inside both ip.c (general utility functions and gory
+IPv4 details) and tunala.c itself, which takes care of application specifics
+like the main select() loop. The connectivity between the specifics of this
+application (TCP/IP tunneling and the associated network code) and the
+underlying abstract SSL state machine stuff is through the use of the "buffer_t"
+type, declared in tunala.h and implemented in buffer.c.
+
+State machine:
+
+Which leaves us, generally speaking, with the abstract "state machine" code left
+over and this is sitting inside sm.c, with declarations inside tunala.h. As can
+be seen by the definition of the state_machine_t structure and the associated
+functions to manipulate it, there are the 3 OpenSSL "handles" plus 4 buffer_t
+structures dealing with IO on both the encrypted and unencrypted sides ("dirty"
+and "clean" respectively). The "SSL" handle is what facilitates the reading and
+writing of the unencrypted (tunneled) data. The two "BIO" handles act as the
+read and write channels for encrypted tunnel traffic - in other applications
+these are often socket BIOs so that the OpenSSL framework operates with the
+network layer directly. In this example, those two BIOs are memory BIOs
+(BIO_s_mem()) so that the sending and receiving of the tunnel traffic stays
+within the state-machine, and we can handle where this gets send to (or read
+from) ourselves.
+
+
+Why?
+----
+
+If you take a look at the "state_machine_t" section of tunala.h and the code in
+sm.c, you will notice that nothing related to the concept of 'transport' is
+involved. The binding to TCP/IP networking occurs in tunala.c, specifically
+within the "tunala_item_t" structure that associates a state_machine_t object
+with 4 file-descriptors. The way to best see where the bridge between the
+outside world (TCP/IP reads, writes, select()s, file-descriptors, etc) and the
+state machine is, is to examine the "tunala_item_io()" function in tunala.c.
+This is currently around lines 641-732 but of course could be subject to change.
+
+
+And...?
+-------
+
+Well, although that function is around 90 lines of code, it could easily have
+been a lot less only I was trying to address an easily missed "gotcha" (item (2)
+below). The main() code that drives the select/accept/IO loop initialises new
+tunala_item_t structures when connections arrive, and works out which
+file-descriptors go where depending on whether we're an SSL client or server
+(client --> accepted connection is clean and proxied is dirty, server -->
+accepted connection is dirty and proxied is clean). What that tunala_item_io()
+function is attempting to do is 2 things;
+
+  (1) Perform all reads and writes on the network directly into the
+      state_machine_t's buffers (based on a previous select() result), and only
+      then allow the abstact state_machine_t to "churn()" using those buffers.
+      This will cause the SSL machine to consume as much input data from the two
+      "IN" buffers as possible, and generate as much output data into the two
+      "OUT" buffers as possible. Back up in the main() function, the next main
+      loop loop will examine these output buffers and select() for writability
+      on the corresponding sockets if the buffers are non-empty.
+
+  (2) Handle the complicated tunneling-specific issue of cascading "close"s.
+      This is the reason for most of the complexity in the logic - if one side
+      of the tunnel is closed, you can't simply close the other side and throw
+      away the whole thing - (a) there may still be outgoing data on the other
+      side of the tunnel that hasn't been sent yet, (b) the close (or things
+      happening during the close) may cause more data to be generated that needs
+      sending on the other side. Of course, this logic is complicated yet futher
+      by the fact that it's different depending on which side closes first :-)
+      state_machine_close_clean() will indicate to the state machine that the
+      unencrypted side of the tunnel has closed, so any existing outgoing data
+      needs to be flushed, and the SSL stream needs to be closed down using the
+      appropriate shutdown sequence. state_machine_close_dirty() is simpler
+      because it indicates that the SSL stream has been disconnected, so all
+      that remains before closing the other side is to flush out anything that
+      remains and wait for it to all be sent.
+
+Anyway, with those things in mind, the code should be a little easier to follow
+in terms of "what is *this* bit supposed to achieve??!!".
+
+
+How might this help?
+--------------------
+
+Well, the reason I wrote this is that there seemed to be rather a flood of
+questions of late on the openssl-dev and openssl-users lists about getting this
+whole IO logic thing sorted out, particularly by those who were trying to either
+use non-blocking IO, or wanted SSL in an environment where "something else" was
+handling the network already and they needed to operate in memory only. This
+code is loosely based on some other stuff I've been working on, although that
+stuff is far more complete, far more dependant on a whole slew of other
+network/framework code I don't want to incorporate here, and far harder to look
+at for 5 minutes and follow where everything is going. I will be trying over
+time to suck in a few things from that into this demo in the hopes it might be
+more useful, and maybe to even make this demo usable as a utility of its own.
+Possible things include:
+
+  * controlling multiple processes/threads - this can be used to combat
+    latencies and get passed file-descriptor limits on some systems, and it uses
+    a "controller" process/thread that maintains IPC links with the
+    processes/threads doing the real work.
+
+  * cert verification rules - having some say over which certs get in or out :-)
+
+  * control over SSL protocols and cipher suites
+
+  * A few other things you can already do in s_client and s_server :-)
+
+  * Support (and control over) session resuming, particularly when functioning
+    as an SSL client.
+
+If you have a particular environment where this model might work to let you "do
+SSL" without having OpenSSL be aware of the transport, then you should find you
+could use the state_machine_t structure (or your own variant thereof) and hook
+it up to your transport stuff in much the way tunala.c matches it up with those
+4 file-descriptors. The state_machine_churn(), state_machine_close_clean(), and
+state_machine_close_dirty() functions are the main things to understand - after
+that's done, you just have to ensure you're feeding and bleeding the 4
+state_machine buffers in a logical fashion. This state_machine loop handles not
+only handshakes and normal streaming, but also renegotiates - there's no special
+handling required beyond keeping an eye on those 4 buffers and keeping them in
+sync with your outer "loop" logic. Ie. if one of the OUT buffers is not empty,
+you need to find an opportunity to try and forward its data on. If one of the IN
+buffers is not full, you should keep an eye out for data arriving that should be
+placed there.
+
+This approach could hopefully also allow you to run the SSL protocol in very
+different environments. As an example, you could support encrypted event-driven
+IPC where threads/processes pass messages to each other inside an SSL layer;
+each IPC-message's payload would be in fact the "dirty" content, and the "clean"
+payload coming out of the tunnel at each end would be the real intended message.
+Likewise, this could *easily* be made to work across unix domain sockets, or
+even entirely different network/comms protocols.
+
+This is also a quick and easy way to do VPN if you (and the remote network's
+gateway) support virtual network devices that are encapsulted in a single
+network connection, perhaps PPP going through an SSL tunnel?
+
+
+Suggestions
+-----------
+
+Please let me know if you find this useful, or if there's anything wrong or
+simply too confusing about it. Patches are also welcome, but please attach a
+description of what it changes and why, and "diff -urN" format is preferred.
+Mail to geoff@openssl.org should do the trick.
+
+
+Example
+-------
+
+Here is an example of how to use "tunala" ...
+
+First, it's assumed that OpenSSL has already built, and that you are building
+inside the ./demos/tunala/ directory. If not - please correct the paths and
+flags inside the Makefile. Likewise, if you want to tweak the building, it's
+best to try and do so in the makefile (eg. removing the debug flags and adding
+optimisation flags).
+
+Secondly, this code has mostly only been tested on Linux. However, some
+autoconf/etc support has been added and the code has been compiled on openbsd
+and solaris using that.
+
+Thirdly, if you are Win32, you probably need to do some *major* rewriting of
+ip.c to stand a hope in hell. Good luck, and please mail me the diff if you do
+this, otherwise I will take a look at another time. It can certainly be done,
+but it's very non-POSIXy.
+
+See the INSTALL document for details on building.
+
+Now, if you don't have an executable "tunala" compiled, go back to "First,...".
+Rinse and repeat.
+
+Inside one console, try typing;
+
+(i)  ./tunala -listen localhost:8080 -proxy localhost:8081 -cacert CA.pem \
+              -cert A-client.pem -out_totals -v_peer -v_strict
+
+In another console, type;
+
+(ii) ./tunala -listen localhost:8081 -proxy localhost:23 -cacert CA.pem \
+              -cert A-server.pem -server 1 -out_totals -v_peer -v_strict
+
+Now if you open another console and "telnet localhost 8080", you should be
+tunneled through to the telnet service on your local machine (if it's running -
+you could change it to port "22" and tunnel ssh instead if you so desired). When
+you logout of the telnet session, the tunnel should cleanly shutdown and show
+you some traffic stats in both consoles. Feel free to experiment. :-)
+
+Notes:
+
+ - the format for the "-listen" argument can skip the host part (eg. "-listen
+   8080" is fine). If you do, the listening socket will listen on all interfaces
+   so you can connect from other machines for example. Using the "localhost"
+   form listens only on 127.0.0.1 so you can only connect locally (unless, of
+   course, you've set up weird stuff with your networking in which case probably
+   none of the above applies).
+
+ - ./tunala -? gives you a list of other command-line options, but tunala.c is
+   also a good place to look :-)
+
+
diff --git a/crypto/openssl/demos/tunala/autogunk.sh b/crypto/openssl/demos/tunala/autogunk.sh
new file mode 100755
index 0000000..c9783c6
--- /dev/null
+++ b/crypto/openssl/demos/tunala/autogunk.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# This script tries to follow the "GNU way" w.r.t. the autobits.
+# This does of course generate a number of irritating files.
+# Try to get over it (I am getting there myself).
+
+# This should generate any missing crud, and then run autoconf which should turn
+# configure.in into a "./configure" script and "Makefile.am" into a
+# "Makefile.in". Then running "./configure" should turn "Makefile.in" into
+# "Makefile" and should generate the config.h containing your systems various
+# settings. I know ... what a hassle ...
+
+# Also, sometimes these autobits things generate bizarre output (looking like
+# errors). So I direct everything "elsewhere" ...
+
+(aclocal
+autoheader
+libtoolize --copy --force
+automake --foreign --add-missing --copy
+autoconf) 1> /dev/null 2>&1
+
+# Move the "no-autotools" Makefile out of the way
+if test ! -f Makefile.plain; then
+	mv Makefile Makefile.plain
+fi
diff --git a/crypto/openssl/demos/tunala/autoungunk.sh b/crypto/openssl/demos/tunala/autoungunk.sh
new file mode 100755
index 0000000..14d1079
--- /dev/null
+++ b/crypto/openssl/demos/tunala/autoungunk.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# This script tries to clean up as much as is possible from whatever diabolical
+# mess has been left in the directory thanks to autoconf, automake, and their
+# friends.
+
+if test -f Makefile; then
+	make distclean
+	rm -f Makefile
+fi
+
+if test -f Makefile.plain; then
+	mv Makefile.plain Makefile
+fi
+
+rm -f aclocal.m4 config.* configure install-sh \
+	missing mkinstalldirs stamp-h.* Makefile.in \
+	ltconfig ltmain.sh
diff --git a/crypto/openssl/demos/tunala/breakage.c b/crypto/openssl/demos/tunala/breakage.c
new file mode 100644
index 0000000..dcdd64b
--- /dev/null
+++ b/crypto/openssl/demos/tunala/breakage.c
@@ -0,0 +1,66 @@
+#include "tunala.h"
+
+int int_strtoul(const char *str, unsigned long *val)
+{
+#ifdef HAVE_STRTOUL
+	char *tmp;
+	unsigned long ret = strtoul(str, &tmp, 10);
+	if((str == tmp) || (*tmp != '\0'))
+		/* The value didn't parse cleanly */
+		return 0;
+	if(ret == ULONG_MAX)
+		/* We hit a limit */
+		return 0;
+	*val = ret;
+	return 1;
+#else
+	char buf[2];
+	unsigned long ret = 0;
+	buf[1] = '\0';
+	if(str == '\0')
+		/* An empty string ... */
+		return 0;
+	while(*str != '\0') {
+		/* We have to multiply 'ret' by 10 before absorbing the next
+		 * digit. If this will overflow, catch it now. */
+		if(ret && (((ULONG_MAX + 10) / ret) < 10))
+			return 0;
+		ret *= 10;
+		if(!isdigit(*str))
+			return 0;
+		buf[0] = *str;
+		ret += atoi(buf);
+		str++;
+	}
+	*val = ret;
+	return 1;
+#endif
+}
+
+#ifndef HAVE_STRSTR
+char *int_strstr(const char *haystack, const char *needle)
+{
+	const char *sub_haystack = haystack, *sub_needle = needle;
+	unsigned int offset = 0;
+	if(!needle)
+		return haystack;
+	if(!haystack)
+		return NULL;
+	while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
+		if(sub_haystack[offset] == sub_needle) {
+			/* sub_haystack is still a candidate */
+			offset++;
+			sub_needle++;
+		} else {
+			/* sub_haystack is no longer a possibility */
+			sub_haystack++;
+			offset = 0;
+			sub_needle = needle;
+		}
+	}
+	if(*sub_haystack == '\0')
+		/* Found nothing */
+		return NULL;
+	return sub_haystack;
+}
+#endif
diff --git a/crypto/openssl/demos/tunala/buffer.c b/crypto/openssl/demos/tunala/buffer.c
new file mode 100644
index 0000000..c5cd004
--- /dev/null
+++ b/crypto/openssl/demos/tunala/buffer.c
@@ -0,0 +1,205 @@
+#include "tunala.h"
+
+#ifndef NO_BUFFER
+
+void buffer_init(buffer_t *buf)
+{
+	buf->used = 0;
+	buf->total_in = buf->total_out = 0;
+}
+
+void buffer_close(buffer_t *buf)
+{
+	/* Our data is static - nothing needs "release", just reset it */
+	buf->used = 0;
+}
+
+/* Code these simple ones in compact form */
+unsigned int buffer_used(buffer_t *buf) {
+	return buf->used; }
+unsigned int buffer_unused(buffer_t *buf) {
+	return (MAX_DATA_SIZE - buf->used); }
+int buffer_full(buffer_t *buf) {
+	return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
+int buffer_notfull(buffer_t *buf) {
+	return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
+int buffer_empty(buffer_t *buf) {
+	return (buf->used == 0 ? 1 : 0); }
+int buffer_notempty(buffer_t *buf) {
+	return (buf->used > 0 ? 1 : 0); }
+unsigned long buffer_total_in(buffer_t *buf) {
+	return buf->total_in; }
+unsigned long buffer_total_out(buffer_t *buf) {
+	return buf->total_out; }
+
+/* These 3 static (internal) functions don't adjust the "total" variables as
+ * it's not sure when they're called how it should be interpreted. Only the
+ * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
+ * values. */
+#if 0 /* To avoid "unused" warnings */
+static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
+		unsigned int size)
+{
+	unsigned int added = MAX_DATA_SIZE - buf->used;
+	if(added > size)
+		added = size;
+	if(added == 0)
+		return 0;
+	memcpy(buf->data + buf->used, ptr, added);
+	buf->used += added;
+	buf->total_in += added;
+	return added;
+}
+
+static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
+{
+	unsigned int moved, tomove = from->used;
+	if((int)tomove > cap)
+		tomove = cap;
+	if(tomove == 0)
+		return 0;
+	moved = buffer_adddata(to, from->data, tomove);
+	if(moved == 0)
+		return 0;
+	buffer_takedata(from, NULL, moved);
+	return moved;
+}
+#endif
+
+static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
+		unsigned int size)
+{
+	unsigned int taken = buf->used;
+	if(taken > size)
+		taken = size;
+	if(taken == 0)
+		return 0;
+	if(ptr)
+		memcpy(ptr, buf->data, taken);
+	buf->used -= taken;
+	/* Do we have to scroll? */
+	if(buf->used > 0)
+		memmove(buf->data, buf->data + taken, buf->used);
+	return taken;
+}
+
+#ifndef NO_IP
+
+int buffer_from_fd(buffer_t *buf, int fd)
+{
+	int toread = buffer_unused(buf);
+	if(toread == 0)
+		/* Shouldn't be called in this case! */
+		abort();
+	toread = read(fd, buf->data + buf->used, toread);
+	if(toread > 0) {
+		buf->used += toread;
+		buf->total_in += toread;
+	}
+	return toread;
+}
+
+int buffer_to_fd(buffer_t *buf, int fd)
+{
+	int towrite = buffer_used(buf);
+	if(towrite == 0)
+		/* Shouldn't be called in this case! */
+		abort();
+	towrite = write(fd, buf->data, towrite);
+	if(towrite > 0) {
+		buffer_takedata(buf, NULL, towrite);
+		buf->total_out += towrite;
+	}
+	return towrite;
+}
+
+#endif /* !defined(NO_IP) */
+
+#ifndef NO_OPENSSL
+
+static void int_ssl_check(SSL *s, int ret)
+{
+	int e = SSL_get_error(s, ret);
+	switch(e) {
+		/* These seem to be harmless and already "dealt with" by our
+		 * non-blocking environment. NB: "ZERO_RETURN" is the clean
+		 * "error" indicating a successfully closed SSL tunnel. We let
+		 * this happen because our IO loop should not appear to have
+		 * broken on this condition - and outside the IO loop, the
+		 * "shutdown" state is checked. */
+	case SSL_ERROR_NONE:
+	case SSL_ERROR_WANT_READ:
+	case SSL_ERROR_WANT_WRITE:
+	case SSL_ERROR_WANT_X509_LOOKUP:
+	case SSL_ERROR_ZERO_RETURN:
+		return;
+		/* These seem to be indications of a genuine error that should
+		 * result in the SSL tunnel being regarded as "dead". */
+	case SSL_ERROR_SYSCALL:
+	case SSL_ERROR_SSL:
+		SSL_set_app_data(s, (char *)1);
+		return;
+	default:
+		break;
+	}
+	/* For any other errors that (a) exist, and (b) crop up - we need to
+	 * interpret what to do with them - so "politely inform" the caller that
+	 * the code needs updating here. */
+	abort();
+}
+
+void buffer_from_SSL(buffer_t *buf, SSL *ssl)
+{
+	int ret;
+	if(!ssl || buffer_full(buf))
+		return;
+	ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
+	if(ret > 0) {
+		buf->used += ret;
+		buf->total_in += ret;
+	}
+	if(ret < 0)
+		int_ssl_check(ssl, ret);
+}
+
+void buffer_to_SSL(buffer_t *buf, SSL *ssl)
+{
+	int ret;
+	if(!ssl || buffer_empty(buf))
+		return;
+	ret = SSL_write(ssl, buf->data, buf->used);
+	if(ret > 0) {
+		buffer_takedata(buf, NULL, ret);
+		buf->total_out += ret;
+	}
+	if(ret < 0)
+		int_ssl_check(ssl, ret);
+}
+
+void buffer_from_BIO(buffer_t *buf, BIO *bio)
+{
+	int ret;
+	if(!bio || buffer_full(buf))
+		return;
+	ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
+	if(ret > 0) {
+		buf->used += ret;
+		buf->total_in += ret;
+	}
+}
+
+void buffer_to_BIO(buffer_t *buf, BIO *bio)
+{
+	int ret;
+	if(!bio || buffer_empty(buf))
+		return;
+	ret = BIO_write(bio, buf->data, buf->used);
+	if(ret > 0) {
+		buffer_takedata(buf, NULL, ret);
+		buf->total_out += ret;
+	}
+}
+
+#endif /* !defined(NO_OPENSSL) */
+
+#endif /* !defined(NO_BUFFER) */
diff --git a/crypto/openssl/demos/tunala/cb.c b/crypto/openssl/demos/tunala/cb.c
new file mode 100644
index 0000000..cd32f74
--- /dev/null
+++ b/crypto/openssl/demos/tunala/cb.c
@@ -0,0 +1,133 @@
+#include "tunala.h"
+
+#ifndef NO_OPENSSL
+
+/* For callbacks generating output, here are their file-descriptors. */
+static FILE *fp_cb_ssl_info = NULL;
+static FILE *fp_cb_ssl_verify = NULL;
+/* Output level:
+ *     0 = nothing,
+ *     1 = minimal, just errors,
+ *     2 = minimal, all steps,
+ *     3 = detail, all steps */
+static unsigned int cb_ssl_verify_level = 1;
+
+/* Other static rubbish (to mirror s_cb.c where required) */
+static int int_verify_depth = 10;
+
+/* This function is largely borrowed from the one used in OpenSSL's "s_client"
+ * and "s_server" utilities. */
+void cb_ssl_info(const SSL *s, int where, int ret)
+{
+	const char *str1, *str2;
+	int w;
+
+	if(!fp_cb_ssl_info)
+		return;
+
+	w = where & ~SSL_ST_MASK;
+	str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
+				"SSL_accept" : "undefined")),
+	str2 = SSL_state_string_long(s);
+
+	if (where & SSL_CB_LOOP)
+		fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
+	else if (where & SSL_CB_EXIT) {
+		if (ret == 0)
+			fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
+/* In a non-blocking model, we get a few of these "error"s simply because we're
+ * calling "reads" and "writes" on the state-machine that are virtual NOPs
+ * simply to avoid wasting the time seeing if we *should* call them. Removing
+ * this case makes the "-out_state" output a lot easier on the eye. */
+#if 0
+		else if (ret < 0)
+			fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
+#endif
+	}
+}
+
+void cb_ssl_info_set_output(FILE *fp)
+{
+	fp_cb_ssl_info = fp;
+}
+
+static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
+static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
+static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
+static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
+static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
+
+/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
+int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
+{
+	char buf1[256]; /* Used for the subject name */
+	char buf2[256]; /* Used for the issuer name */
+	const char *reason = NULL; /* Error reason (if any) */
+	X509 *err_cert;
+	int err, depth;
+
+	if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
+		return ok;
+	err_cert = X509_STORE_CTX_get_current_cert(ctx);
+	err = X509_STORE_CTX_get_error(ctx);
+	depth = X509_STORE_CTX_get_error_depth(ctx);
+
+	buf1[0] = buf2[0] = '\0';
+	/* Fill buf1 */
+	X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
+	/* Fill buf2 */
+	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
+	switch (ctx->error) {
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+		reason = int_reason_no_issuer;
+		break;
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+		reason = int_reason_not_yet;
+		break;
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+		reason = int_reason_before;
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+		reason = int_reason_expired;
+		break;
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+		reason = int_reason_after;
+		break;
+	}
+
+	if((cb_ssl_verify_level == 1) && ok)
+		return ok;
+	fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
+	if(reason)
+		fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
+	else
+		fprintf(fp_cb_ssl_verify, "error=%d\n", err);
+	if(cb_ssl_verify_level < 3)
+		return ok;
+	fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
+	fprintf(fp_cb_ssl_verify, "--> issuer  = %s\n", buf2);
+	if(!ok)
+		fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
+			X509_verify_cert_error_string(err));
+	fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
+	return ok;
+}
+
+void cb_ssl_verify_set_output(FILE *fp)
+{
+	fp_cb_ssl_verify = fp;
+}
+
+void cb_ssl_verify_set_depth(unsigned int verify_depth)
+{
+	int_verify_depth = verify_depth;
+}
+
+void cb_ssl_verify_set_level(unsigned int level)
+{
+	if(level < 4)
+		cb_ssl_verify_level = level;
+}
+
+#endif /* !defined(NO_OPENSSL) */
+
diff --git a/crypto/openssl/demos/tunala/configure.in b/crypto/openssl/demos/tunala/configure.in
new file mode 100644
index 0000000..b2a6ffc
--- /dev/null
+++ b/crypto/openssl/demos/tunala/configure.in
@@ -0,0 +1,28 @@
+dnl Process this file with autoconf to produce a configure script.
+AC_INIT(tunala.c)
+AM_CONFIG_HEADER(config.h)
+AM_INIT_AUTOMAKE(tunala, 0.0.1-dev)
+
+dnl Checks for programs. (Though skip libtool)
+AC_PROG_CC
+dnl AC_PROG_LIBTOOL
+dnl AM_PROG_LIBTOOL
+
+dnl Checks for libraries.
+AC_CHECK_LIB(dl, dlopen)
+AC_CHECK_LIB(socket, socket)
+AC_CHECK_LIB(nsl, gethostbyname)
+
+dnl Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS(fcntl.h limits.h unistd.h)
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+
+dnl Checks for library functions.
+AC_CHECK_FUNCS(strstr strtoul)
+AC_CHECK_FUNCS(select socket)
+AC_CHECK_FUNCS(dlopen)
+
+AC_OUTPUT(Makefile)
diff --git a/crypto/openssl/demos/tunala/ip.c b/crypto/openssl/demos/tunala/ip.c
new file mode 100644
index 0000000..96ef4e6
--- /dev/null
+++ b/crypto/openssl/demos/tunala/ip.c
@@ -0,0 +1,146 @@
+#include "tunala.h"
+
+#ifndef NO_IP
+
+#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
+				   such value it'll still be respectable */
+
+/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
+int ip_initialise(void)
+{
+	struct sigaction sa;
+
+	sa.sa_handler = SIG_IGN;
+	sa.sa_flags = 0;
+	sigemptyset(&sa.sa_mask);
+	if(sigaction(SIGPIPE, &sa, NULL) != 0)
+		return 0;
+	return 1;
+}
+
+int ip_create_listener_split(const char *ip, unsigned short port)
+{
+	struct sockaddr_in in_addr;
+	int fd = -1;
+	int reuseVal = 1;
+
+	/* Create the socket */
+	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+		goto err;
+	/* Set the SO_REUSEADDR flag - servers act weird without it */
+	if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
+				sizeof(reuseVal)) != 0)
+		goto err;
+	/* Prepare the listen address stuff */
+	in_addr.sin_family = AF_INET;
+	memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+	in_addr.sin_port = htons(port);
+	/* Bind to the required port/address/interface */
+	if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
+		goto err;
+	/* Start "listening" */
+	if(listen(fd, IP_LISTENER_BACKLOG) != 0)
+		goto err;
+	return fd;
+err:
+	if(fd != -1)
+		close(fd);
+	return -1;
+}
+
+int ip_create_connection_split(const char *ip, unsigned short port)
+{
+	struct sockaddr_in in_addr;
+	int flags, fd = -1;
+
+	/* Create the socket */
+	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+		goto err;
+	/* Make it non-blocking */
+	if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
+			(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
+		goto err;
+	/* Prepare the connection address stuff */
+	in_addr.sin_family = AF_INET;
+	memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+	in_addr.sin_port = htons(port);
+	/* Start a connect (non-blocking, in all likelihood) */
+	if((connect(fd, (struct sockaddr *)&in_addr,
+			sizeof(struct sockaddr_in)) != 0) &&
+			(errno != EINPROGRESS))
+		goto err;
+	return fd;
+err:
+	if(fd != -1)
+		close(fd);
+	return -1;
+}
+
+static char all_local_ip[] = {0x00,0x00,0x00,0x00};
+
+int ip_parse_address(const char *address, const char **parsed_ip,
+		unsigned short *parsed_port, int accept_all_ip)
+{
+	char buf[256];
+	struct hostent *lookup;
+	unsigned long port;
+	const char *ptr = strstr(address, ":");
+	const char *ip = all_local_ip;
+
+	if(!ptr) {
+		/* We assume we're listening on all local interfaces and have
+		 * only specified a port. */
+		if(!accept_all_ip)
+			return 0;
+		ptr = address;
+		goto determine_port;
+	}
+	if((ptr - address) > 255)
+		return 0;
+	memset(buf, 0, 256);
+	memcpy(buf, address, ptr - address);
+	ptr++;
+	if((lookup = gethostbyname(buf)) == NULL) {
+		/* Spit a message to differentiate between lookup failures and
+		 * bad strings. */
+		fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
+		return 0;
+	}
+	ip = lookup->h_addr_list[0];
+determine_port:
+	if(strlen(ptr) < 1)
+		return 0;
+	if(!int_strtoul(ptr, &port) || (port > 65535))
+		return 0;
+	*parsed_ip = ip;
+	*parsed_port = (unsigned short)port;
+	return 1;
+}
+
+int ip_create_listener(const char *address)
+{
+	const char *ip;
+	unsigned short port;
+
+	if(!ip_parse_address(address, &ip, &port, 1))
+		return -1;
+	return ip_create_listener_split(ip, port);
+}
+
+int ip_create_connection(const char *address)
+{
+	const char *ip;
+	unsigned short port;
+
+	if(!ip_parse_address(address, &ip, &port, 0))
+		return -1;
+	return ip_create_connection_split(ip, port);
+}
+
+int ip_accept_connection(int listen_fd)
+{
+	return accept(listen_fd, NULL, NULL);
+}
+
+#endif /* !defined(NO_IP) */
+
diff --git a/crypto/openssl/demos/tunala/sm.c b/crypto/openssl/demos/tunala/sm.c
new file mode 100644
index 0000000..25359e6
--- /dev/null
+++ b/crypto/openssl/demos/tunala/sm.c
@@ -0,0 +1,151 @@
+#include "tunala.h"
+
+#ifndef NO_TUNALA
+
+void state_machine_init(state_machine_t *machine)
+{
+	machine->ssl = NULL;
+	machine->bio_intossl = machine->bio_fromssl = NULL;
+	buffer_init(&machine->clean_in);
+	buffer_init(&machine->clean_out);
+	buffer_init(&machine->dirty_in);
+	buffer_init(&machine->dirty_out);
+}
+
+void state_machine_close(state_machine_t *machine)
+{
+	if(machine->ssl)
+		SSL_free(machine->ssl);
+/* SSL_free seems to decrement the reference counts already so doing this goes
+ * kaboom. */
+#if 0
+	if(machine->bio_intossl)
+		BIO_free(machine->bio_intossl);
+	if(machine->bio_fromssl)
+		BIO_free(machine->bio_fromssl);
+#endif
+	buffer_close(&machine->clean_in);
+	buffer_close(&machine->clean_out);
+	buffer_close(&machine->dirty_in);
+	buffer_close(&machine->dirty_out);
+	state_machine_init(machine);
+}
+
+buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
+{
+	switch(type) {
+	case SM_CLEAN_IN:
+		return &machine->clean_in;
+	case SM_CLEAN_OUT:
+		return &machine->clean_out;
+	case SM_DIRTY_IN:
+		return &machine->dirty_in;
+	case SM_DIRTY_OUT:
+		return &machine->dirty_out;
+	default:
+		break;
+	}
+	/* Should never get here */
+	abort();
+	return NULL;
+}
+
+SSL *state_machine_get_SSL(state_machine_t *machine)
+{
+	return machine->ssl;
+}
+
+int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
+{
+	if(machine->ssl)
+		/* Shouldn't ever be set twice */
+		abort();
+	machine->ssl = ssl;
+	/* Create the BIOs to handle the dirty side of the SSL */
+	if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
+		abort();
+	if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
+		abort();
+	/* Hook up the BIOs on the dirty side of the SSL */
+	SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
+	if(is_server)
+		SSL_set_accept_state(machine->ssl);
+	else
+		SSL_set_connect_state(machine->ssl);
+	/* If we're the first one to generate traffic - do it now otherwise we
+	 * go into the next select empty-handed and our peer will not send data
+	 * but will similarly wait for us. */
+	return state_machine_churn(machine);
+}
+
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t *machine)
+{
+	unsigned int loop;
+	if(machine->ssl == NULL) {
+		if(buffer_empty(&machine->clean_out))
+			/* Time to close this state-machine altogether */
+			return 0;
+		else
+			/* Still buffered data on the clean side to go out */
+			return 1;
+	}
+	/* Do this loop twice to cover any dependencies about which precise
+	 * order of reads and writes is required. */
+	for(loop = 0; loop < 2; loop++) {
+		buffer_to_SSL(&machine->clean_in, machine->ssl);
+		buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
+		buffer_from_SSL(&machine->clean_out, machine->ssl);
+		buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
+	}
+	/* We close on the SSL side if the info callback noticed some problems
+	 * or an SSL shutdown was underway and shutdown traffic had all been
+	 * sent. */
+	if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
+				buffer_empty(&machine->dirty_out))) {
+		/* Great, we can seal off the dirty side completely */
+		if(!state_machine_close_dirty(machine))
+			return 0;
+	}
+	/* Either the SSL is alive and well, or the closing process still has
+	 * outgoing data waiting to be sent */
+	return 1;
+}
+
+/* Called when the clean side of the SSL has lost its connection */
+int state_machine_close_clean(state_machine_t *machine)
+{
+	/* Well, first thing to do is null out the clean-side buffers - they're
+	 * no use any more. */
+	buffer_close(&machine->clean_in);
+	buffer_close(&machine->clean_out);
+	/* And start an SSL shutdown */
+	if(machine->ssl)
+		SSL_shutdown(machine->ssl);
+	/* This is an "event", so flush the SSL of any generated traffic */
+	state_machine_churn(machine);
+	if(buffer_empty(&machine->dirty_in) &&
+			buffer_empty(&machine->dirty_out))
+		return 0;
+	return 1;
+}
+
+/* Called when the dirty side of the SSL has lost its connection. This is pretty
+ * terminal as all that can be left to do is send any buffered output on the
+ * clean side - after that, we're done. */
+int state_machine_close_dirty(state_machine_t *machine)
+{
+	buffer_close(&machine->dirty_in);
+	buffer_close(&machine->dirty_out);
+	buffer_close(&machine->clean_in);
+	if(machine->ssl)
+		SSL_free(machine->ssl);
+	machine->ssl = NULL;
+	machine->bio_intossl = machine->bio_fromssl = NULL;
+	if(buffer_empty(&machine->clean_out))
+		return 0;
+	return 1;
+}
+
+#endif /* !defined(NO_TUNALA) */
+
diff --git a/crypto/openssl/demos/tunala/tunala.c b/crypto/openssl/demos/tunala/tunala.c
new file mode 100644
index 0000000..e802a62
--- /dev/null
+++ b/crypto/openssl/demos/tunala/tunala.c
@@ -0,0 +1,1093 @@
+#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
+#error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
+#endif
+
+/* Include our bits'n'pieces */
+#include "tunala.h"
+
+
+/********************************************/
+/* Our local types that specify our "world" */
+/********************************************/
+
+/* These represent running "tunnels". Eg. if you wanted to do SSL in a
+ * "message-passing" scanario, the "int" file-descriptors might be replaced by
+ * thread or process IDs, and the "select" code might be replaced by message
+ * handling code. Whatever. */
+typedef struct _tunala_item_t {
+	/* The underlying SSL state machine. This is a data-only processing unit
+	 * and we communicate with it by talking to its four "buffers". */
+	state_machine_t sm;
+	/* The file-descriptors for the "dirty" (encrypted) side of the SSL
+	 * setup. In actuality, this is typically a socket and both values are
+	 * identical. */
+	int dirty_read, dirty_send;
+	/* The file-descriptors for the "clean" (unencrypted) side of the SSL
+	 * setup. These could be stdin/stdout, a socket (both values the same),
+	 * or whatever you like. */
+	int clean_read, clean_send;
+} tunala_item_t;
+
+/* This structure is used as the data for running the main loop. Namely, in a
+ * network format such as this, it is stuff for select() - but as pointed out,
+ * when moving the real-world to somewhere else, this might be replaced by
+ * something entirely different. It's basically the stuff that controls when
+ * it's time to do some "work". */
+typedef struct _select_sets_t {
+	int max; /* As required as the first argument to select() */
+	fd_set reads, sends, excepts; /* As passed to select() */
+} select_sets_t;
+typedef struct _tunala_selector_t {
+	select_sets_t last_selected; /* Results of the last select() */
+	select_sets_t next_select; /* What we'll next select on */
+} tunala_selector_t;
+
+/* This structure is *everything*. We do it to avoid the use of globals so that,
+ * for example, it would be easier to shift things around between async-IO,
+ * thread-based, or multi-fork()ed (or combinations thereof). */
+typedef struct _tunala_world_t {
+	/* The file-descriptor we "listen" on for new connections */
+	int listen_fd;
+	/* The array of tunnels */
+	tunala_item_t *tunnels;
+	/* the number of tunnels in use and allocated, respectively */
+	unsigned int tunnels_used, tunnels_size;
+	/* Our outside "loop" context stuff */
+	tunala_selector_t selector;
+	/* Our SSL_CTX, which is configured as the SSL client or server and has
+	 * the various cert-settings and callbacks configured. */
+	SSL_CTX *ssl_ctx;
+	/* Simple flag with complex logic :-) Indicates whether we're an SSL
+	 * server or an SSL client. */
+	int server_mode;
+} tunala_world_t;
+
+/*****************************/
+/* Internal static functions */
+/*****************************/
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+		const char *CAfile, const char *cert, const char *key,
+		const char *dcert, const char *dkey, const char *cipher_list,
+		const char *dh_file, const char *dh_special, int ctx_options,
+		int out_state, int out_verify, int verify_mode,
+		unsigned int verify_depth);
+static void selector_init(tunala_selector_t *selector);
+static void selector_add_listener(tunala_selector_t *selector, int fd);
+static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t);
+static int selector_select(tunala_selector_t *selector);
+/* This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated. */
+static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd);
+static int tunala_world_new_item(tunala_world_t *world, int fd,
+		const char *ip, unsigned short port, int flipped);
+static void tunala_world_del_item(tunala_world_t *world, unsigned int idx);
+static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item);
+
+/*********************************************/
+/* MAIN FUNCTION (and its utility functions) */
+/*********************************************/
+
+static const char *def_proxyhost = "127.0.0.1:443";
+static const char *def_listenhost = "127.0.0.1:8080";
+static int def_max_tunnels = 50;
+static const char *def_cacert = NULL;
+static const char *def_cert = NULL;
+static const char *def_key = NULL;
+static const char *def_dcert = NULL;
+static const char *def_dkey = NULL;
+static const char *def_engine_id = NULL;
+static int def_server_mode = 0;
+static int def_flipped = 0;
+static const char *def_cipher_list = NULL;
+static const char *def_dh_file = NULL;
+static const char *def_dh_special = NULL;
+static int def_ctx_options = 0;
+static int def_verify_mode = 0;
+static unsigned int def_verify_depth = 10;
+static int def_out_state = 0;
+static unsigned int def_out_verify = 0;
+static int def_out_totals = 0;
+static int def_out_conns = 0;
+
+static const char *helpstring =
+"\n'Tunala' (A tunneler with a New Zealand accent)\n"
+"Usage: tunala [options], where options are from;\n"
+" -listen [host:]<port>  (default = 127.0.0.1:8080)\n"
+" -proxy <host>:<port>   (default = 127.0.0.1:443)\n"
+" -maxtunnels <num>      (default = 50)\n"
+" -cacert <path|NULL>    (default = NULL)\n"
+" -cert <path|NULL>      (default = NULL)\n"
+" -key <path|NULL>       (default = whatever '-cert' is)\n"
+" -dcert <path|NULL>     (usually for DSA, default = NULL)\n"
+" -dkey <path|NULL>      (usually for DSA, default = whatever '-dcert' is)\n"
+" -engine <id|NULL>      (default = NULL)\n"
+" -server <0|1>          (default = 0, ie. an SSL client)\n"
+" -flipped <0|1>         (makes SSL servers be network clients, and vice versa)\n"
+" -cipher <list>         (specifies cipher list to use)\n"
+" -dh_file <path>        (a PEM file containing DH parameters to use)\n"
+" -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
+" -no_ssl2               (disable SSLv2)\n"
+" -no_ssl3               (disable SSLv3)\n"
+" -no_tls1               (disable TLSv1)\n"
+" -v_peer                (verify the peer certificate)\n"
+" -v_strict              (do not continue if peer doesn't authenticate)\n"
+" -v_once                (no verification in renegotiates)\n"
+" -v_depth <num>         (limit certificate chain depth, default = 10)\n"
+" -out_conns             (prints client connections and disconnections)\n"
+" -out_state             (prints SSL handshake states)\n"
+" -out_verify <0|1|2|3>  (prints certificate verification states: def=1)\n"
+" -out_totals            (prints out byte-totals when a tunnel closes)\n"
+" -<h|help|?>            (displays this help screen)\n"
+"Notes:\n"
+"(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
+"    If you only specify '-cert', the same file must contain a matching\n"
+"    private key.\n"
+"(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
+"    will be obtained from (or '-dh_special NULL' for the default choice) but\n"
+"    you cannot specify both. For dh_special, 'generate' will create new DH\n"
+"    parameters on startup, and 'standard' will use embedded parameters\n"
+"    instead.\n"
+"(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
+"    tunala' listens for 'clean' client connections and proxies ssl, and an\n"
+"    'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
+"    '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
+"    listens for clean client connections and proxies ssl (but participating\n"
+"    as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
+"    listens for ssl connections (participating as an ssl *client* in the\n"
+"    SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
+"    be useful for allowing network access to 'servers' where only the server\n"
+"    needs to authenticate the client (ie. the other way is not required).\n"
+"    Even with client and server authentication, this 'technique' mitigates\n"
+"    some DoS (denial-of-service) potential as it will be the network client\n"
+"    having to perform the first private key operation rather than the other\n"
+"    way round.\n"
+"(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
+"    absolutely nothing except another complimentary instance of 'tunala'\n"
+"    running with '-flipped 1'. :-)\n";
+
+/* Default DH parameters for use with "-dh_special standard" ... stolen striaght
+ * from s_server. */
+static unsigned char dh512_p[]={
+	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+	0x47,0x74,0xE8,0x33,
+	};
+static unsigned char dh512_g[]={
+	0x02,
+	};
+
+/* And the function that parses the above "standard" parameters, again, straight
+ * out of s_server. */
+static DH *get_dh512(void)
+	{
+	DH *dh=NULL;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		return(NULL);
+	return(dh);
+	}
+
+/* Various help/error messages used by main() */
+static int usage(const char *errstr, int isunknownarg)
+{
+	if(isunknownarg)
+		fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
+	else
+		fprintf(stderr, "Error: %s\n", errstr);
+	fprintf(stderr, "%s\n", helpstring);
+	return 1;
+}
+
+static int err_str0(const char *str0)
+{
+	fprintf(stderr, "%s\n", str0);
+	return 1;
+}
+
+static int err_str1(const char *fmt, const char *str1)
+{
+	fprintf(stderr, fmt, str1);
+	fprintf(stderr, "\n");
+	return 1;
+}
+
+static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for "
+				"maxtunnels\n", s);
+		return 0;
+	}
+	*maxtunnels = (unsigned int)l;
+	return 1;
+}
+
+static int parse_server_mode(const char *s, int *servermode)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l > 1)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for the "
+				"server mode\n", s);
+		return 0;
+	}
+	*servermode = (int)l;
+	return 1;
+}
+
+static int parse_dh_special(const char *s, const char **dh_special)
+{
+	if((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
+			(strcmp(s, "standard") == 0)) {
+		*dh_special = s;
+		return 1;
+	}
+	fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
+	return 0;
+}
+
+static int parse_verify_level(const char *s, unsigned int *verify_level)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l > 3)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for "
+				"out_verify\n", s);
+		return 0;
+	}
+	*verify_level = (unsigned int)l;
+	return 1;
+}
+
+static int parse_verify_depth(const char *s, unsigned int *verify_depth)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for "
+				"verify_depth\n", s);
+		return 0;
+	}
+	*verify_depth = (unsigned int)l;
+	return 1;
+}
+
+/* Some fprintf format strings used when tunnels close */
+static const char *io_stats_dirty =
+"    SSL traffic;   %8lu bytes in, %8lu bytes out\n";
+static const char *io_stats_clean =
+"    clear traffic; %8lu bytes in, %8lu bytes out\n";
+
+int main(int argc, char *argv[])
+{
+	unsigned int loop;
+	int newfd;
+	tunala_world_t world;
+	tunala_item_t *t_item;
+	const char *proxy_ip;
+	unsigned short proxy_port;
+	/* Overridables */
+	const char *proxyhost = def_proxyhost;
+	const char *listenhost = def_listenhost;
+	unsigned int max_tunnels = def_max_tunnels;
+	const char *cacert = def_cacert;
+	const char *cert = def_cert;
+	const char *key = def_key;
+	const char *dcert = def_dcert;
+	const char *dkey = def_dkey;
+	const char *engine_id = def_engine_id;
+	int server_mode = def_server_mode;
+	int flipped = def_flipped;
+	const char *cipher_list = def_cipher_list;
+	const char *dh_file = def_dh_file;
+	const char *dh_special = def_dh_special;
+	int ctx_options = def_ctx_options;
+	int verify_mode = def_verify_mode;
+	unsigned int verify_depth = def_verify_depth;
+	int out_state = def_out_state;
+	unsigned int out_verify = def_out_verify;
+	int out_totals = def_out_totals;
+	int out_conns = def_out_conns;
+
+/* Parse command-line arguments */
+next_arg:
+	argc--; argv++;
+	if(argc > 0) {
+		if(strcmp(*argv, "-listen") == 0) {
+			if(argc < 2)
+				return usage("-listen requires an argument", 0);
+			argc--; argv++;
+			listenhost = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-proxy") == 0) {
+			if(argc < 2)
+				return usage("-proxy requires an argument", 0);
+			argc--; argv++;
+			proxyhost = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-maxtunnels") == 0) {
+			if(argc < 2)
+				return usage("-maxtunnels requires an argument", 0);
+			argc--; argv++;
+			if(!parse_max_tunnels(*argv, &max_tunnels))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-cacert") == 0) {
+			if(argc < 2)
+				return usage("-cacert requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				cacert = NULL;
+			else
+				cacert = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-cert") == 0) {
+			if(argc < 2)
+				return usage("-cert requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				cert = NULL;
+			else
+				cert = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-key") == 0) {
+			if(argc < 2)
+				return usage("-key requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				key = NULL;
+			else
+				key = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dcert") == 0) {
+			if(argc < 2)
+				return usage("-dcert requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				dcert = NULL;
+			else
+				dcert = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dkey") == 0) {
+			if(argc < 2)
+				return usage("-dkey requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				dkey = NULL;
+			else
+				dkey = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-engine") == 0) {
+			if(argc < 2)
+				return usage("-engine requires an argument", 0);
+			argc--; argv++;
+			engine_id = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-server") == 0) {
+			if(argc < 2)
+				return usage("-server requires an argument", 0);
+			argc--; argv++;
+			if(!parse_server_mode(*argv, &server_mode))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-flipped") == 0) {
+			if(argc < 2)
+				return usage("-flipped requires an argument", 0);
+			argc--; argv++;
+			if(!parse_server_mode(*argv, &flipped))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-cipher") == 0) {
+			if(argc < 2)
+				return usage("-cipher requires an argument", 0);
+			argc--; argv++;
+			cipher_list = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dh_file") == 0) {
+			if(argc < 2)
+				return usage("-dh_file requires an argument", 0);
+			if(dh_special)
+				return usage("cannot mix -dh_file with "
+						"-dh_special", 0);
+			argc--; argv++;
+			dh_file = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dh_special") == 0) {
+			if(argc < 2)
+				return usage("-dh_special requires an argument", 0);
+			if(dh_file)
+				return usage("cannot mix -dh_file with "
+						"-dh_special", 0);
+			argc--; argv++;
+			if(!parse_dh_special(*argv, &dh_special))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_ssl2") == 0) {
+			ctx_options |= SSL_OP_NO_SSLv2;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_ssl3") == 0) {
+			ctx_options |= SSL_OP_NO_SSLv3;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_tls1") == 0) {
+			ctx_options |= SSL_OP_NO_TLSv1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_peer") == 0) {
+			verify_mode |= SSL_VERIFY_PEER;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_strict") == 0) {
+			verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_once") == 0) {
+			verify_mode |= SSL_VERIFY_CLIENT_ONCE;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_depth") == 0) {
+			if(argc < 2)
+				return usage("-v_depth requires an argument", 0);
+			argc--; argv++;
+			if(!parse_verify_depth(*argv, &verify_depth))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_state") == 0) {
+			out_state = 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_verify") == 0) {
+			if(argc < 2)
+				return usage("-out_verify requires an argument", 0);
+			argc--; argv++;
+			if(!parse_verify_level(*argv, &out_verify))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_totals") == 0) {
+			out_totals = 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_conns") == 0) {
+			out_conns = 1;
+			goto next_arg;
+		} else if((strcmp(*argv, "-h") == 0) ||
+				(strcmp(*argv, "-help") == 0) ||
+				(strcmp(*argv, "-?") == 0)) {
+			fprintf(stderr, "%s\n", helpstring);
+			return 0;
+		} else
+			return usage(*argv, 1);
+	}
+	/* Run any sanity checks we want here */
+	if(!cert && !dcert && server_mode)
+		fprintf(stderr, "WARNING: you are running an SSL server without "
+				"a certificate - this may not work!\n");
+
+	/* Initialise network stuff */
+	if(!ip_initialise())
+		return err_str0("ip_initialise failed");
+	/* Create the SSL_CTX */
+	if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
+			cacert, cert, key, dcert, dkey, cipher_list, dh_file,
+			dh_special, ctx_options, out_state, out_verify,
+			verify_mode, verify_depth)) == NULL)
+		return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
+			(engine_id == NULL) ? "NULL" : engine_id);
+	if(engine_id)
+		fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
+	/* Create the listener */
+	if((world.listen_fd = ip_create_listener(listenhost)) == -1)
+		return err_str1("ip_create_listener(%s) failed", listenhost);
+	fprintf(stderr, "Info, listening on '%s'\n", listenhost);
+	if(!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
+		return err_str1("ip_parse_address(%s) failed", proxyhost);
+	fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
+			(int)proxy_ip[0], (int)proxy_ip[1],
+			(int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
+	fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
+	fprintf(stderr, "Info, set to operate as an SSL %s\n",
+			(server_mode ? "server" : "client"));
+	/* Initialise the rest of the stuff */
+	world.tunnels_used = world.tunnels_size = 0;
+	world.tunnels = NULL;
+	world.server_mode = server_mode;
+	selector_init(&world.selector);
+
+/* We're ready to loop */
+main_loop:
+	/* Should we listen for *new* tunnels? */
+	if(world.tunnels_used < max_tunnels)
+		selector_add_listener(&world.selector, world.listen_fd);
+	/* We should add in our existing tunnels */
+	for(loop = 0; loop < world.tunnels_used; loop++)
+		selector_add_tunala(&world.selector, world.tunnels + loop);
+	/* Now do the select */
+	switch(selector_select(&world.selector)) {
+	case -1:
+		fprintf(stderr, "selector_select returned a badness error.\n");
+		goto shouldnt_happen;
+	case 0:
+		fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n");
+		goto main_loop;
+	default:
+		break;
+	}
+	/* Accept new connection if we should and can */
+	if((world.tunnels_used < max_tunnels) && (selector_get_listener(
+					&world.selector, world.listen_fd,
+					&newfd) == 1)) {
+		/* We have a new connection */
+		if(!tunala_world_new_item(&world, newfd, proxy_ip,
+						proxy_port, flipped))
+			fprintf(stderr, "tunala_world_new_item failed\n");
+		else if(out_conns)
+			fprintf(stderr, "Info, new tunnel opened, now up to "
+					"%d\n", world.tunnels_used);
+	}
+	/* Give each tunnel its moment, note the while loop is because it makes
+	 * the logic easier than with "for" to deal with an array that may shift
+	 * because of deletes. */
+	loop = 0;
+	t_item = world.tunnels;
+	while(loop < world.tunnels_used) {
+		if(!tunala_item_io(&world.selector, t_item)) {
+			/* We're closing whether for reasons of an error or a
+			 * natural close. Don't increment loop or t_item because
+			 * the next item is moving to us! */
+			if(!out_totals)
+				goto skip_totals;
+			fprintf(stderr, "Tunnel closing, traffic stats follow\n");
+			/* Display the encrypted (over the network) stats */
+			fprintf(stderr, io_stats_dirty,
+				buffer_total_in(state_machine_get_buffer(
+						&t_item->sm,SM_DIRTY_IN)),
+				buffer_total_out(state_machine_get_buffer(
+						&t_item->sm,SM_DIRTY_OUT)));
+			/* Display the local (tunnelled) stats. NB: Data we
+			 * *receive* is data sent *out* of the state_machine on
+			 * its 'clean' side. Hence the apparent back-to-front
+			 * OUT/IN mixup here :-) */
+			fprintf(stderr, io_stats_clean,
+				buffer_total_out(state_machine_get_buffer(
+						&t_item->sm,SM_CLEAN_OUT)),
+				buffer_total_in(state_machine_get_buffer(
+						&t_item->sm,SM_CLEAN_IN)));
+skip_totals:
+			tunala_world_del_item(&world, loop);
+			if(out_conns)
+				fprintf(stderr, "Info, tunnel closed, down to %d\n",
+					world.tunnels_used);
+		}
+		else {
+			/* Move to the next item */
+			loop++;
+			t_item++;
+		}
+	}
+	goto main_loop;
+	/* Should never get here */
+shouldnt_happen:
+	abort();
+	return 1;
+}
+
+/****************/
+/* OpenSSL bits */
+/****************/
+
+static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
+{
+	FILE *fp = NULL;
+	X509 *x509 = NULL;
+	EVP_PKEY *pkey = NULL;
+	int toret = 0; /* Assume an error */
+
+	/* cert */
+	if(cert) {
+		if((fp = fopen(cert, "r")) == NULL) {
+			fprintf(stderr, "Error opening cert file '%s'\n", cert);
+			goto err;
+		}
+		if(!PEM_read_X509(fp, &x509, NULL, NULL)) {
+			fprintf(stderr, "Error reading PEM cert from '%s'\n",
+					cert);
+			goto err;
+		}
+		if(!SSL_CTX_use_certificate(ctx, x509)) {
+			fprintf(stderr, "Error, cert in '%s' can not be used\n",
+					cert);
+			goto err;
+		}
+		/* Clear the FILE* for reuse in the "key" code */
+		fclose(fp);
+		fp = NULL;
+		fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
+		/* If a cert was given without matching key, we assume the same
+		 * file contains the required key. */
+		if(!key)
+			key = cert;
+	} else {
+		if(key)
+			fprintf(stderr, "Error, can't specify a key without a "
+					"corresponding certificate\n");
+		else
+			fprintf(stderr, "Error, ctx_set_cert called with "
+					"NULLs!\n");
+		goto err;
+	}
+	/* key */
+	if(key) {
+		if((fp = fopen(key, "r")) == NULL) {
+			fprintf(stderr, "Error opening key file '%s'\n", key);
+			goto err;
+		}
+		if(!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
+			fprintf(stderr, "Error reading PEM key from '%s'\n",
+					key);
+			goto err;
+		}
+		if(!SSL_CTX_use_PrivateKey(ctx, pkey)) {
+			fprintf(stderr, "Error, key in '%s' can not be used\n",
+					key);
+			goto err;
+		}
+		fprintf(stderr, "Info, operating with key in '%s'\n", key);
+	} else
+		fprintf(stderr, "Info, operating without a cert or key\n");
+	/* Success */
+	toret = 1; err:
+	if(x509)
+		X509_free(x509);
+	if(pkey)
+		EVP_PKEY_free(pkey);
+	if(fp)
+		fclose(fp);
+	return toret;
+}
+
+static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
+{
+	DH *dh = NULL;
+	FILE *fp = NULL;
+
+	if(dh_special) {
+		if(strcmp(dh_special, "NULL") == 0)
+			return 1;
+		if(strcmp(dh_special, "standard") == 0) {
+			if((dh = get_dh512()) == NULL) {
+				fprintf(stderr, "Error, can't parse 'standard'"
+						" DH parameters\n");
+				return 0;
+			}
+			fprintf(stderr, "Info, using 'standard' DH parameters\n");
+			goto do_it;
+		}
+		if(strcmp(dh_special, "generate") != 0)
+			/* This shouldn't happen - screening values is handled
+			 * in main(). */
+			abort();
+		fprintf(stderr, "Info, generating DH parameters ... ");
+		fflush(stderr);
+		if((dh = DH_generate_parameters(512, DH_GENERATOR_5,
+					NULL, NULL)) == NULL) {
+			fprintf(stderr, "error!\n");
+			return 0;
+		}
+		fprintf(stderr, "complete\n");
+		goto do_it;
+	}
+	/* So, we're loading dh_file */
+	if((fp = fopen(dh_file, "r")) == NULL) {
+		fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
+				dh_file);
+		return 0;
+	}
+	dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
+	fclose(fp);
+	if(dh == NULL) {
+		fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
+				dh_file);
+		return 0;
+	}
+	fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
+do_it:
+	SSL_CTX_set_tmp_dh(ctx, dh);
+	DH_free(dh);
+	return 1;
+}
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+		const char *CAfile, const char *cert, const char *key,
+		const char *dcert, const char *dkey, const char *cipher_list,
+		const char *dh_file, const char *dh_special, int ctx_options,
+		int out_state, int out_verify, int verify_mode,
+		unsigned int verify_depth)
+{
+	SSL_CTX *ctx = NULL, *ret = NULL;
+	SSL_METHOD *meth;
+	ENGINE *e = NULL;
+
+        OpenSSL_add_ssl_algorithms();
+        SSL_load_error_strings();
+
+	meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
+	if(meth == NULL)
+		goto err;
+	if(engine_id) {
+		ENGINE_load_builtin_engines();
+		if((e = ENGINE_by_id(engine_id)) == NULL) {
+			fprintf(stderr, "Error obtaining '%s' engine, openssl "
+					"errors follow\n", engine_id);
+			goto err;
+		}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+			fprintf(stderr, "Error assigning '%s' engine, openssl "
+					"errors follow\n", engine_id);
+			goto err;
+		}
+		ENGINE_free(e);
+	}
+	if((ctx = SSL_CTX_new(meth)) == NULL)
+		goto err;
+	/* cacert */
+	if(CAfile) {
+		if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
+					CAfile, NULL)) {
+			fprintf(stderr, "Error loading CA cert(s) in '%s'\n",
+					CAfile);
+			goto err;
+		}
+		fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n",
+				CAfile);
+	} else
+		fprintf(stderr, "Info, operating without a CA cert(-list)\n");
+	if(!SSL_CTX_set_default_verify_paths(ctx)) {
+		fprintf(stderr, "Error setting default verify paths\n");
+		goto err;
+	}
+
+	/* cert and key */
+	if((cert || key) && !ctx_set_cert(ctx, cert, key))
+		goto err;
+	/* dcert and dkey */
+	if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
+		goto err;
+
+	/* cipher_list */
+	if(cipher_list) {
+		if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
+			fprintf(stderr, "Error setting cipher list '%s'\n",
+					cipher_list);
+			goto err;
+		}
+		fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
+	} else
+		fprintf(stderr, "Info, operating with default cipher list\n");
+
+	/* dh_file & dh_special */
+	if((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
+		goto err;
+
+	/* ctx_options */
+	SSL_CTX_set_options(ctx, ctx_options);
+
+	/* out_state (output of SSL handshake states to screen). */
+	if(out_state)
+		cb_ssl_info_set_output(stderr);
+
+	/* out_verify */
+	if(out_verify > 0) {
+		cb_ssl_verify_set_output(stderr);
+		cb_ssl_verify_set_level(out_verify);
+	}
+
+	/* verify_depth */
+	cb_ssl_verify_set_depth(verify_depth);
+
+	/* Success! (includes setting verify_mode) */
+	SSL_CTX_set_info_callback(ctx, cb_ssl_info);
+	SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
+	ret = ctx;
+err:
+	if(!ret) {
+		ERR_print_errors_fp(stderr);
+		if(ctx)
+			SSL_CTX_free(ctx);
+	}
+	return ret;
+}
+
+/*****************/
+/* Selector bits */
+/*****************/
+
+static void selector_sets_init(select_sets_t *s)
+{
+	s->max = 0;
+	FD_ZERO(&s->reads);
+	FD_ZERO(&s->sends);
+	FD_ZERO(&s->excepts);
+}
+static void selector_init(tunala_selector_t *selector)
+{
+	selector_sets_init(&selector->last_selected);
+	selector_sets_init(&selector->next_select);
+}
+
+#define SEL_EXCEPTS 0x00
+#define SEL_READS   0x01
+#define SEL_SENDS   0x02
+static void selector_add_raw_fd(tunala_selector_t *s, int fd, int flags)
+{
+	FD_SET(fd, &s->next_select.excepts);
+	if(flags & SEL_READS)
+		FD_SET(fd, &s->next_select.reads);
+	if(flags & SEL_SENDS)
+		FD_SET(fd, &s->next_select.sends);
+	/* Adjust "max" */
+	if(s->next_select.max < (fd + 1))
+		s->next_select.max = fd + 1;
+}
+
+static void selector_add_listener(tunala_selector_t *selector, int fd)
+{
+	selector_add_raw_fd(selector, fd, SEL_READS);
+}
+
+static void selector_add_tunala(tunala_selector_t *s, tunala_item_t *t)
+{
+	/* Set clean read if sm.clean_in is not full */
+	if(t->clean_read != -1) {
+		selector_add_raw_fd(s, t->clean_read,
+			(buffer_full(state_machine_get_buffer(&t->sm,
+				SM_CLEAN_IN)) ? SEL_EXCEPTS : SEL_READS));
+	}
+	/* Set clean send if sm.clean_out is not empty */
+	if(t->clean_send != -1) {
+		selector_add_raw_fd(s, t->clean_send,
+			(buffer_empty(state_machine_get_buffer(&t->sm,
+				SM_CLEAN_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
+	}
+	/* Set dirty read if sm.dirty_in is not full */
+	if(t->dirty_read != -1) {
+		selector_add_raw_fd(s, t->dirty_read,
+			(buffer_full(state_machine_get_buffer(&t->sm,
+				SM_DIRTY_IN)) ? SEL_EXCEPTS : SEL_READS));
+	}
+	/* Set dirty send if sm.dirty_out is not empty */
+	if(t->dirty_send != -1) {
+		selector_add_raw_fd(s, t->dirty_send,
+			(buffer_empty(state_machine_get_buffer(&t->sm,
+				SM_DIRTY_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
+	}
+}
+
+static int selector_select(tunala_selector_t *selector)
+{
+	memcpy(&selector->last_selected, &selector->next_select,
+			sizeof(select_sets_t));
+	selector_sets_init(&selector->next_select);
+	return select(selector->last_selected.max,
+			&selector->last_selected.reads,
+			&selector->last_selected.sends,
+			&selector->last_selected.excepts, NULL);
+}
+
+/* This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated. */
+static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd)
+{
+	if(FD_ISSET(fd, &selector->last_selected.excepts))
+		return -1;
+	if(!FD_ISSET(fd, &selector->last_selected.reads))
+		return 0;
+	if((*newfd = ip_accept_connection(fd)) == -1)
+		return -1;
+	return 1;
+}
+
+/************************/
+/* "Tunala" world stuff */
+/************************/
+
+static int tunala_world_make_room(tunala_world_t *world)
+{
+	unsigned int newsize;
+	tunala_item_t *newarray;
+
+	if(world->tunnels_used < world->tunnels_size)
+		return 1;
+	newsize = (world->tunnels_size == 0 ? 16 :
+			((world->tunnels_size * 3) / 2));
+	if((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
+		return 0;
+	memset(newarray, 0, newsize * sizeof(tunala_item_t));
+	if(world->tunnels_used > 0)
+		memcpy(newarray, world->tunnels,
+			world->tunnels_used * sizeof(tunala_item_t));
+	if(world->tunnels_size > 0)
+		free(world->tunnels);
+	/* migrate */
+	world->tunnels = newarray;
+	world->tunnels_size = newsize;
+	return 1;
+}
+
+static int tunala_world_new_item(tunala_world_t *world, int fd,
+		const char *ip, unsigned short port, int flipped)
+{
+	tunala_item_t *item;
+	int newfd;
+	SSL *new_ssl = NULL;
+
+	if(!tunala_world_make_room(world))
+		return 0;
+	if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
+		fprintf(stderr, "Error creating new SSL\n");
+		ERR_print_errors_fp(stderr);
+		return 0;
+	}
+	item = world->tunnels + (world->tunnels_used++);
+	state_machine_init(&item->sm);
+	item->clean_read = item->clean_send =
+		item->dirty_read = item->dirty_send = -1;
+	if((newfd = ip_create_connection_split(ip, port)) == -1)
+		goto err;
+	/* Which way round? If we're a server, "fd" is the dirty side and the
+	 * connection we open is the clean one. For a client, it's the other way
+	 * around. Unless, of course, we're "flipped" in which case everything
+	 * gets reversed. :-) */
+	if((world->server_mode && !flipped) ||
+			(!world->server_mode && flipped)) {
+		item->dirty_read = item->dirty_send = fd;
+		item->clean_read = item->clean_send = newfd;
+	} else {
+		item->clean_read = item->clean_send = fd;
+		item->dirty_read = item->dirty_send = newfd;
+	}
+	/* We use the SSL's "app_data" to indicate a call-back induced "kill" */
+	SSL_set_app_data(new_ssl, NULL);
+	if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
+		goto err;
+	return 1;
+err:
+	tunala_world_del_item(world, world->tunnels_used - 1);
+	return 0;
+
+}
+
+static void tunala_world_del_item(tunala_world_t *world, unsigned int idx)
+{
+	tunala_item_t *item = world->tunnels + idx;
+	if(item->clean_read != -1)
+		close(item->clean_read);
+	if(item->clean_send != item->clean_read)
+		close(item->clean_send);
+	item->clean_read = item->clean_send = -1;
+	if(item->dirty_read != -1)
+		close(item->dirty_read);
+	if(item->dirty_send != item->dirty_read)
+		close(item->dirty_send);
+	item->dirty_read = item->dirty_send = -1;
+	state_machine_close(&item->sm);
+	/* OK, now we fix the item array */
+	if(idx + 1 < world->tunnels_used)
+		/* We need to scroll entries to the left */
+		memmove(world->tunnels + idx,
+				world->tunnels + (idx + 1),
+				(world->tunnels_used - (idx + 1)) *
+					sizeof(tunala_item_t));
+	world->tunnels_used--;
+}
+
+static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item)
+{
+	int c_r, c_s, d_r, d_s; /* Four boolean flags */
+
+	/* Take ourselves out of the gene-pool if there was an except */
+	if((item->clean_read != -1) && FD_ISSET(item->clean_read,
+				&selector->last_selected.excepts))
+		return 0;
+	if((item->clean_send != -1) && FD_ISSET(item->clean_send,
+				&selector->last_selected.excepts))
+		return 0;
+	if((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
+				&selector->last_selected.excepts))
+		return 0;
+	if((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
+				&selector->last_selected.excepts))
+		return 0;
+	/* Grab our 4 IO flags */
+	c_r = c_s = d_r = d_s = 0;
+	if(item->clean_read != -1)
+		c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
+	if(item->clean_send != -1)
+		c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
+	if(item->dirty_read != -1)
+		d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
+	if(item->dirty_send != -1)
+		d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
+	/* If no IO has happened for us, skip needless data looping */
+	if(!c_r && !c_s && !d_r && !d_s)
+		return 1;
+	if(c_r)
+		c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+				SM_CLEAN_IN), item->clean_read) <= 0);
+	if(c_s)
+		c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+				SM_CLEAN_OUT), item->clean_send) <= 0);
+	if(d_r)
+		d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+				SM_DIRTY_IN), item->dirty_read) <= 0);
+	if(d_s)
+		d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+				SM_DIRTY_OUT), item->dirty_send) <= 0);
+	/* If any of the flags is non-zero, that means they need closing */
+	if(c_r) {
+		close(item->clean_read);
+		if(item->clean_send == item->clean_read)
+			item->clean_send = -1;
+		item->clean_read = -1;
+	}
+	if(c_s && (item->clean_send != -1)) {
+		close(item->clean_send);
+		if(item->clean_send == item->clean_read)
+			item->clean_read = -1;
+		item->clean_send = -1;
+	}
+	if(d_r) {
+		close(item->dirty_read);
+		if(item->dirty_send == item->dirty_read)
+			item->dirty_send = -1;
+		item->dirty_read = -1;
+	}
+	if(d_s && (item->dirty_send != -1)) {
+		close(item->dirty_send);
+		if(item->dirty_send == item->dirty_read)
+			item->dirty_read = -1;
+		item->dirty_send = -1;
+	}
+	/* This function name is attributed to the term donated by David
+	 * Schwartz on openssl-dev, message-ID:
+	 * <NCBBLIEPOCNJOAEKBEAKEEDGLIAA.davids@webmaster.com>. :-) */
+	if(!state_machine_churn(&item->sm))
+		/* If the SSL closes, it will also zero-out the _in buffers
+		 * and will in future process just outgoing data. As and
+		 * when the outgoing data has gone, it will return zero
+		 * here to tell us to bail out. */
+		return 0;
+	/* Otherwise, we return zero if both sides are dead. */
+	if(((item->clean_read == -1) || (item->clean_send == -1)) &&
+			((item->dirty_read == -1) || (item->dirty_send == -1)))
+		return 0;
+	/* If only one side closed, notify the SSL of this so it can take
+	 * appropriate action. */
+	if((item->clean_read == -1) || (item->clean_send == -1)) {
+		if(!state_machine_close_clean(&item->sm))
+			return 0;
+	}
+	if((item->dirty_read == -1) || (item->dirty_send == -1)) {
+		if(!state_machine_close_dirty(&item->sm))
+			return 0;
+	}
+	return 1;
+}
+
diff --git a/crypto/openssl/demos/tunala/tunala.h b/crypto/openssl/demos/tunala/tunala.h
new file mode 100644
index 0000000..b4c8ec7
--- /dev/null
+++ b/crypto/openssl/demos/tunala/tunala.h
@@ -0,0 +1,214 @@
+/* Tunala ("Tunneler with a New Zealand accent")
+ *
+ * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
+ * if it's useful or informative to you, but it's only here as a scratchpad for
+ * ideas about how you might (or might not) program with OpenSSL. If you deploy
+ * this is in a mission-critical environment, and have not read, understood,
+ * audited, and modified this code to your satisfaction, and the result is that
+ * all hell breaks loose and you are looking for a new employer, then it proves
+ * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
+ * don't use this in a mission-critical environment, so it would be stupid for
+ * anyone to assume that it is solid and/or tested enough when even its author
+ * doesn't place that much trust in it. You have been warned.
+ *
+ * With thanks to Cryptographic Appliances, Inc.
+ */
+
+#ifndef _TUNALA_H
+#define _TUNALA_H
+
+/* pull in autoconf fluff */
+#ifndef NO_CONFIG_H
+#include "config.h"
+#else
+/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
+ * tells us not to ... */
+/* headers */
+#ifndef NO_HAVE_SELECT
+#define HAVE_SELECT
+#endif
+#ifndef NO_HAVE_SOCKET
+#define HAVE_SOCKET
+#endif
+#ifndef NO_HAVE_UNISTD_H
+#define HAVE_UNISTD_H
+#endif
+#ifndef NO_HAVE_FCNTL_H
+#define HAVE_FCNTL_H
+#endif
+#ifndef NO_HAVE_LIMITS_H
+#define HAVE_LIMITS_H
+#endif
+/* features */
+#ifndef NO_HAVE_STRSTR
+#define HAVE_STRSTR
+#endif
+#ifndef NO_HAVE_STRTOUL
+#define HAVE_STRTOUL
+#endif
+#endif
+
+#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
+#error "can't build without some network basics like select() and socket()"
+#endif
+
+#include <stdlib.h>
+#ifndef NO_SYSTEM_H
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#include <netdb.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#endif /* !defined(NO_SYSTEM_H) */
+
+#ifndef NO_OPENSSL
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+#endif /* !defined(NO_OPENSSL) */
+
+#ifndef OPENSSL_NO_BUFFER
+/* This is the generic "buffer" type that is used when feeding the
+ * state-machine. It's basically a FIFO with respect to the "adddata" &
+ * "takedata" type functions that operate on it. */
+#define MAX_DATA_SIZE 16384
+typedef struct _buffer_t {
+	unsigned char data[MAX_DATA_SIZE];
+	unsigned int used;
+	/* Statistical values - counts the total number of bytes read in and
+	 * read out (respectively) since "buffer_init()" */
+	unsigned long total_in, total_out;
+} buffer_t;
+
+/* Initialise a buffer structure before use */
+void buffer_init(buffer_t *buf);
+/* Cleanup a buffer structure - presently not needed, but if buffer_t is
+ * converted to using dynamic allocation, this would be required - so should be
+ * called to protect against an explosion of memory leaks later if the change is
+ * made. */
+void buffer_close(buffer_t *buf);
+
+/* Basic functions to manipulate buffers */
+
+unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
+unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
+int buffer_full(buffer_t *buf); /* Boolean, is it full? */
+int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
+int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
+int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
+unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
+unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
+
+#if 0 /* Currently used only within buffer.c - better to expose only
+       * higher-level functions anyway */
+/* Add data to the tail of the buffer, returns the amount that was actually
+ * added (so, you need to check if return value is less than size) */
+unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
+		unsigned int size);
+
+/* Take data from the front of the buffer (and scroll the rest forward). If
+ * "ptr" is NULL, this just removes data off the front of the buffer. Return
+ * value is the amount actually removed (can be less than size if the buffer has
+ * too little data). */
+unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
+		unsigned int size);
+
+/* Flushes as much data as possible out of the "from" buffer into the "to"
+ * buffer. Return value is the amount moved. The amount moved can be restricted
+ * to a maximum by specifying "cap" - setting it to -1 means no limit. */
+unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
+#endif
+
+#ifndef NO_IP
+/* Read or write between a file-descriptor and a buffer */
+int buffer_from_fd(buffer_t *buf, int fd);
+int buffer_to_fd(buffer_t *buf, int fd);
+#endif /* !defined(NO_IP) */
+
+#ifndef NO_OPENSSL
+/* Read or write between an SSL or BIO and a buffer */
+void buffer_from_SSL(buffer_t *buf, SSL *ssl);
+void buffer_to_SSL(buffer_t *buf, SSL *ssl);
+void buffer_from_BIO(buffer_t *buf, BIO *bio);
+void buffer_to_BIO(buffer_t *buf, BIO *bio);
+
+/* Callbacks */
+void cb_ssl_info(const SSL *s, int where, int ret);
+void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */
+int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
+void cb_ssl_verify_set_output(FILE *fp);
+void cb_ssl_verify_set_depth(unsigned int verify_depth);
+void cb_ssl_verify_set_level(unsigned int level);
+#endif /* !defined(NO_OPENSSL) */
+#endif /* !defined(OPENSSL_NO_BUFFER) */
+
+#ifndef NO_TUNALA
+#ifdef OPENSSL_NO_BUFFER
+#error "TUNALA section of tunala.h requires BUFFER support"
+#endif
+typedef struct _state_machine_t {
+	SSL *ssl;
+	BIO *bio_intossl;
+	BIO *bio_fromssl;
+	buffer_t clean_in, clean_out;
+	buffer_t dirty_in, dirty_out;
+} state_machine_t;
+typedef enum {
+	SM_CLEAN_IN, SM_CLEAN_OUT,
+	SM_DIRTY_IN, SM_DIRTY_OUT
+} sm_buffer_t;
+void state_machine_init(state_machine_t *machine);
+void state_machine_close(state_machine_t *machine);
+buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
+SSL *state_machine_get_SSL(state_machine_t *machine);
+int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t *machine);
+/* Is used to handle closing conditions - namely when one side of the tunnel has
+ * closed but the other should finish flushing. */
+int state_machine_close_clean(state_machine_t *machine);
+int state_machine_close_dirty(state_machine_t *machine);
+#endif /* !defined(NO_TUNALA) */
+
+#ifndef NO_IP
+/* Initialise anything related to the networking. This includes blocking pesky
+ * SIGPIPE signals. */
+int ip_initialise(void);
+/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
+ * the port to listen on (host byte order), and the return value is the
+ * file-descriptor or -1 on error. */
+int ip_create_listener_split(const char *ip, unsigned short port);
+/* Same semantics as above. */
+int ip_create_connection_split(const char *ip, unsigned short port);
+/* Converts a string into the ip/port before calling the above */
+int ip_create_listener(const char *address);
+int ip_create_connection(const char *address);
+/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
+ * then the address string could be just a port. Ie. it's suitable for a
+ * listening address but not a connecting address. */
+int ip_parse_address(const char *address, const char **parsed_ip,
+		unsigned short *port, int accept_all_ip);
+/* Accepts an incoming connection through the listener. Assumes selects and
+ * what-not have deemed it an appropriate thing to do. */
+int ip_accept_connection(int listen_fd);
+#endif /* !defined(NO_IP) */
+
+/* These functions wrap up things that can be portability hassles. */
+int int_strtoul(const char *str, unsigned long *val);
+#ifdef HAVE_STRSTR
+#define int_strstr strstr
+#else
+char *int_strstr(const char *haystack, const char *needle);
+#endif
+
+#endif /* !defined(_TUNALA_H) */
diff --git a/crypto/openssl/demos/x509/README b/crypto/openssl/demos/x509/README
new file mode 100644
index 0000000..88f9d6c
--- /dev/null
+++ b/crypto/openssl/demos/x509/README
@@ -0,0 +1,3 @@
+This directory contains examples of how to contruct
+various X509 structures. Certificates, certificate requests
+and CRLs.
diff --git a/crypto/openssl/demos/x509/mkcert.c b/crypto/openssl/demos/x509/mkcert.c
new file mode 100644
index 0000000..8304d30
--- /dev/null
+++ b/crypto/openssl/demos/x509/mkcert.c
@@ -0,0 +1,168 @@
+/* Certificate creation. Demonstrates some certificate related
+ * operations.
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/engine.h>
+
+int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int add_ext(X509 *cert, int nid, char *value);
+
+int main(int argc, char **argv)
+	{
+	BIO *bio_err;
+	X509 *x509=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	mkcert(&x509,&pkey,512,0,365);
+
+	RSA_print_fp(stdout,pkey->pkey.rsa,0);
+	X509_print_fp(stdout,x509);
+
+	PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
+	PEM_write_X509(stdout,x509);
+
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
+
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+
+	CRYPTO_mem_leaks(bio_err);
+	BIO_free(bio_err);
+	return(0);
+	}
+
+static void callback(int p, int n, void *arg)
+	{
+	char c='B';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	fputc(c,stderr);
+	}
+
+int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
+	{
+	X509 *x;
+	EVP_PKEY *pk;
+	RSA *rsa;
+	X509_NAME *name=NULL;
+	
+	if ((pkeyp == NULL) || (*pkeyp == NULL))
+		{
+		if ((pk=EVP_PKEY_new()) == NULL)
+			{
+			abort(); 
+			return(0);
+			}
+		}
+	else
+		pk= *pkeyp;
+
+	if ((x509p == NULL) || (*x509p == NULL))
+		{
+		if ((x=X509_new()) == NULL)
+			goto err;
+		}
+	else
+		x= *x509p;
+
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
+	if (!EVP_PKEY_assign_RSA(pk,rsa))
+		{
+		abort();
+		goto err;
+		}
+	rsa=NULL;
+
+	X509_set_version(x,2);
+	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+	X509_gmtime_adj(X509_get_notBefore(x),0);
+	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+	X509_set_pubkey(x,pk);
+
+	name=X509_get_subject_name(x);
+
+	/* This function creates and adds the entry, working out the
+	 * correct string type and performing checks on its length.
+	 * Normally we'd check the return value for errors...
+	 */
+	X509_NAME_add_entry_by_txt(name,"C",
+				MBSTRING_ASC, "UK", -1, -1, 0);
+	X509_NAME_add_entry_by_txt(name,"CN",
+				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+	/* Its self signed so set the issuer name to be the same as the
+ 	 * subject.
+	 */
+	X509_set_issuer_name(x,name);
+
+	/* Add various extensions: standard extensions */
+	add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
+	add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
+
+	add_ext(x, NID_subject_key_identifier, "hash");
+
+	/* Some Netscape specific extensions */
+	add_ext(x, NID_netscape_cert_type, "sslCA");
+
+	add_ext(x, NID_netscape_comment, "example comment extension");
+
+
+#ifdef CUSTOM_EXT
+	/* Maybe even add our own extension based on existing */
+	{
+		int nid;
+		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+		X509V3_EXT_add_alias(nid, NID_netscape_comment);
+		add_ext(x, nid, "example comment alias");
+	}
+#endif
+	
+	if (!X509_sign(x,pk,EVP_md5()))
+		goto err;
+
+	*x509p=x;
+	*pkeyp=pk;
+	return(1);
+err:
+	return(0);
+	}
+
+/* Add extension using V3 code: we can set the config file as NULL
+ * because we wont reference any other sections.
+ */
+
+int add_ext(X509 *cert, int nid, char *value)
+	{
+	X509_EXTENSION *ex;
+	X509V3_CTX ctx;
+	/* This sets the 'context' of the extensions. */
+	/* No configuration database */
+	X509V3_set_ctx_nodb(&ctx);
+	/* Issuer and subject certs: both the target since it is self signed,
+	 * no request and no CRL
+	 */
+	X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
+	ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
+	if (!ex)
+		return 0;
+
+	X509_add_ext(cert,ex,-1);
+	X509_EXTENSION_free(ex);
+	return 1;
+	}
+	
diff --git a/crypto/openssl/demos/x509/mkreq.c b/crypto/openssl/demos/x509/mkreq.c
new file mode 100644
index 0000000..d69dcc3
--- /dev/null
+++ b/crypto/openssl/demos/x509/mkreq.c
@@ -0,0 +1,157 @@
+/* Certificate request creation. Demonstrates some request related
+ * operations.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/engine.h>
+
+int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
+
+int main(int argc, char **argv)
+	{
+	BIO *bio_err;
+	X509_REQ *req=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	mkreq(&req,&pkey,512,0,365);
+
+	RSA_print_fp(stdout,pkey->pkey.rsa,0);
+	X509_REQ_print_fp(stdout,req);
+
+	PEM_write_X509_REQ(stdout,req);
+
+	X509_REQ_free(req);
+	EVP_PKEY_free(pkey);
+
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+
+	CRYPTO_mem_leaks(bio_err);
+	BIO_free(bio_err);
+	return(0);
+	}
+
+static void callback(int p, int n, void *arg)
+	{
+	char c='B';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	fputc(c,stderr);
+	}
+
+int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
+	{
+	X509_REQ *x;
+	EVP_PKEY *pk;
+	RSA *rsa;
+	X509_NAME *name=NULL;
+	STACK_OF(X509_EXTENSION) *exts = NULL;
+	
+	if ((pk=EVP_PKEY_new()) == NULL)
+		goto err;
+
+	if ((x=X509_REQ_new()) == NULL)
+		goto err;
+
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
+	if (!EVP_PKEY_assign_RSA(pk,rsa))
+		goto err;
+
+	rsa=NULL;
+
+	X509_REQ_set_pubkey(x,pk);
+
+	name=X509_REQ_get_subject_name(x);
+
+	/* This function creates and adds the entry, working out the
+	 * correct string type and performing checks on its length.
+	 * Normally we'd check the return value for errors...
+	 */
+	X509_NAME_add_entry_by_txt(name,"C",
+				MBSTRING_ASC, "UK", -1, -1, 0);
+	X509_NAME_add_entry_by_txt(name,"CN",
+				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+#ifdef REQUEST_EXTENSIONS
+	/* Certificate requests can contain extensions, which can be used
+	 * to indicate the extensions the requestor would like added to 
+	 * their certificate. CAs might ignore them however or even choke
+	 * if they are present.
+	 */
+
+	/* For request extensions they are all packed in a single attribute.
+	 * We save them in a STACK and add them all at once later...
+	 */
+
+	exts = sk_X509_EXTENSION_new_null();
+	/* Standard extenions */
+
+	add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
+
+	/* This is a typical use for request extensions: requesting a value for
+	 * subject alternative name.
+	 */
+
+	add_ext(exts, NID_subject_alt_name, "email:steve@openssl.org");
+
+	/* Some Netscape specific extensions */
+	add_ext(exts, NID_netscape_cert_type, "client,email");
+
+
+
+#ifdef CUSTOM_EXT
+	/* Maybe even add our own extension based on existing */
+	{
+		int nid;
+		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+		X509V3_EXT_add_alias(nid, NID_netscape_comment);
+		add_ext(x, nid, "example comment alias");
+	}
+#endif
+
+	/* Now we've created the extensions we add them to the request */
+
+	X509_REQ_add_extensions(x, exts);
+
+	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+#endif
+	
+	if (!X509_REQ_sign(x,pk,EVP_md5()))
+		goto err;
+
+	*req=x;
+	*pkeyp=pk;
+	return(1);
+err:
+	return(0);
+	}
+
+/* Add extension using V3 code: we can set the config file as NULL
+ * because we wont reference any other sections.
+ */
+
+int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
+	{
+	X509_EXTENSION *ex;
+	ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
+	if (!ex)
+		return 0;
+	sk_X509_EXTENSION_push(sk, ex);
+
+	return 1;
+	}
+	
diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt
new file mode 100644
index 0000000..8804864
--- /dev/null
+++ b/crypto/openssl/doc/HOWTO/certificates.txt
@@ -0,0 +1,85 @@
+<DRAFT!>
+			HOWTO certificates
+
+How you handle certificates depend a great deal on what your role is.
+Your role can be one or several of:
+
+  - User of some client software
+  - User of some server software
+  - Certificate authority
+
+This file is for users who wish to get a certificate of their own.
+Certificate authorities should read ca.txt.
+
+In all the cases shown below, the standard configuration file, as
+compiled into openssl, will be used.  You may find it in /etc/,
+/usr/local/ssr/ or somewhere else.  The name is openssl.cnf, and
+is better described in another HOWTO <config.txt?>.  If you want to
+use a different configuration file, use the argument '-config {file}'
+with the command shown below.
+
+
+Certificates are related to public key cryptography by containing a
+public key.  To be useful, there must be a corresponding private key
+somewhere.  With OpenSSL, public keys are easily derived from private
+keys, so before you create a certificate or a certificate request, you
+need to create a private key.
+
+Private keys are generated with 'openssl genrsa' if you want a RSA
+private key, or 'openssl gendsa' if you want a DSA private key.  More
+info on how to handle these commands are found in the manual pages for
+those commands or by running them with the argument '-h'.  For the
+sake of the description in this file, let's assume that the private
+key ended up in the file privkey.pem (which is the default in some
+cases).
+
+
+Let's start with the most normal way of getting a certificate.  Most
+often, you want or need to get a certificate from a certificate
+authority.  To handle that, the certificate authority needs a
+certificate request (or, as some certificate authorities like to put
+it, "certificate signing request", since that's exactly what they do,
+they sign it and give you the result back, thus making it authentic
+according to their policies) from you.  To generate a request, use the
+command 'openssl req' like this:
+
+  openssl req -new -key privkey.pem -out cert.csr
+
+Now, cert.csr can be sent to the certificate authority, if they can
+handle files in PEM format.  If not, use the extra argument '-outform'
+followed by the keyword for the format to use (see another HOWTO
+<formats.txt?>).  In some cases, that isn't sufficient and you will
+have to be more creative.
+
+When the certificate authority has then done the checks the need to
+do (and probably gotten payment from you), they will hand over your
+new certificate to you.
+
+
+[fill in on how to create a self-signed certificate]
+
+
+If you created everything yourself, or if the certificate authority
+was kind enough, your certificate is a raw DER thing in PEM format.
+Your key most definitely is if you have followed the examples above.
+However, some (most?) certificate authorities will encode them with
+things like PKCS7 or PKCS12, or something else.  Depending on your
+applications, this may be perfectly OK, it all depends on what they
+know how to decode.  If not, There are a number of OpenSSL tools to
+convert between some (most?) formats.
+
+So, depending on your application, you may have to convert your
+certificate and your key to various formats, most often also putting
+them together into one file.  The ways to do this is described in
+another HOWTO <formats.txt?>, I will just mention the simplest case.
+In the case of a raw DER thing in PEM format, and assuming that's all
+right for yor applications, simply concatenating the certificate and
+the key into a new file and using that one should be enough.  With
+some applications, you don't even have to do that.
+
+
+By now, you have your cetificate and your private key and can start
+using the software that depend on it.
+
+-- 
+Richard Levitte
diff --git a/crypto/openssl/doc/apps/CA.pl.pod b/crypto/openssl/doc/apps/CA.pl.pod
index 63cd132..58e0f52 100644
--- a/crypto/openssl/doc/apps/CA.pl.pod
+++ b/crypto/openssl/doc/apps/CA.pl.pod
@@ -13,6 +13,7 @@ B<CA.pl>
 [B<-help>]
 [B<-newcert>]
 [B<-newreq>]
+[B<-newreq-nodes>]
 [B<-newca>]
 [B<-xsign>]
 [B<-sign>]
@@ -46,6 +47,10 @@ written to the file "newreq.pem".
 creates a new certificate request. The private key and request are
 written to the file "newreq.pem".
 
+=item B<-newreq-nowdes>
+
+is like B<-newreq> except that the private key will not be encrypted.
+
 =item B<-newca>
 
 creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod
index cea9002..183cd47 100644
--- a/crypto/openssl/doc/apps/ca.pod
+++ b/crypto/openssl/doc/apps/ca.pod
@@ -13,6 +13,11 @@ B<openssl> B<ca>
 [B<-name section>]
 [B<-gencrl>]
 [B<-revoke file>]
+[B<-crl_reason reason>]
+[B<-crl_hold instruction>]
+[B<-crl_compromise time>]
+[B<-crl_CA_compromise time>]
+[B<-subj arg>]
 [B<-crldays days>]
 [B<-crlhours hours>]
 [B<-crlexts section>]
@@ -33,9 +38,11 @@ B<openssl> B<ca>
 [B<-spkac file>]
 [B<-ss_cert file>]
 [B<-preserveDN>]
+[B<-noemailDN>]
 [B<-batch>]
 [B<-msie_hack>]
 [B<-extensions section>]
+[B<-extfile section>]
 
 =head1 DESCRIPTION
 
@@ -71,7 +78,7 @@ a single self signed certificate to be signed by the CA.
 =item B<-spkac filename>
 
 a file containing a single Netscape signed public key and challenge
-and additional field values to be signed by the CA. See the B<NOTES>
+and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
 section for information on the required format.
 
 =item B<-infiles>
@@ -109,6 +116,7 @@ the 'ps' utility) this option should be used with caution.
 
 the key password source. For more information about the format of B<arg>
 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
 =item B<-verbose>
 
 this prints extra details about the operations being performed.
@@ -159,6 +167,15 @@ is the same as the request. This is largely for compatibility with the
 older IE enrollment control which would only accept certificates if their
 DNs match the order of the request. This is not needed for Xenroll.
 
+=item B<-noemailDN>
+
+The DN of a certificate can contain the EMAIL field if present in the
+request DN, however it is good policy just having the e-mail set into
+the altName extension of the certificate. When this option is set the
+EMAIL field is removed from the certificate' subject and set only in
+the, eventually present, extensions. The B<email_in_dn> keyword can be
+used in the configuration file to enable this behaviour.
+
 =item B<-batch>
 
 this sets the batch mode. In this mode no questions will be asked
@@ -167,9 +184,16 @@ and all certificates will be certified automatically.
 =item B<-extensions section>
 
 the section of the configuration file containing certificate extensions
-to be added when a certificate is issued. If no extension section is
-present then a V1 certificate is created. If the extension section
-is present (even if it is empty) then a V3 certificate is created.
+to be added when a certificate is issued (defaults to B<x509_extensions>
+unless the B<-extfile> option is used). If no extension section is
+present then, a V1 certificate is created. If the extension section
+is present (even if it is empty), then a V3 certificate is created.
+
+=item B<-extfile file>
+
+an additional configuration file to read certificate extensions from
+(using the default section unless the B<-extensions> option is also
+used).
 
 =back
 
@@ -194,6 +218,39 @@ the number of hours before the next CRL is due.
 
 a filename containing a certificate to revoke.
 
+=item B<-crl_reason reason>
+
+revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
+B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>,
+B<certificateHold> or B<removeFromCRL>. The matching of B<reason> is case
+insensitive. Setting any revocation reason will make the CRL v2.
+
+In practive B<removeFromCRL> is not particularly useful because it is only used
+in delta CRLs which are not currently implemented.
+
+=item B<-crl_hold instruction>
+
+This sets the CRL revocation reason code to B<certificateHold> and the hold
+instruction to B<instruction> which must be an OID. Although any OID can be
+used only B<holdInstructionNone> (the use of which is discouraged by RFC2459)
+B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used.
+
+=item B<-crl_compromise time>
+
+This sets the revocation reason to B<keyCompromise> and the compromise time to
+B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>.
+
+=item B<-crl_CA_compromise time>
+
+This is the same as B<crl_compromise> except the revocation reason is set to
+B<CACompromise>.
+
+=item B<-subj arg>
+
+supersedes subject name given in the request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
 =item B<-crlexts section>
 
 the section of the configuration file containing CRL extensions to
@@ -311,6 +368,12 @@ the same as B<-crlexts>.
 
 the same as B<-preserveDN>
 
+=item B<email_in_dn>
+
+the same as B<-noemailDN>. If you want the EMAIL field to be removed
+from the DN of the certificate simply set this to 'no'. If not present
+the default is to allow for the EMAIL filed in the certificate's DN.
+
 =item B<msie_hack>
 
 the same as B<-msie_hack>
@@ -320,6 +383,37 @@ the same as B<-msie_hack>
 the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
 for more information.
 
+=item B<nameopt>, B<certopt>
+
+these options allow the format used to display the certificate details
+when asking the user to confirm signing. All the options supported by
+the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used
+here, except the B<no_signame> and B<no_sigdump> are permanently set
+and cannot be disabled (this is because the certificate signature cannot
+be displayed because the certificate has not been signed at this point).
+
+For convenience the values B<default_ca> are accepted by both to produce
+a reasonable output.
+
+If neither option is present the format used in earlier versions of
+OpenSSL is used. Use of the old format is B<strongly> discouraged because
+it only displays fields mentioned in the B<policy> section, mishandles
+multicharacter string types and does not display extensions.
+
+=item B<copy_extensions>
+
+determines how extensions in certificate requests should be handled.
+If set to B<none> or this option is not present then extensions are
+ignored and not copied to the certificate. If set to B<copy> then any
+extensions present in the request that are not already present are copied
+to the certificate. If set to B<copyall> then all extensions in the
+request are copied to the certificate: if the extension is already present
+in the certificate it is deleted first. See the B<WARNINGS> section before
+using this option.
+
+The main use of this option is to allow a certificate request to supply
+values for certain extensions such as subjectAltName.
+
 =back
 
 =head1 POLICY FORMAT
@@ -409,6 +503,11 @@ A sample configuration file with the relevant sections for B<ca>:
  default_md     = md5                   # md to use
 
  policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
+
+ nameopt	= default_ca		# Subject name display option
+ certopt	= default_ca		# Certificate display option
+ copy_extensions = none			# Don't copy extensions from request
 
  [ policy_any ]
  countryName            = supplied
@@ -418,18 +517,6 @@ A sample configuration file with the relevant sections for B<ca>:
  commonName             = supplied
  emailAddress           = optional
 
-=head1 WARNINGS
-
-The B<ca> command is quirky and at times downright unfriendly.
-
-The B<ca> utility was originally meant as an example of how to do things
-in a CA. It was not supposed be be used as a full blown CA itself:
-nevertheless some people are using it for this purpose.
-
-The B<ca> command is effectively a single user command: no locking is
-done on the various files and attempts to run more than one B<ca> command
-on the same database can have unpredictable results.
-
 =head1 FILES
 
 Note: the location of all files can change either by compile time options,
@@ -459,9 +546,6 @@ if corrupted it can be difficult to fix. It is theoretically possible
 to rebuild the index file from all the issued certificates and a current
 CRL: however there is no option to do this.
 
-CRL entry extensions cannot currently be created: only CRL extensions
-can be added.
-
 V2 CRL features like delta CRL support and CRL numbers are not currently
 supported.
 
@@ -474,10 +558,6 @@ The use of an in memory text database can cause problems when large
 numbers of certificates are present because, as the name implies
 the database has to be kept in memory.
 
-Certificate request extensions are ignored: some kind of "policy" should
-be included to use certain static extensions and certain extensions
-from the request.
-
 It is not possible to certify two certificates with the same DN: this
 is a side effect of how the text database is indexed and it cannot easily
 be fixed without introducing other problems. Some S/MIME clients can use
@@ -490,13 +570,49 @@ exposed at either a command or interface level so a more friendly utility
 B<CA.pl> help a little but not very much.
 
 Any fields in a request that are not present in a policy are silently
-deleted. This does not happen if the B<-preserveDN> option is used but
-the extra fields are not displayed when the user is asked to certify
-a request. The behaviour should be more friendly and configurable.
+deleted. This does not happen if the B<-preserveDN> option is used. To
+enforce the absence of the EMAIL field within the DN, as suggested by
+RFCs, regardless the contents of the request' subject the B<-noemailDN>
+option can be used. The behaviour should be more friendly and
+configurable.
 
 Cancelling some commands by refusing to certify a certificate can
 create an empty file.
 
+=head1 WARNINGS
+
+The B<ca> command is quirky and at times downright unfriendly.
+
+The B<ca> utility was originally meant as an example of how to do things
+in a CA. It was not supposed to be used as a full blown CA itself:
+nevertheless some people are using it for this purpose.
+
+The B<ca> command is effectively a single user command: no locking is
+done on the various files and attempts to run more than one B<ca> command
+on the same database can have unpredictable results.
+
+The B<copy_extensions> option should be used with caution. If care is
+not taken then it can be a security risk. For example if a certificate
+request contains a basicConstraints extension with CA:TRUE and the
+B<copy_extensions> value is set to B<copyall> and the user does not spot
+this when the certificate is displayed then this will hand the requestor
+a valid CA certificate.
+
+This situation can be avoided by setting B<copy_extensions> to B<copy>
+and including basicConstraints with CA:FALSE in the configuration file.
+Then if the request contains a basicConstraints extension it will be
+ignored.
+
+It is advisable to also include values for other extensions such
+as B<keyUsage> to prevent a request supplying its own values.
+
+Additional restrictions can be placed on the CA certificate itself.
+For example if the CA certificate has:
+
+ basicConstraints = CA:TRUE, pathlen:0
+
+then even if a certificate is issued with CA:TRUE it will not be valid.
+
 =head1 SEE ALSO
 
 L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>,
diff --git a/crypto/openssl/doc/apps/ciphers.pod b/crypto/openssl/doc/apps/ciphers.pod
index 2107761..81a2c43 100644
--- a/crypto/openssl/doc/apps/ciphers.pod
+++ b/crypto/openssl/doc/apps/ciphers.pod
@@ -108,10 +108,20 @@ the default cipher list. This is determined at compile time and is normally
 B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
 specified.
 
+=item B<COMPLEMENTOFDEFAULT>
+
+the ciphers included in B<ALL>, but not enabled by default. Currently
+this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
+not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
+
 =item B<ALL>
 
 all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
 
+=item B<COMPLEMENTOFALL>
+
+the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
+
 =item B<HIGH>
 
 "high" encryption cipher suites. This currently means those with key lengths larger
@@ -193,6 +203,10 @@ cipher suites using DH, including anonymous DH.
 
 anonymous DH cipher suites.
 
+=item B<AES>
+
+cipher suites using AES.
+
 =item B<3DES>
 
 cipher suites using triple DES.
@@ -226,7 +240,9 @@ cipher suites using SHA1.
 =head1 CIPHER SUITE NAMES
 
 The following lists give the SSL or TLS cipher suites names from the
-relevant specification and their OpenSSL equivalents.
+relevant specification and their OpenSSL equivalents. It should be noted,
+that several cipher suite names do not include the authentication used,
+e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 
 =head2 SSL v3.0 cipher suites.
 
@@ -296,6 +312,24 @@ relevant specification and their OpenSSL equivalents.
  TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
 
+=head2 AES ciphersuites from RFC3268, extending TLS v1.0
+
+ TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+
+ TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+
 =head2 Additional Export 1024 and other cipher suites
 
 Note: these ciphers can also be used in SSL v3.
@@ -339,8 +373,22 @@ Include only 3DES ciphers and then place RSA ciphers last:
 
  openssl ciphers -v '3DES:+RSA'
 
+Include all RC4 ciphers but leave out those without authentication:
+
+ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+
+Include all chiphers with RSA authentication but leave out ciphers without
+encryption.
+
+ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+
 =head1 SEE ALSO
 
 L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
 
+=head1 HISTORY
+
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
+added in version 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/apps/enc.pod b/crypto/openssl/doc/apps/enc.pod
index a68ddca..ddf0816 100644
--- a/crypto/openssl/doc/apps/enc.pod
+++ b/crypto/openssl/doc/apps/enc.pod
@@ -21,6 +21,7 @@ B<openssl enc -ciphername>
 [B<-p>]
 [B<-P>]
 [B<-bufsize number>]
+[B<-nopad>]
 [B<-debug>]
 
 =head1 DESCRIPTION
@@ -122,6 +123,10 @@ or decryption.
 
 set the buffer size for I/O
 
+=item B<-nopad>
+
+disable standard block padding
+
 =item B<-debug>
 
 debug the BIOs used for I/O.
@@ -150,11 +155,14 @@ Some of the ciphers do not have large keys and others have security
 implications if not used correctly. A beginner is advised to just use
 a strong block cipher in CBC mode such as bf or des3.
 
-All the block ciphers use PKCS#5 padding also known as standard block
+All the block ciphers normally use PKCS#5 padding also known as standard block
 padding: this allows a rudimentary integrity or password check to be
 performed. However since the chance of random data passing the test is
 better than 1 in 256 it isn't a very good test.
 
+If padding is disabled then the input data must be a multiple of the cipher
+block length.
+
 All RC2 ciphers have the same key and effective key length.
 
 Blowfish and RC5 algorithms use a 128 bit key.
@@ -256,8 +264,8 @@ The B<-A> option when used with large files doesn't work properly.
 
 There should be an option to allow an iteration count to be included.
 
-Like the EVP library the B<enc> program only supports a fixed number of
-algorithms with certain parameters. So if, for example, you want to use RC2
-with a 76 bit key or RC4 with an 84 bit key you can't use this program.
+The B<enc> program only supports a fixed number of algorithms with
+certain parameters. So if, for example, you want to use RC2 with a
+76 bit key or RC4 with an 84 bit key you can't use this program.
 
 =cut
diff --git a/crypto/openssl/doc/apps/ocsp.pod b/crypto/openssl/doc/apps/ocsp.pod
new file mode 100644
index 0000000..da201b9
--- /dev/null
+++ b/crypto/openssl/doc/apps/ocsp.pod
@@ -0,0 +1,348 @@
+=pod
+
+=head1 NAME
+
+ocsp - Online Certificate Status Protocol utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<ocsp>
+[B<-out file>]
+[B<-issuer file>]
+[B<-cert file>]
+[B<-serial n>]
+[B<-req_text>]
+[B<-resp_text>]
+[B<-text>]
+[B<-reqout file>]
+[B<-respout file>]
+[B<-reqin file>]
+[B<-respin file>]
+[B<-nonce>]
+[B<-no_nonce>]
+[B<-url responder_url>]
+[B<-host host:n>]
+[B<-path>]
+[B<-CApath file>]
+[B<-CAfile file>]
+[B<-VAfile file>]
+[B<-verify_certs file>]
+[B<-noverify>]
+[B<-trust_other>]
+[B<-no_intern>]
+[B<-no_sig_verify>]
+[B<-no_cert_verify>]
+[B<-no_chain>]
+[B<-no_cert_checks>]
+[B<-validity_period nsec>]
+[B<-status_age nsec>]
+
+=head1 DESCRIPTION
+
+B<WARNING: this documentation is preliminary and subject to change.>
+
+The Online Certificate Status Protocol (OCSP) enables applications to
+determine the (revocation) state of an identified certificate (RFC 2560).
+
+The B<ocsp> command performs many common OCSP tasks. It can be used
+to print out requests and responses, create requests and send queries
+to an OCSP responder and behave like a mini OCSP server itself.
+
+=head1 OCSP CLIENT OPTIONS
+
+=over 4
+
+=item B<-out filename>
+
+specify output filename, default is standard output.
+
+=item B<-issuer filename>
+
+This specifies the current issuer certificate. This option can be used
+multiple times. The certificate specified in B<filename> must be in
+PEM format.
+
+=item B<-cert filename>
+
+Add the certificate B<filename> to the request. The issuer certificate
+is taken from the previous B<issuer> option, or an error occurs if no
+issuer certificate is specified.
+
+=item B<-serial num>
+
+Same as the B<cert> option except the certificate with serial number
+B<num> is added to the request. The serial number is interpreted as a
+decimal integer unless preceded by B<0x>. Negative integers can also
+be specified by preceding the value by a B<-> sign.
+
+=item B<-signer filename>, B<-signkey filename>
+
+Sign the OCSP request using the certificate specified in the B<signer>
+option and the private key specified by the B<signkey> option. If
+the B<signkey> option is not present then the private key is read
+from the same file as the certificate. If neither option is specified then
+the OCSP request is not signed.
+
+=item B<-nonce>, B<-no_nonce>
+
+Add an OCSP nonce extension to a request or disable OCSP nonce addition.
+Normally if an OCSP request is input using the B<respin> option no
+nonce is added: using the B<nonce> option will force addition of a nonce.
+If an OCSP request is being created (using B<cert> and B<serial> options)
+a nonce is automatically added specifying B<no_nonce> overrides this.
+
+=item B<-req_text>, B<-resp_text>, B<-text>
+
+print out the text form of the OCSP request, response or both respectively.
+
+=item B<-reqout file>, B<-respout file>
+
+write out the DER encoded certificate request or response to B<file>.
+
+=item B<-reqin file>, B<-respin file>
+
+read OCSP request or response file from B<file>. These option are ignored
+if OCSP request or response creation is implied by other options (for example
+with B<serial>, B<cert> and B<host> options).
+
+=item B<-url responder_url>
+
+specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
+
+=item B<-host hostname:port>, B<-path pathname>
+
+if the B<host> option is present then the OCSP request is sent to the host
+B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
+or "/" by default.
+
+=item B<-CAfile file>, B<-CApath pathname>
+
+file or pathname containing trusted CA certificates. These are used to verify
+the signature on the OCSP response.
+
+=item B<-verify_certs file>
+
+file containing additional certificates to search when attempting to locate
+the OCSP response signing certificate. Some responders omit the actual signer's
+certificate from the response: this option can be used to supply the necessary
+certificate in such cases.
+
+=item B<-trust_other>
+
+the certificates specified by the B<-verify_certs> option should be explicitly
+trusted and no additional checks will be performed on them. This is useful
+when the complete responder certificate chain is not available or trusting a
+root CA is not appropriate.
+
+=item B<-VAfile file>
+
+file containing explicitly trusted responder certificates. Equivalent to the
+B<-verify_certs> and B<-trust_other> options.
+
+=item B<-noverify>
+
+don't attempt to verify the OCSP response signature or the nonce values. This
+option will normally only be used for debugging since it disables all verification
+of the responders certificate.
+
+=item B<-no_intern>
+
+ignore certificates contained in the OCSP response when searching for the
+signers certificate. With this option the signers certificate must be specified
+with either the B<-verify_certs> or B<-VAfile> options.
+
+=item B<-no_sig_verify>
+
+don't check the signature on the OCSP response. Since this option tolerates invalid
+signatures on OCSP responses it will normally only be used for testing purposes.
+
+=item B<-no_cert_verify>
+
+don't verify the OCSP response signers certificate at all. Since this option allows
+the OCSP response to be signed by any certificate it should only be used for
+testing purposes.
+
+=item B<-no_chain>
+
+do not use certificates in the response as additional untrusted CA
+certificates.
+
+=item B<-no_cert_checks>
+
+don't perform any additional checks on the OCSP response signers certificate.
+That is do not make any checks to see if the signers certificate is authorised
+to provide the necessary status information: as a result this option should
+only be used for testing purposes.
+
+=item B<-validity_period nsec>, B<-status_age age>
+
+these options specify the range of times, in seconds, which will be tolerated
+in an OCSP response. Each certificate status response includes a B<notBefore> time and
+an optional B<notAfter> time. The current time should fall between these two values, but
+the interval between the two times may be only a few seconds. In practice the OCSP
+responder and clients clocks may not be precisely synchronised and so such a check
+may fail. To avoid this the B<-validity_period> option can be used to specify an
+acceptable error range in seconds, the default value is 5 minutes.
+
+If the B<notAfter> time is omitted from a response then this means that new status
+information is immediately available. In this case the age of the B<notBefore> field
+is checked to see it is not older than B<age> seconds old. By default this additional
+check is not performed.
+
+=back
+
+=head1 OCSP SERVER OPTIONS
+
+=over 4
+
+=item B<-index indexfile>
+
+B<indexfile> is a text index file in B<ca> format containing certificate revocation
+information.
+
+If the B<index> option is specified the B<ocsp> utility is in responder mode, otherwise
+it is in client mode. The request(s) the responder processes can be either specified on
+the command line (using B<issuer> and B<serial> options), supplied in a file (using the
+B<respin> option) or via external OCSP clients (if B<port> or B<url> is specified).
+
+If the B<index> option is present then the B<CA> and B<rsigner> options must also be
+present.
+
+=item B<-CA file>
+
+CA certificate corresponding to the revocation information in B<indexfile>.
+
+=item B<-rsigner file>
+
+The certificate to sign OCSP responses with.
+
+=item B<-rother file>
+
+Additional certificates to include in the OCSP response.
+
+=item B<-resp_no_certs>
+
+Don't include any certificates in the OCSP response.
+
+=item B<-resp_key_id>
+
+Identify the signer certificate using the key ID, default is to use the subject name.
+
+=item B<-rkey file>
+
+The private key to sign OCSP responses with: if not present the file specified in the
+B<rsigner> option is used.
+
+=item B<-port portnum>
+
+Port to listen for OCSP requests on. The port may also be specified using the B<url>
+option.
+
+=item B<-nrequest number>
+
+The OCSP server will exit after receiving B<number> requests, default unlimited. 
+
+=item B<-nmin minutes>, B<-ndays days>
+
+Number of minutes or days when fresh revocation information is available: used in the
+B<nextUpdate> field. If neither option is present then the B<nextUpdate> field is 
+omitted meaning fresh revocation information is immediately available.
+
+=back
+
+=head1 OCSP Response verification.
+
+OCSP Response follows the rules specified in RFC2560.
+
+Initially the OCSP responder certificate is located and the signature on
+the OCSP request checked using the responder certificate's public key.
+
+Then a normal certificate verify is performed on the OCSP responder certificate
+building up a certificate chain in the process. The locations of the trusted
+certificates used to build the chain can be specified by the B<CAfile>
+and B<CApath> options or they will be looked for in the standard OpenSSL
+certificates directory.
+
+If the initial verify fails then the OCSP verify process halts with an
+error.
+
+Otherwise the issuing CA certificate in the request is compared to the OCSP
+responder certificate: if there is a match then the OCSP verify succeeds.
+
+Otherwise the OCSP responder certificate's CA is checked against the issuing
+CA certificate in the request. If there is a match and the OCSPSigning
+extended key usage is present in the OCSP responder certificate then the
+OCSP verify succeeds.
+
+Otherwise the root CA of the OCSP responders CA is checked to see if it
+is trusted for OCSP signing. If it is the OCSP verify succeeds.
+
+If none of these checks is successful then the OCSP verify fails.
+
+What this effectively means if that if the OCSP responder certificate is
+authorised directly by the CA it is issuing revocation information about
+(and it is correctly configured) then verification will succeed.
+
+If the OCSP responder is a "global responder" which can give details about
+multiple CAs and has its own separate certificate chain then its root
+CA can be trusted for OCSP signing. For example:
+
+ openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
+
+Alternatively the responder certificate itself can be explicitly trusted
+with the B<-VAfile> option.
+
+=head1 NOTES
+
+As noted, most of the verify options are for testing or debugging purposes.
+Normally only the B<-CApath>, B<-CAfile> and (if the responder is a 'global
+VA') B<-VAfile> options need to be used.
+
+The OCSP server is only useful for test and demonstration purposes: it is
+not really usable as a full OCSP responder. It contains only a very
+simple HTTP request handling and can only handle the POST form of OCSP
+queries. It also handles requests serially meaning it cannot respond to
+new requests until it has processed the current one. The text index file
+format of revocation is also inefficient for large quantities of revocation
+data.
+
+It is possible to run the B<ocsp> application in responder mode via a CGI
+script using the B<respin> and B<respout> options.
+
+=head1 EXAMPLES
+
+Create an OCSP request and write it to a file:
+
+ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
+
+Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the 
+response to a file and print it out in text form
+
+ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+     -url http://ocsp.myhost.com/ -resp_text -respout resp.der
+
+Read in an OCSP response and print out text form:
+
+ openssl ocsp -respin resp.der -text
+
+OCSP server on port 8888 using a standard B<ca> configuration, and a separate
+responder certificate. All requests and responses are printed to a file.
+
+ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+	-text -out log.txt
+
+As above but exit after processing one request:
+
+ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+     -nrequest 1
+
+Query status information using internally generated request:
+
+ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -issuer demoCA/cacert.pem -serial 1
+
+Query status information using request read from a file, write response to a
+second file.
+
+ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -reqin req.der -respout resp.der
diff --git a/crypto/openssl/doc/apps/openssl.pod b/crypto/openssl/doc/apps/openssl.pod
index e3c79a4..07dd80e 100644
--- a/crypto/openssl/doc/apps/openssl.pod
+++ b/crypto/openssl/doc/apps/openssl.pod
@@ -121,6 +121,10 @@ Generation of DSA Parameters.
 
 Generation of RSA Parameters.
 
+=item L<B<ocsp>|ocsp(1)>
+
+Online Certificate Status Protocol utility.
+
 =item L<B<passwd>|passwd(1)>
 
 Generation of hashed passwords.
diff --git a/crypto/openssl/doc/apps/passwd.pod b/crypto/openssl/doc/apps/passwd.pod
index 6e09894..f449825 100644
--- a/crypto/openssl/doc/apps/passwd.pod
+++ b/crypto/openssl/doc/apps/passwd.pod
@@ -13,6 +13,7 @@ B<openssl passwd>
 [B<-salt> I<string>]
 [B<-in> I<file>]
 [B<-stdin>]
+[B<-noverify>]
 [B<-quiet>]
 [B<-table>]
 {I<password>}
@@ -22,7 +23,7 @@ B<openssl passwd>
 The B<passwd> command computes the hash of a password typed at
 run-time or the hash of each password in a list.  The password list is
 taken from the named file for option B<-in file>, from stdin for
-option B<-stdin>, and from the command line otherwise.
+option B<-stdin>, or from the command line, or from the terminal otherwise.
 The Unix standard algorithm B<crypt> and the MD5-based BSD password
 algorithm B<1> and its Apache variant B<apr1> are available.
 
@@ -45,6 +46,7 @@ Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
 =item B<-salt> I<string>
 
 Use the specified salt.
+When reading a password from the terminal, this implies B<-noverify>.
 
 =item B<-in> I<file>
 
@@ -54,6 +56,10 @@ Read passwords from I<file>.
 
 Read passwords from B<stdin>.
 
+=item B<-noverify>
+
+Don't verify when reading a password from the terminal.
+
 =item B<-quiet>
 
 Don't output warnings when passwords given at the command line are truncated.
@@ -69,7 +75,7 @@ to each password hash.
 
 B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
 
-B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
 
 B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
 
diff --git a/crypto/openssl/doc/apps/pkcs12.pod b/crypto/openssl/doc/apps/pkcs12.pod
index 7e0307d..7d84146 100644
--- a/crypto/openssl/doc/apps/pkcs12.pod
+++ b/crypto/openssl/doc/apps/pkcs12.pod
@@ -262,7 +262,7 @@ the one corresponding to the private key. Certain software which requires
 a private key and certificate and assumes the first certificate in the
 file is the one corresponding to the private key: this may not always
 be the case. Using the B<-clcerts> option will solve this problem by only
-outputing the certificate corresponding to the private key. If the CA
+outputting the certificate corresponding to the private key. If the CA
 certificates are required then they can be output to a separate file using
 the B<-nokeys -cacerts> options to just output CA certificates.
 
diff --git a/crypto/openssl/doc/apps/pkcs7.pod b/crypto/openssl/doc/apps/pkcs7.pod
index 4e9bd6e..9871c0e 100644
--- a/crypto/openssl/doc/apps/pkcs7.pod
+++ b/crypto/openssl/doc/apps/pkcs7.pod
@@ -78,7 +78,7 @@ The PEM PKCS#7 format uses the header and footer lines:
  -----BEGIN PKCS7-----
  -----END PKCS7-----
 
-For compatability with some CAs it will also accept:
+For compatibility with some CAs it will also accept:
 
  -----BEGIN CERTIFICATE-----
  -----END CERTIFICATE-----
diff --git a/crypto/openssl/doc/apps/rand.pod b/crypto/openssl/doc/apps/rand.pod
index cbf8768..75745ca 100644
--- a/crypto/openssl/doc/apps/rand.pod
+++ b/crypto/openssl/doc/apps/rand.pod
@@ -15,7 +15,7 @@ I<num>
 =head1 DESCRIPTION
 
 The B<rand> command outputs I<num> pseudo-random bytes after seeding
-the random number generater once.  As in other B<openssl> command
+the random number generator once.  As in other B<openssl> command
 line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
 in addition to the files given in the B<-rand> option.  A new
 I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod
index a3f54f4..7a3b6bb 100644
--- a/crypto/openssl/doc/apps/req.pod
+++ b/crypto/openssl/doc/apps/req.pod
@@ -3,7 +3,7 @@
 
 =head1 NAME
 
-req - PKCS#10 certificate and certificate generating utility.
+req - PKCS#10 certificate request and certificate generating utility.
 
 =head1 SYNOPSIS
 
@@ -15,6 +15,7 @@ B<openssl> B<req>
 [B<-out filename>]
 [B<-passout arg>]
 [B<-text>]
+[B<-pubkey>]
 [B<-noout>]
 [B<-verify>]
 [B<-modulus>]
@@ -28,12 +29,18 @@ B<openssl> B<req>
 [B<-keyout filename>]
 [B<-[md5|sha1|md2|mdc2]>]
 [B<-config filename>]
+[B<-subj arg>]
 [B<-x509>]
 [B<-days n>]
+[B<-set_serial n>]
 [B<-asn1-kludge>]
 [B<-newhdr>]
 [B<-extensions section>]
 [B<-reqexts section>]
+[B<-utf8>]
+[B<-nameopt>]
+[B<-batch>]
+[B<-verbose>]
 
 =head1 DESCRIPTION
 
@@ -82,6 +89,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 
 prints out the certificate request in text form.
 
+=item B<-pubkey>
+
+outputs the public key.
+
 =item B<-noout>
 
 this option prevents output of the encoded version of the request.
@@ -154,18 +165,33 @@ this allows an alternative configuration file to be specified,
 this overrides the compile time filename or any specified in
 the B<OPENSSL_CONF> environment variable.
 
+=item B<-subj arg>
+
+sets subject name for new request or supersedes the subject name
+when processing a request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
 =item B<-x509>
 
 this option outputs a self signed certificate instead of a certificate
 request. This is typically used to generate a test certificate or
 a self signed root CA. The extensions added to the certificate
-(if any) are specified in the configuration file.
+(if any) are specified in the configuration file. Unless specified
+using the B<set_serial> option B<0> will be used for the serial
+number.
 
 =item B<-days n>
 
 when the B<-x509> option is being used this specifies the number of
 days to certify the certificate for. The default is 30 days.
 
+=item B<-set_serial n>
+
+serial number to use when outputting a self signed certificate. This
+may be specified as a decimal value or a hex value if preceded by B<0x>.
+It is possible to use negative serial numbers but this is not recommended.
+
 =item B<-extensions section>
 
 =item B<-reqexts section>
@@ -176,6 +202,20 @@ request extensions. This allows several different sections to
 be used in the same configuration file to specify requests for
 a variety of purposes.
 
+=item B<-utf8>
+
+this option causes field values to be interpreted as UTF8 strings, by 
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)|x509(1)> manual page for details.
+
 =item B<-asn1-kludge>
 
 by default the B<req> command outputs certificate requests containing
@@ -196,6 +236,14 @@ It should be noted that very few CAs still require the use of this option.
 Adds the word B<NEW> to the PEM file header and footer lines on the outputed
 request. Some software (Netscape certificate server) and some CAs need this.
 
+=item B<-batch>
+
+non-interactive mode.
+
+=item B<-verbose>
+
+print extra details about the operations being performed.
+
 =back
 
 =head1 CONFIGURATION FILE FORMAT
@@ -292,6 +340,13 @@ if set to the value B<no> this disables prompting of certificate fields
 and just takes values from the config file directly. It also changes the
 expected format of the B<distinguished_name> and B<attributes> sections.
 
+=item B<utf8>
+
+if set to the value B<yes> then field values to be interpreted as UTF8
+strings, by default they are interpreted as ASCII. This means that
+the field values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
 =item B<attributes>
 
 this specifies the section containing any request attributes: its format
@@ -457,13 +512,13 @@ Sample configuration containing all field values:
 
 The header and footer lines in the B<PEM> format are normally:
 
- -----BEGIN CERTIFICATE REQUEST----
- -----END CERTIFICATE REQUEST----
+ -----BEGIN CERTIFICATE REQUEST-----
+ -----END CERTIFICATE REQUEST-----
 
 some software (some versions of Netscape certificate server) instead needs:
 
- -----BEGIN NEW CERTIFICATE REQUEST----
- -----END NEW CERTIFICATE REQUEST----
+ -----BEGIN NEW CERTIFICATE REQUEST-----
+ -----END NEW CERTIFICATE REQUEST-----
 
 which is produced with the B<-newhdr> option but is otherwise compatible.
 Either form is accepted transparently on input.
diff --git a/crypto/openssl/doc/apps/rsa.pod b/crypto/openssl/doc/apps/rsa.pod
index f0e613e..ef74f1a 100644
--- a/crypto/openssl/doc/apps/rsa.pod
+++ b/crypto/openssl/doc/apps/rsa.pod
@@ -136,7 +136,7 @@ and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
 It is not very secure and so should only be used when necessary.
 
 Some newer version of IIS have additional data in the exported .key
-files. To use thse with the utility view the file with a binary editor
+files. To use these with the utility, view the file with a binary editor
 and look for the string "private-key", then trace back to the byte
 sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
 from this point onwards to another file and use that as the input
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
index f596ec7..7fca9cb 100644
--- a/crypto/openssl/doc/apps/s_client.pod
+++ b/crypto/openssl/doc/apps/s_client.pod
@@ -18,6 +18,7 @@ B<openssl> B<s_client>
 [B<-pause>]
 [B<-showcerts>]
 [B<-debug>]
+[B<-msg>]
 [B<-nbio_test>]
 [B<-state>]
 [B<-nbio>]
@@ -32,6 +33,7 @@ B<openssl> B<s_client>
 [B<-no_tls1>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
+[B<-engine id>]
 [B<-rand file(s)>]
 
 =head1 DESCRIPTION
@@ -111,6 +113,10 @@ prints out the SSL session states.
 
 print extensive debugging information including a hex dump of all traffic.
 
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
 =item B<-nbio_test>
 
 tests non-blocking I/O
@@ -131,7 +137,7 @@ input.
 
 =item B<-quiet>
 
-inhibit printing of session and certificate information.  This implicitely
+inhibit printing of session and certificate information.  This implicitly
 turns on B<-ign_eof> as well.
 
 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
@@ -157,6 +163,13 @@ the server determines which cipher suite is used it should take the first
 supported cipher in the list sent by the client. See the B<ciphers>
 command for more information.
 
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
@@ -172,7 +185,7 @@ all others.
 If a connection is established with an SSL server then any data received
 from the server is displayed and any key presses will be sent to the
 server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
-have been given), the session will be renegociated if the line begins with an
+have been given), the session will be renegotiated if the line begins with an
 B<R>, and if the line begins with a B<Q> or if end of file is reached, the
 connection will be closed down.
 
diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod
index 23a073a..4b1e426 100644
--- a/crypto/openssl/doc/apps/s_server.pod
+++ b/crypto/openssl/doc/apps/s_server.pod
@@ -21,6 +21,7 @@ B<openssl> B<s_server>
 [B<-nbio_test>]
 [B<-crlf>]
 [B<-debug>]
+[B<-msg>]
 [B<-state>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
@@ -39,6 +40,8 @@ B<openssl> B<s_server>
 [B<-hack>]
 [B<-www>]
 [B<-WWW>]
+[B<-HTTP>]
+[B<-engine id>]
 [B<-rand file(s)>]
 
 =head1 DESCRIPTION
@@ -134,6 +137,10 @@ prints out the SSL session states.
 
 print extensive debugging information including a hex dump of all traffic.
 
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
 =item B<-nbio_test>
 
 tests non blocking I/O
@@ -187,6 +194,21 @@ emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded.
 
+=item B<-HTTP>
+
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded. The files loaded are
+assumed to contain a complete and correct HTTP response (lines that
+are part of the HTTP response line and headers must end with CRLF).
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod
index fa5d23e..2453dd2 100644
--- a/crypto/openssl/doc/apps/smime.pod
+++ b/crypto/openssl/doc/apps/smime.pod
@@ -340,8 +340,8 @@ detached signature format. You can use this program to verify the
 signature by line wrapping the base64 encoded structure and surrounding
 it with:
 
- -----BEGIN PKCS7----
- -----END PKCS7----
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
 
 and using the command, 
 
diff --git a/crypto/openssl/doc/apps/speed.pod b/crypto/openssl/doc/apps/speed.pod
index 77560f1..0dcdba8 100644
--- a/crypto/openssl/doc/apps/speed.pod
+++ b/crypto/openssl/doc/apps/speed.pod
@@ -7,6 +7,7 @@ speed - test library performance
 =head1 SYNOPSIS
 
 B<openssl speed>
+[B<-engine id>]
 [B<md2>]
 [B<mdc2>]
 [B<md5>]
@@ -39,7 +40,20 @@ This command is used to test the performance of cryptographic algorithms.
 
 =head1 OPTIONS
 
+=over 4
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<[zero or more test algorithms]>
+
 If any options are given, B<speed> tests those algorithms, otherwise all of
 the above are tested.
 
+=back
+
 =cut
diff --git a/crypto/openssl/doc/apps/version.pod b/crypto/openssl/doc/apps/version.pod
index 5d261a6..e00324c 100644
--- a/crypto/openssl/doc/apps/version.pod
+++ b/crypto/openssl/doc/apps/version.pod
@@ -46,6 +46,10 @@ compilation flags.
 
 platform setting.
 
+=item B<-d>
+
+OPENSSLDIR setting.
+
 =back
 
 =head1 NOTES
@@ -53,4 +57,8 @@ platform setting.
 The output of B<openssl version -a> would typically be used when sending
 in a bug report.
 
+=head1 HISTORY
+
+The B<-d> option was added in OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
index 84f76cb..674bfd1 100644
--- a/crypto/openssl/doc/apps/x509.pod
+++ b/crypto/openssl/doc/apps/x509.pod
@@ -36,6 +36,7 @@ B<openssl> B<x509>
 [B<-addreject arg>]
 [B<-setalias arg>]
 [B<-days arg>]
+[B<-set_serial n>]
 [B<-signkey filename>]
 [B<-x509toreq>]
 [B<-req>]
@@ -60,8 +61,9 @@ certificate trust settings.
 Since there are a large number of options they will split up into
 various sections.
 
+=head1 OPTIONS
 
-=head1 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
+=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
 
 =over 4
 
@@ -99,10 +101,10 @@ this option has no effect: SHA1 is always used with DSA keys.
 
 =back
 
-=head1 DISPLAY OPTIONS
+=head2 DISPLAY OPTIONS
 
 Note: the B<-alias> and B<-purpose> options are also display options
-but are described in the B<TRUST OPTIONS> section.
+but are described in the B<TRUST SETTINGS> section.
 
 =over 4
 
@@ -112,6 +114,13 @@ prints out the certificate in text form. Full details are output including the
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
 
+=item B<-certopt option>
+
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas. The B<-certopt> switch
+may be also be used more than once to set multiple options. See the B<TEXT OPTIONS>
+section for more information.
+
 =item B<-noout>
 
 this option prevents output of the encoded version of the request.
@@ -141,9 +150,10 @@ outputs the issuer name.
 
 =item B<-nameopt option>
 
-option which determine how the subject or issuer names are displayed. This
-option may be used more than once to set multiple options. See the B<NAME
-OPTIONS> section for more information.
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the B<NAME OPTIONS> section for more information.
 
 =item B<-email>
 
@@ -163,7 +173,8 @@ prints out the start and expiry dates of a certificate.
 
 =item B<-fingerprint>
 
-prints out the digest of the DER encoded version of the whole certificate.
+prints out the digest of the DER encoded version of the whole certificate
+(see digest options).
 
 =item B<-C>
 
@@ -171,7 +182,7 @@ this outputs the certificate in the form of a C source file.
 
 =back
 
-=head1 TRUST SETTINGS
+=head2 TRUST SETTINGS
 
 Please note these options are currently experimental and may well change.
 
@@ -242,7 +253,7 @@ EXTENSIONS> section.
 
 =back
 
-=head1 SIGNING OPTIONS
+=head2 SIGNING OPTIONS
 
 The B<x509> utility can be used to sign certificates and requests: it
 can thus behave like a "mini CA".
@@ -292,6 +303,16 @@ is used to pass the required private key.
 by default a certificate is expected on input. With this option a
 certificate request is expected instead.
 
+=item B<-set_serial n>
+
+specifies the serial number to use. This option can be used with either
+the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA>
+option the serial number file (as specified by the B<-CAserial> or
+B<-CAcreateserial> options) is not used.
+
+The serial number can be decimal or hex (if preceded by B<0x>). Negative
+serial numbers can also be specified but their use is not recommended.
+
 =item B<-CA filename>
 
 specifies the CA certificate to be used for signing. When this option is
@@ -321,7 +342,7 @@ The default filename consists of the CA certificate file base name with
 ".srl" appended. For example if the CA certificate file is called 
 "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
 
-=item B<-CAcreateserial filename>
+=item B<-CAcreateserial>
 
 with this option the CA serial number file is created if it does not exist:
 it will contain the serial number "02" and the certificate being signed will
@@ -342,7 +363,7 @@ specified then the extensions should either be contained in the unnamed
 
 =back
 
-=head1 NAME OPTIONS
+=head2 NAME OPTIONS
 
 The B<nameopt> command line switch determines how the subject and issuer
 names are displayed. If no B<nameopt> switch is present the default "oneline"
@@ -372,12 +393,12 @@ options.
 =item B<multiline>
 
 a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
-B<spc_eq> and B<lname>.
+B<spc_eq>, B<lname> and B<align>.
 
 =item B<esc_2253>
 
 escape the "special" characters required by RFC2253 in a field That is
-B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginnging of a string
+B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
 and a space character at the beginning or end of a string.
 
 =item B<esc_ctrl>
@@ -431,7 +452,7 @@ B<#XXXX...> format.
 
 dump non character string types (for example OCTET STRING) if this
 option is not set then non character string types will be displayed
-as though each content octet repesents a single character.
+as though each content octet represents a single character.
 
 =item B<dump_all>
 
@@ -467,6 +488,11 @@ not display the field at all. B<sname> uses the "short name" form
 B<oid> represents the OID in numerical form and is useful for
 diagnostic purpose.
 
+=item B<align>
+
+align field values for a more readable output. Only usable with
+B<sep_multiline>.
+
 =item B<spc_eq>
 
 places spaces round the B<=> character which follows the field
@@ -474,6 +500,85 @@ name.
 
 =back
 
+=head2 TEXT OPTIONS
+
+As well as customising the name output format, it is also possible to
+customise the actual fields printed using the B<certopt> options when
+the B<text> option is present. The default behaviour is to print all fields.
+
+=over 4
+
+=item B<compatible>
+
+use the old format. This is equivalent to specifying no output options at all.
+
+=item B<no_header>
+
+don't print header information: that is the lines saying "Certificate" and "Data".
+
+=item B<no_version>
+
+don't print out the version number.
+
+=item B<no_serial>
+
+don't print out the serial number.
+
+=item B<no_signame>
+
+don't print out the signature algorithm used.
+
+=item B<no_validity>
+
+don't print the validity, that is the B<notBefore> and B<notAfter> fields.
+
+=item B<no_subject>
+
+don't print out the subject name.
+
+=item B<no_issuer>
+
+don't print out the issuer name.
+
+=item B<no_pubkey>
+
+don't print out the public key.
+
+=item B<no_sigdump>
+
+don't give a hexadecimal dump of the certificate signature.
+
+=item B<no_aux>
+
+don't print out certificate trust information.
+
+=item B<no_extensions>
+
+don't print out any X509V3 extensions.
+
+=item B<ext_default>
+
+retain default extension behaviour: attempt to print out unsupported certificate extensions.
+
+=item B<ext_error>
+
+print an error message for unsupported certificate extensions.
+
+=item B<ext_parse>
+
+ASN1 parse unsupported extensions.
+
+=item B<ext_dump>
+
+hex dump unsupported extensions.
+
+=item B<ca_default>
+
+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
+B<no_version>, B<no_sigdump> and B<no_signame>.
+
+=back
+
 =head1 EXAMPLES
 
 Note: in these examples the '\' means the example should be all on one
@@ -498,7 +603,7 @@ Display the certificate subject name in RFC2253 form:
 Display the certificate subject name in oneline form on a terminal
 supporting UTF8:
 
- openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
 
 Display the certificate MD5 fingerprint:
 
@@ -539,18 +644,18 @@ Set a certificate to be trusted for SSL client use and change set its alias to
 
 The PEM format uses the header and footer lines:
 
- -----BEGIN CERTIFICATE----
- -----END CERTIFICATE----
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
 
 it will also handle files containing:
 
- -----BEGIN X509 CERTIFICATE----
- -----END X509 CERTIFICATE----
+ -----BEGIN X509 CERTIFICATE-----
+ -----END X509 CERTIFICATE-----
 
 Trusted certificates have the lines
 
- -----BEGIN TRUSTED CERTIFICATE----
- -----END TRUSTED CERTIFICATE----
+ -----BEGIN TRUSTED CERTIFICATE-----
+ -----END TRUSTED CERTIFICATE-----
 
 The conversion to UTF8 format used with the name options assumes that
 T61Strings use the ISO8859-1 character set. This is wrong but Netscape
diff --git a/crypto/openssl/doc/c-indentation.el b/crypto/openssl/doc/c-indentation.el
index 48ca3cf..cbf01cb 100644
--- a/crypto/openssl/doc/c-indentation.el
+++ b/crypto/openssl/doc/c-indentation.el
@@ -13,12 +13,10 @@
 ;
 ; Apparently statement blocks that are not introduced by a statement
 ; such as "if" and that are not the body of a function cannot
-; be handled too well by CC mode with this indentation style.
-; The style defined below does not indent them at all.
-; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
-; command of Emacs).  If you know a solution to this problem
-; or find other problems with this indentation style definition,
-; please send e-mail to bodo@openssl.org.
+; be handled too well by CC mode with this indentation style,
+; so you have to indent them manually (you can use C-q tab).
+; 
+; For suggesting improvements, please send e-mail to bodo@openssl.org.
 
 (c-add-style "eay"
 	     '((c-basic-offset . 8)
diff --git a/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod b/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod
new file mode 100644
index 0000000..51679bf
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
+
+=head1 SYNOPSIS
+
+ ASN1_OBJECT *ASN1_OBJECT_new(void);
+ void ASN1_OBJECT_free(ASN1_OBJECT *a);
+
+=head1 DESCRIPTION
+
+The ASN1_OBJECT allocation routines, allocate and free an
+ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.
+
+ASN1_OBJECT_new() allocates and initializes a ASN1_OBJECT structure.
+
+ASN1_OBJECT_free() frees up the B<ASN1_OBJECT> structure B<a>.
+
+=head1 NOTES
+
+Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it
+is almost never used in applications. The ASN1 object utility functions
+such as OBJ_nid2obj() are used instead.
+
+=head1 RETURN VALUES
+
+If the allocation fails, ASN1_OBJECT_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+ASN1_OBJECT_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)|d2i_ASN1_OBJECT(3)>
+
+=head1 HISTORY
+
+ASN1_OBJECT_new() and ASN1_OBJECT_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
new file mode 100644
index 0000000..c4ec693
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data -
+ASN1_STRING utility functions
+
+=head1 SYNOPSIS
+
+ int ASN1_STRING_length(ASN1_STRING *x);
+ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+ ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+
+ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+
+ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+ int ASN1_STRING_type(ASN1_STRING *x);
+
+ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+=head1 DESCRIPTION
+
+These functions allow an B<ASN1_STRING> structure to be manipulated.
+
+ASN1_STRING_length() returns the length of the content of B<x>.
+
+ASN1_STRING_data() returns an internal pointer to the data of B<x>.
+Since this is an internal pointer it should B<not> be freed or
+modified in any way.
+
+ASN1_STRING_dup() returns a copy of the structure B<a>.
+
+ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two
+are identical. The string types and content are compared.
+
+ASN1_STRING_set() sets the data of string B<str> to the buffer
+B<data> or length B<len>. The supplied data is copied. If B<len>
+is -1 then the length is determined by strlen(data).
+
+ASN1_STRING_type() returns the type of B<x>, using standard constants
+such as B<V_ASN1_OCTET_STRING>.
+
+ASN1_STRING_to_UTF8() converts the string B<in> to UTF8 format, the
+converted data is allocated in a buffer in B<*out>. The length of
+B<out> is returned or a negative error code. The buffer B<*out>
+should be free using OPENSSL_free().
+
+=head1 NOTES
+
+Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
+structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
+to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
+B<ASN1_STRING> is also used for some B<CHOICE> types which consist
+entirely of primitive string types such as B<DirectoryString> and
+B<Time>.
+
+These functions should B<not> be used to examine or modify B<ASN1_INTEGER>
+or B<ASN1_ENUMERATED> types: the relevant B<INTEGER> or B<ENUMERATED>
+utility functions should be used instead.
+
+In general it cannot be assumed that the data returned by ASN1_STRING_data()
+is null terminated or does not contain embedded nulls. The actual format
+of the data will depend on the actual string type itself: for example
+for and IA5String the data will be ASCII, for a BMPString two bytes per
+character in big endian format, UTF8String will be in UTF8 format.
+
+Similar care should be take to ensure the data is in the correct format
+when calling ASN1_STRING_set().
+
+=head1 RETURN VALUES
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_new.pod b/crypto/openssl/doc/crypto/ASN1_STRING_new.pod
new file mode 100644
index 0000000..5b1bbb7
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ASN1_STRING_new.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free -
+ASN1_STRING allocation functions
+
+=head1 SYNOPSIS
+
+ ASN1_STRING * ASN1_STRING_new(void);
+ ASN1_STRING * ASN1_STRING_type_new(int type);
+ void ASN1_STRING_free(ASN1_STRING *a);
+
+=head1 DESCRIPTION
+
+ASN1_STRING_new() returns an allocated B<ASN1_STRING> structure. Its type
+is undefined.
+
+ASN1_STRING_type_new() returns an allocated B<ASN1_STRING> structure of
+type B<type>.
+
+ASN1_STRING_free() frees up B<a>.
+
+=head1 NOTES
+
+Other string types call the B<ASN1_STRING> functions. For example
+ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
+
+=head1 RETURN VALUES
+
+ASN1_STRING_new() and ASN1_STRING_type_new() return a valid
+ASN1_STRING structure or B<NULL> if an error occurred.
+
+ASN1_STRING_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod b/crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod
new file mode 100644
index 0000000..fbf9a1f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp - ASN1_STRING output routines.
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print(BIO *out, ASN1_STRING *str);
+
+
+=head1 DESCRIPTION
+
+These functions output an B<ASN1_STRING> structure. B<ASN1_STRING> is used to
+represent all the ASN1 string types.
+
+ASN1_STRING_print_ex() outputs B<str> to B<out>, the format is determined by
+the options B<flags>. ASN1_STRING_print_ex_fp() is identical except it outputs
+to B<fp> instead.
+
+ASN1_STRING_print() prints B<str> to B<out> but using a different format to
+ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF)
+with '.'.
+
+=head1 NOTES
+
+ASN1_STRING_print() is a legacy function which should be avoided in new applications.
+
+Although there are a large number of options frequently B<ASN1_STRFLAGS_RFC2253> is 
+suitable, or on UTF8 terminals B<ASN1_STRFLAGS_RFC2253 & ~ASN1_STRFLAGS_ESC_MSB>.
+
+The complete set of supported options for B<flags> is listed below.
+
+Various characters can be escaped. If B<ASN1_STRFLGS_ESC_2253> is set the characters
+determined by RFC2253 are escaped. If B<ASN1_STRFLGS_ESC_CTRL> is set control
+characters are escaped. If B<ASN1_STRFLGS_ESC_MSB> is set characters with the
+MSB set are escaped: this option should B<not> be used if the terminal correctly
+interprets UTF8 sequences.
+
+Escaping takes several forms.
+
+If the character being escaped is a 16 bit character then the form "\WXXXX" is used
+using exactly four characters for the hex representation. If it is 32 bits then
+"\UXXXXXXXX" is used using eight characters of its hex representation. These forms
+will only be used if UTF8 conversion is not set (see below).
+
+Printable characters are normally escaped using the backslash '\' character. If
+B<ASN1_STRFLGS_ESC_QUOTE> is set then the whole string is instead surrounded by
+double quote characters: this is arguably more readable than the backslash
+notation. Other characters use the "\XX" using exactly two characters of the hex
+representation.
+
+If B<ASN1_STRFLGS_UTF8_CONVERT> is set then characters are converted to UTF8
+format first. If the terminal supports the display of UTF8 sequences then this
+option will correctly display multi byte characters.
+
+If B<ASN1_STRFLGS_IGNORE_TYPE> is set then the string type is not interpreted at
+all: everything is assumed to be one byte per character. This is primarily for
+debugging purposes and can result in confusing output in multi character strings.
+
+If B<ASN1_STRFLGS_SHOW_TYPE> is set then the string type itself is printed out
+before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().
+
+The content of a string instead of being interpreted can be "dumped": this just
+outputs the value of the string using the form #XXXX using hex format for each
+octet.
+
+If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped.
+
+Normally non character string types (such as OCTET STRING) are assumed to be
+one byte per character, if B<ASN1_STRFLAGS_DUMP_UNKNOWN> is set then they will
+be dumped instead.
+
+When a type is dumped normally just the content octets are printed, if 
+B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
+instead (including tag and length octets).
+
+B<ASN1_STRFLGS_RFC2253> includes all the flags required by RFC2253. It is
+equivalent to:
+ ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
+ ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER
+
+=head1 SEE ALSO
+
+L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
+L<ASN1_tag2str(3)|ASN1_tag2str(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/BIO_f_md.pod b/crypto/openssl/doc/crypto/BIO_f_md.pod
index c32504d..0d24083 100644
--- a/crypto/openssl/doc/crypto/BIO_f_md.pod
+++ b/crypto/openssl/doc/crypto/BIO_f_md.pod
@@ -28,7 +28,7 @@ BIO_gets(), if its B<size> parameter is large enough finishes the
 digest calculation and returns the digest value. BIO_puts() is
 not supported.
 
-BIO_reset() reinitializes a digest BIO.
+BIO_reset() reinitialises a digest BIO.
 
 BIO_set_md() sets the message digest of BIO B<b> to B<md>: this
 must be called to initialize a digest BIO before any data is
diff --git a/crypto/openssl/doc/crypto/BIO_s_accept.pod b/crypto/openssl/doc/crypto/BIO_s_accept.pod
index c49da7f..7b63e46 100644
--- a/crypto/openssl/doc/crypto/BIO_s_accept.pod
+++ b/crypto/openssl/doc/crypto/BIO_s_accept.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
+BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
 BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
 BIO_get_bind_mode, BIO_do_accept - accept BIO
 
@@ -10,31 +10,31 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO
 
  #include <openssl/bio.h>
 
- BIO_METHOD * BIO_s_accept(void);
+ BIO_METHOD *BIO_s_accept(void);
 
- #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
- #define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+ long BIO_set_accept_port(BIO *b, char *name);
+ char *BIO_get_accept_port(BIO *b);
 
  BIO *BIO_new_accept(char *host_port);
 
- #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
- #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+ long BIO_set_nbio_accept(BIO *b, int n);
+ long BIO_set_accept_bios(BIO *b, char *bio);
 
- #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
- #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+ long BIO_set_bind_mode(BIO *b, long mode);
+ long BIO_get_bind_mode(BIO *b, long dummy);
 
  #define BIO_BIND_NORMAL		0
  #define BIO_BIND_REUSEADDR_IF_UNUSED	1
  #define BIO_BIND_REUSEADDR		2
 
- #define BIO_do_accept(b)	BIO_do_handshake(b)
+ int BIO_do_accept(BIO *b);
 
 =head1 DESCRIPTION
 
 BIO_s_accept() returns the accept BIO method. This is a wrapper
 round the platform's TCP/IP socket accept routines.
 
-Using accept BIOs TCP/IP connections can be accepted and data
+Using accept BIOs, TCP/IP connections can be accepted and data
 transferred using only BIO routines. In this way any platform
 specific operations are hidden by the BIO abstraction.
 
@@ -92,7 +92,7 @@ BIO_do_accept() serves two functions. When it is first
 called, after the accept BIO has been setup, it will attempt
 to create the accept socket and bind an address to it. Second
 and subsequent calls to BIO_do_accept() will await an incoming
-connection.
+connection, or request a retry in non blocking mode.
 
 =head1 NOTES
 
@@ -130,6 +130,17 @@ however because the accept BIO will still accept additional incoming
 connections. This can be resolved by using BIO_pop() (see above)
 and freeing up the accept BIO after the initial connection.
 
+If the underlying accept socket is non-blocking and BIO_do_accept() is
+called to await an incoming connection it is possible for
+BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens
+then it is an indication that an accept attempt would block: the application
+should take appropriate action to wait until the underlying socket has
+accepted a connection and retry the call.
+
+BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(),
+BIO_set_accept_bios(), BIO_set_bind_mode(), BIO_get_bind_mode() and
+BIO_do_accept() are macros.
+
 =head1 RETURN VALUES
 
 TBA
diff --git a/crypto/openssl/doc/crypto/BIO_s_bio.pod b/crypto/openssl/doc/crypto/BIO_s_bio.pod
index 95ae802..8d0a55a 100644
--- a/crypto/openssl/doc/crypto/BIO_s_bio.pod
+++ b/crypto/openssl/doc/crypto/BIO_s_bio.pod
@@ -76,7 +76,9 @@ BIO_get_write_buf_size() returns the size of the write buffer.
 BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and
 BIO_set_write_buf_size() to create a connected pair of BIOs B<bio1>, B<bio2>
 with write buffer sizes B<writebuf1> and B<writebuf2>. If either size is
-zero then the default size is used.
+zero then the default size is used.  BIO_new_bio_pair() does not check whether
+B<bio1> or B<bio2> do point to some other BIO, the values are overwritten,
+BIO_free() is not called.
 
 BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum
 length of data that can be currently written to the BIO. Writes larger than this
@@ -118,9 +120,59 @@ the application then waits for data to be available on the underlying transport
 before flushing the write buffer it will never succeed because the request was
 never sent!
 
+=head1 RETURN VALUES
+
+BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
+B<bio1> and B<bio2>, or 0 on failure, with NULL pointers stored into the
+locations for B<bio1> and B<bio2>. Check the error stack for more information.
+
+[XXXXX: More return values need to be added here]
+
 =head1 EXAMPLE
 
-TBA
+The BIO pair can be used to have full control over the network access of an
+application. The application can call select() on the socket as required
+without having to go through the SSL-interface.
+
+ BIO *internal_bio, *network_bio;
+ ...
+ BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
+ SSL_set_bio(ssl, internal_bio, internal_bio);
+ SSL_operations();
+ ...
+
+ application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+    +----------< BIO-pair (network_bio)
+    |        |
+  socket     |
+
+  ...
+  SSL_free(ssl);		/* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
+
+As the BIO pair will only buffer the data and never directly access the
+connection, it behaves non-blocking and will return as soon as the write
+buffer is full or the read buffer is drained. Then the application has to
+flush the write buffer and/or fill the read buffer.
+
+Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
+and must be transfered to the network. Use BIO_ctrl_get_read_request() to
+find out, how many bytes must be written into the buffer before the
+SSL_operation() can successfully be continued.
+
+=head1 WARNING
+
+As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+condition, but there is still data in the write buffer. An application must
+not rely on the error value of SSL_operation() but must assure that the
+write buffer is always flushed first. Otherwise a deadlock may occur as
+the peer might be waiting for the data before being able to continue.
 
 =head1 SEE ALSO
 
diff --git a/crypto/openssl/doc/crypto/BIO_s_connect.pod b/crypto/openssl/doc/crypto/BIO_s_connect.pod
index fe1aa67..bcf7d8d 100644
--- a/crypto/openssl/doc/crypto/BIO_s_connect.pod
+++ b/crypto/openssl/doc/crypto/BIO_s_connect.pod
@@ -13,25 +13,27 @@ BIO_set_nbio, BIO_do_connect - connect BIO
 
  BIO_METHOD * BIO_s_connect(void);
 
- #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
- #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
- #define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
- #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
- #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
- #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
- #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
- #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+ BIO *BIO_new_connect(char *name);
 
- #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+ long BIO_set_conn_hostname(BIO *b, char *name);
+ long BIO_set_conn_port(BIO *b, char *port);
+ long BIO_set_conn_ip(BIO *b, char *ip);
+ long BIO_set_conn_int_port(BIO *b, char *port);
+ char *BIO_get_conn_hostname(BIO *b);
+ char *BIO_get_conn_port(BIO *b);
+ char *BIO_get_conn_ip(BIO *b, dummy);
+ long BIO_get_conn_int_port(BIO *b, int port);
 
- #define BIO_do_connect(b)	BIO_do_handshake(b)
+ long BIO_set_nbio(BIO *b, long n);
+
+ int BIO_do_connect(BIO *b);
 
 =head1 DESCRIPTION
 
 BIO_s_connect() returns the connect BIO method. This is a wrapper
 round the platform's TCP/IP socket connection routines.
 
-Using connect BIOs TCP/IP connections can be made and data
+Using connect BIOs, TCP/IP connections can be made and data
 transferred using only BIO routines. In this way any platform
 specific operations are hidden by the BIO abstraction.
 
@@ -54,7 +56,7 @@ BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
 it also returns the socket . If B<c> is not NULL it should be of
 type (int *).
 
-BIO_set_conn_hostname() uses the string B<name> to set the hostname
+BIO_set_conn_hostname() uses the string B<name> to set the hostname.
 The hostname can be an IP address. The hostname can also include the
 port in the form hostname:port . It is also acceptable to use the
 form "hostname/any/other/path" or "hostname:port/any/other/path".
@@ -87,6 +89,9 @@ is set. Blocking I/O is the default. The call to BIO_set_nbio()
 should be made before the connection is established because 
 non blocking I/O is set during the connect process.
 
+BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
+a single call: that is it creates a new connect BIO with B<name>.
+
 BIO_do_connect() attempts to connect the supplied BIO. It returns 1
 if the connection was established successfully. A zero or negative
 value is returned if the connection could not be established, the
@@ -123,6 +128,11 @@ then this is an indication that a connection attempt would block,
 the application should then take appropriate action to wait until
 the underlying socket has connected and retry the call.
 
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(),
+BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and
+BIO_do_connect() are macros.
+
 =head1 RETURN VALUES
 
 BIO_s_connect() returns the connect BIO method.
diff --git a/crypto/openssl/doc/crypto/BIO_s_socket.pod b/crypto/openssl/doc/crypto/BIO_s_socket.pod
index 2531851..1c8d3a9 100644
--- a/crypto/openssl/doc/crypto/BIO_s_socket.pod
+++ b/crypto/openssl/doc/crypto/BIO_s_socket.pod
@@ -8,10 +8,10 @@ BIO_s_socket, BIO_new_socket - socket BIO
 
  #include <openssl/bio.h>
 
- BIO_METHOD *	BIO_s_socket(void);
+ BIO_METHOD *BIO_s_socket(void);
 
- #define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
- #define BIO_get_fd(b,c)	BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+ long BIO_set_fd(BIO *b, int fd, long close_flag);
+ long BIO_get_fd(BIO *b, int *c);
 
  BIO *BIO_new_socket(int sock, int close_flag);
 
@@ -27,10 +27,10 @@ If the close flag is set then the socket is shut down and closed
 when the BIO is freed.
 
 BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close
-flag to B<c>.
+flag to B<close_flag>.
 
 BIO_get_fd() places the socket in B<c> if it is not NULL, it also
-returns the socket . If B<c> is not NULL it should be of type (int *).
+returns the socket. If B<c> is not NULL it should be of type (int *).
 
 BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
 
@@ -44,6 +44,8 @@ platforms sockets are not file descriptors and use distinct I/O routines,
 Windows is one such platform. Any code mixing the two will not work on
 all platforms.
 
+BIO_set_fd() and BIO_get_fd() are macros.
+
 =head1 RETURN VALUES
 
 BIO_s_socket() returns the socket BIO method.
diff --git a/crypto/openssl/doc/crypto/BN_CTX_new.pod b/crypto/openssl/doc/crypto/BN_CTX_new.pod
index c94d8c6..ad8d07d 100644
--- a/crypto/openssl/doc/crypto/BN_CTX_new.pod
+++ b/crypto/openssl/doc/crypto/BN_CTX_new.pod
@@ -42,7 +42,7 @@ BN_CTX_init() and BN_CTX_free() have no return values.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
 L<BN_CTX_start(3)|BN_CTX_start(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_add.pod b/crypto/openssl/doc/crypto/BN_add.pod
index 0541d45..88c7a79 100644
--- a/crypto/openssl/doc/crypto/BN_add.pod
+++ b/crypto/openssl/doc/crypto/BN_add.pod
@@ -2,8 +2,9 @@
 
 =head1 NAME
 
-BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
-BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs
+BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
+arithmetic operations on BIGNUMs
 
 =head1 SYNOPSIS
 
@@ -15,16 +16,26 @@ BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs
 
  int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
 
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+
  int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
          BN_CTX *ctx);
 
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
-
  int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
 
- int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
          BN_CTX *ctx);
 
+ int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
  int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
 
  int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
@@ -34,45 +45,59 @@ BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs
 
 =head1 DESCRIPTION
 
-BN_add() adds B<a> and B<b> and places the result in B<r> (C<r=a+b>).
-B<r> may be the same B<BIGNUM> as B<a> or B<b>.
+BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
 
-BN_sub() subtracts B<b> from B<a> and places the result in B<r> (C<r=a-b>).
+BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>).
 
-BN_mul() multiplies B<a> and B<b> and places the result in B<r> (C<r=a*b>).
-B<r> may be the same B<BIGNUM> as B<a> or B<b>.
+BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
 For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>.
 
-BN_div() divides B<a> by B<d> and places the result in B<dv> and the
-remainder in B<rem> (C<dv=a/d, rem=a%d>). Either of B<dv> and B<rem> may
-be NULL, in which case the respective value is not returned.
+BN_sqr() takes the square of I<a> and places the result in I<r>
+(C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>.
+This function is faster than BN_mul(r,a,a).
+
+BN_div() divides I<a> by I<d> and places the result in I<dv> and the
+remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may
+be B<NULL>, in which case the respective value is not returned.
+The result is rounded towards zero; thus if I<a> is negative, the
+remainder will be zero or negative.
 For division by powers of 2, use BN_rshift(3).
 
-BN_sqr() takes the square of B<a> and places the result in B<r>
-(C<r=a^2>). B<r> and B<a> may be the same B<BIGNUM>.
-This function is faster than BN_mul(r,a,a).
+BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
+
+BN_nnmod() reduces I<a> modulo I<m> and places the non-negative
+remainder in I<r>.
+
+BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative
+result in I<r>.
+
+BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
+non-negative result in I<r>.
 
-BN_mod() find the remainder of B<a> divided by B<m> and places it in
-B<rem> (C<rem=a%m>).
+BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative
+remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
+the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
+repeated computations using the same modulus, see
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> and
+L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
 
-BN_mod_mul() multiplies B<a> by B<b> and finds the remainder when
-divided by B<m> (C<r=(a*b)%m>). B<r> may be the same B<BIGNUM> as B<a>
-or B<b>. For a more efficient algorithm, see
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>; for repeated
-computations using the same modulus, see L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
+BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
+result in I<r>.
 
-BN_exp() raises B<a> to the B<p>-th power and places the result in B<r>
+BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
 (C<r=a^p>). This function is faster than repeated applications of
 BN_mul().
 
-BN_mod_exp() computes B<a> to the B<p>-th power modulo B<m> (C<r=a^p %
+BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
 m>). This function uses less time and space than BN_exp().
 
-BN_gcd() computes the greatest common divisor of B<a> and B<b> and
-places the result in B<r>. B<r> may be the same B<BIGNUM> as B<a> or
-B<b>.
+BN_gcd() computes the greatest common divisor of I<a> and I<b> and
+places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
+I<b>.
 
-For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
+For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
 temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>.
 
 Unless noted otherwise, the result B<BIGNUM> must be different from
@@ -86,14 +111,16 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
 L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
 
 =head1 HISTORY
 
-BN_add(), BN_sub(), BN_div(), BN_sqr(), BN_mod(), BN_mod_mul(),
+BN_add(), BN_sub(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(),
 BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and
-OpenSSL. The B<ctx> argument to BN_mul() was added in SSLeay
+OpenSSL. The I<ctx> argument to BN_mul() was added in SSLeay
 0.9.1b. BN_exp() appeared in SSLeay 0.9.0.
+BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() were added in
+OpenSSL 0.9.7.
 
 =cut
diff --git a/crypto/openssl/doc/crypto/BN_add_word.pod b/crypto/openssl/doc/crypto/BN_add_word.pod
index 66bedfb..94244ad 100644
--- a/crypto/openssl/doc/crypto/BN_add_word.pod
+++ b/crypto/openssl/doc/crypto/BN_add_word.pod
@@ -46,7 +46,7 @@ BN_mod_word() and BN_div_word() return B<a>%B<w>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/BN_bn2bin.pod b/crypto/openssl/doc/crypto/BN_bn2bin.pod
index b62d1af..a4b17ca 100644
--- a/crypto/openssl/doc/crypto/BN_bn2bin.pod
+++ b/crypto/openssl/doc/crypto/BN_bn2bin.pod
@@ -80,7 +80,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
 L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
 L<BN_num_bytes(3)|BN_num_bytes(3)>
 
diff --git a/crypto/openssl/doc/crypto/BN_copy.pod b/crypto/openssl/doc/crypto/BN_copy.pod
index 8ad25e7..388dd7d 100644
--- a/crypto/openssl/doc/crypto/BN_copy.pod
+++ b/crypto/openssl/doc/crypto/BN_copy.pod
@@ -25,7 +25,7 @@ by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod
index 638f651..6ea2379 100644
--- a/crypto/openssl/doc/crypto/BN_generate_prime.pod
+++ b/crypto/openssl/doc/crypto/BN_generate_prime.pod
@@ -90,7 +90,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/BN_mod_inverse.pod b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
index 49e62da..3ea3975 100644
--- a/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+++ b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
@@ -27,7 +27,7 @@ NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_err
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
index 0b8ab51..6b16351 100644
--- a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+++ b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
@@ -36,22 +36,23 @@ using the same modulus.
 BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
 BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
 
-BN_MONT_CTX_set() sets up the B<mont> structure from the modulus B<m>
+BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m>
 by precomputing its inverse and a value R.
 
-BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> B<from> to B<to>.
+BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>.
 
 BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
 it was created by BN_MONT_CTX_new(), also the structure itself.
 
-BN_mod_mul_montgomery() computes Mont(B<a>,B<b>):=B<a>*B<b>*R^-1 and places
-the result in B<r>.
+BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places
+the result in I<r>.
 
-BN_from_montgomery() performs the Montgomery reduction B<r> = B<a>*R^-1.
+BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
 
-BN_to_montgomery() computes Mont(B<a>,R^2), i.e. B<a>*R.
+BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
+Note that I<a> must be non-negative and smaller than the modulus.
 
-For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
+For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
 temporary variables.
 
 The B<BN_MONT_CTX> structure is defined as follows:
@@ -79,9 +80,14 @@ BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
 For the other functions, 1 is returned for success, 0 on error.
 The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
+=head1 WARNING
+
+The inputs must be reduced modulo B<m>, otherwise the result will be
+outside the expected range.
+
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
 L<BN_CTX_new(3)|BN_CTX_new(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
index a28925f..74a216d 100644
--- a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+++ b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -69,7 +69,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
 L<BN_CTX_new(3)|BN_CTX_new(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_new.pod b/crypto/openssl/doc/crypto/BN_new.pod
index c1394ff..3033789 100644
--- a/crypto/openssl/doc/crypto/BN_new.pod
+++ b/crypto/openssl/doc/crypto/BN_new.pod
@@ -42,7 +42,7 @@ values.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod
index 9cec238..81f93c2 100644
--- a/crypto/openssl/doc/crypto/BN_rand.pod
+++ b/crypto/openssl/doc/crypto/BN_rand.pod
@@ -45,7 +45,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
 L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_swap.pod b/crypto/openssl/doc/crypto/BN_swap.pod
new file mode 100644
index 0000000..79efaa1
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_swap.pod
@@ -0,0 +1,23 @@
+=pod
+
+=head1 NAME
+
+BN_swap - exchange BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_swap(BIGNUM *a, BIGNUM *b);
+
+=head1 DESCRIPTION
+
+BN_swap() exchanges the values of I<a> and I<b>.
+
+L<bn(3)|bn(3)>
+
+=head1 HISTORY
+
+BN_swap was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/BN_zero.pod b/crypto/openssl/doc/crypto/BN_zero.pod
index 2f33876..b555ec3 100644
--- a/crypto/openssl/doc/crypto/BN_zero.pod
+++ b/crypto/openssl/doc/crypto/BN_zero.pod
@@ -12,7 +12,7 @@ operations
  int BN_zero(BIGNUM *a);
  int BN_one(BIGNUM *a);
 
- BIGNUM *BN_value_one(void);
+ const BIGNUM *BN_value_one(void);
 
  int BN_set_word(BIGNUM *a, unsigned long w);
  unsigned long BN_get_word(BIGNUM *a);
@@ -53,4 +53,7 @@ BN_zero(), BN_one() and BN_set_word() are available in all versions of
 SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
 SSLeay 0.8.
 
+BN_value_one() was changed to return a true const BIGNUM * in OpenSSL
+0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/DH_generate_key.pod b/crypto/openssl/doc/crypto/DH_generate_key.pod
index 920995b..81f09fd 100644
--- a/crypto/openssl/doc/crypto/DH_generate_key.pod
+++ b/crypto/openssl/doc/crypto/DH_generate_key.pod
@@ -40,7 +40,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/DH_generate_parameters.pod b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
index a7d0c75..9081e9e 100644
--- a/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+++ b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
@@ -59,7 +59,8 @@ a usable generator.
 
 =head1 SEE ALSO
 
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DH_free(3)|DH_free(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/DH_new.pod b/crypto/openssl/doc/crypto/DH_new.pod
index 64624b9..60c9300 100644
--- a/crypto/openssl/doc/crypto/DH_new.pod
+++ b/crypto/openssl/doc/crypto/DH_new.pod
@@ -29,7 +29,7 @@ DH_free() returns no value.
 
 =head1 SEE ALSO
 
-L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
 L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
 L<DH_generate_key(3)|DH_generate_key(3)>
 
diff --git a/crypto/openssl/doc/crypto/DH_set_method.pod b/crypto/openssl/doc/crypto/DH_set_method.pod
index b9a61d5..73261fc 100644
--- a/crypto/openssl/doc/crypto/DH_set_method.pod
+++ b/crypto/openssl/doc/crypto/DH_set_method.pod
@@ -2,43 +2,55 @@
 
 =head1 NAME
 
-DH_set_default_method, DH_get_default_method, DH_set_method,
-DH_new_method, DH_OpenSSL - select DH method
+DH_set_default_method, DH_get_default_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
 
 =head1 SYNOPSIS
 
  #include <openssl/dh.h>
+ #include <openssl/engine.h>
 
- void DH_set_default_method(DH_METHOD *meth);
+ void DH_set_default_method(const DH_METHOD *meth);
 
- DH_METHOD *DH_get_default_method(void);
+ const DH_METHOD *DH_get_default_method(void);
 
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
 
- DH *DH_new_method(DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
 
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
 
 =head1 DESCRIPTION
 
 A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DH_OpenSSL() returns a pointer to that method.
-
-DH_set_default_method() makes B<meth> the default method for all B<DH>
-structures created later.
-
-DH_get_default_method() returns a pointer to the current default
-method.
-
-DH_set_method() selects B<meth> for all operations using the structure B<dh>.
-
-DH_new_method() allocates and initializes a B<DH> structure so that
-B<method> will be used for the DH operations. If B<method> is B<NULL>,
-the default method is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
 
 =head1 THE DH_METHOD STRUCTURE
 
@@ -77,13 +89,24 @@ B<DH_METHOD>s.
 
 DH_set_default_method() returns no value.
 
-DH_set_method() returns a pointer to the B<DH_METHOD> previously
-associated with B<dh>.
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 
-DH_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
 returns a pointer to the newly allocated structure.
 
+=head1 NOTES
+
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
+
 =head1 SEE ALSO
 
 L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
@@ -93,4 +116,14 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
 
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/DSA_SIG_new.pod b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
index 6716555..3ac6140 100644
--- a/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+++ b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
@@ -30,7 +30,8 @@ DSA_SIG_free() returns no value.
 
 =head1 SEE ALSO
 
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/DSA_do_sign.pod b/crypto/openssl/doc/crypto/DSA_do_sign.pod
index a24fd57..5dfc733 100644
--- a/crypto/openssl/doc/crypto/DSA_do_sign.pod
+++ b/crypto/openssl/doc/crypto/DSA_do_sign.pod
@@ -36,7 +36,7 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
 L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
 L<DSA_sign(3)|DSA_sign(3)>
 
diff --git a/crypto/openssl/doc/crypto/DSA_dup_DH.pod b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
index 29cb107..7f6f0d1 100644
--- a/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+++ b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
@@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure
 
  #include <openssl/dsa.h>
 
- DH * DSA_dup_DH(DSA *r);
+ DH * DSA_dup_DH(const DSA *r);
 
 =head1 DESCRIPTION
 
@@ -27,7 +27,7 @@ Be careful to avoid small subgroup attacks when using this.
 
 =head1 SEE ALSO
 
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/DSA_generate_key.pod b/crypto/openssl/doc/crypto/DSA_generate_key.pod
index 52890db..af83ccf 100644
--- a/crypto/openssl/doc/crypto/DSA_generate_key.pod
+++ b/crypto/openssl/doc/crypto/DSA_generate_key.pod
@@ -24,7 +24,8 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
index 43f60b0..be7c924 100644
--- a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+++ b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
@@ -90,7 +90,7 @@ Seed lengths E<gt> 20 are not supported.
 
 =head1 SEE ALSO
 
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
 L<DSA_free(3)|DSA_free(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DSA_new.pod b/crypto/openssl/doc/crypto/DSA_new.pod
index 7dde544..48e9b82 100644
--- a/crypto/openssl/doc/crypto/DSA_new.pod
+++ b/crypto/openssl/doc/crypto/DSA_new.pod
@@ -14,7 +14,8 @@ DSA_new, DSA_free - allocate and free DSA objects
 
 =head1 DESCRIPTION
 
-DSA_new() allocates and initializes a B<DSA> structure.
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
 
 DSA_free() frees the B<DSA> structure and its components. The values are
 erased before the memory is returned to the system.
@@ -30,7 +31,7 @@ DSA_free() returns no value.
 
 =head1 SEE ALSO
 
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_generate_key(3)|DSA_generate_key(3)>
 
diff --git a/crypto/openssl/doc/crypto/DSA_set_method.pod b/crypto/openssl/doc/crypto/DSA_set_method.pod
index cabc3c0..bc3cfb1 100644
--- a/crypto/openssl/doc/crypto/DSA_set_method.pod
+++ b/crypto/openssl/doc/crypto/DSA_set_method.pod
@@ -2,20 +2,21 @@
 
 =head1 NAME
 
-DSA_set_default_method, DSA_get_default_method, DSA_set_method,
-DSA_new_method, DSA_OpenSSL - select DSA method
+DSA_set_default_method, DSA_get_default_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 =head1 SYNOPSIS
 
  #include <openssl/dsa.h>
+ #include <openssl/engine.h>
 
- void DSA_set_default_method(DSA_METHOD *meth);
+ void DSA_set_default_method(const DSA_METHOD *meth);
 
- DSA_METHOD *DSA_get_default_method(void);
+ const DSA_METHOD *DSA_get_default_method(void);
 
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
 
- DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
 
  DSA_METHOD *DSA_OpenSSL(void);
 
@@ -23,22 +24,35 @@ DSA_new_method, DSA_OpenSSL - select DSA method
 
 A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
 
-Initially, the default is to use the OpenSSL internal implementation.
-DSA_OpenSSL() returns a pointer to that method.
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
 
-DSA_set_default_method() makes B<meth> the default method for all B<DSA>
-structures created later.
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
 
 DSA_get_default_method() returns a pointer to the current default
-method.
-
-DSA_set_method() selects B<meth> for all operations using the structure B<dsa>.
-
-DSA_new_method() allocates and initializes a B<DSA> structure so that
-B<method> will be used for the DSA operations. If B<method> is B<NULL>,
-the default method is used.
+DSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
 
 =head1 THE DSA_METHOD STRUCTURE
 
@@ -84,18 +98,28 @@ struct
 
 =head1 RETURN VALUES
 
-DSA_OpenSSL() and DSA_get_default_method() return pointers to the
-respective B<DSA_METHOD>s.
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
 
 DSA_set_default_method() returns no value.
 
-DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
-associated with B<dsa>.
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 
-DSA_new_method() returns B<NULL> and sets an error code that can be
+DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated
-structure.
+fails. Otherwise it returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
 
 =head1 SEE ALSO
 
@@ -106,4 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
 
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/DSA_sign.pod b/crypto/openssl/doc/crypto/DSA_sign.pod
index f6e60a8..97389e8 100644
--- a/crypto/openssl/doc/crypto/DSA_sign.pod
+++ b/crypto/openssl/doc/crypto/DSA_sign.pod
@@ -55,7 +55,7 @@ Standard, DSS), ANSI X9.30
 
 =head1 SEE ALSO
 
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
 L<DSA_do_sign(3)|DSA_do_sign(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DSA_size.pod b/crypto/openssl/doc/crypto/DSA_size.pod
index 23b6320..ba4f650 100644
--- a/crypto/openssl/doc/crypto/DSA_size.pod
+++ b/crypto/openssl/doc/crypto/DSA_size.pod
@@ -8,7 +8,7 @@ DSA_size - get DSA signature size
 
  #include <openssl/dsa.h>
 
- int DSA_size(DSA *dsa);
+ int DSA_size(const DSA *dsa);
 
 =head1 DESCRIPTION
 
diff --git a/crypto/openssl/doc/crypto/ERR_get_error.pod b/crypto/openssl/doc/crypto/ERR_get_error.pod
index 3551bac..3444304 100644
--- a/crypto/openssl/doc/crypto/ERR_get_error.pod
+++ b/crypto/openssl/doc/crypto/ERR_get_error.pod
@@ -2,8 +2,10 @@
 
 =head1 NAME
 
-ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line,
-ERR_get_error_line_data, ERR_peek_error_line_data - obtain error code and data
+ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data,
+ERR_peek_last_error_line_data - obtain error code and data
 
 =head1 SYNOPSIS
 
@@ -11,22 +13,29 @@ ERR_get_error_line_data, ERR_peek_error_line_data - obtain error code and data
 
  unsigned long ERR_get_error(void);
  unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
 
  unsigned long ERR_get_error_line(const char **file, int *line);
  unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
 
  unsigned long ERR_get_error_line_data(const char **file, int *line,
          const char **data, int *flags);
  unsigned long ERR_peek_error_line_data(const char **file, int *line,
          const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
 
 =head1 DESCRIPTION
 
-ERR_get_error() returns the last error code from the thread's error
+ERR_get_error() returns the earliest error code from the thread's error
 queue and removes the entry. This function can be called repeatedly
 until there are no more error codes to return.
 
-ERR_peek_error() returns the last error code from the thread's
+ERR_peek_error() returns the earliest error code from the thread's
+error queue without modifying it.
+
+ERR_peek_last_error() returns the latest error code from the thread's
 error queue without modifying it.
 
 See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
@@ -34,12 +43,14 @@ location and reason of the error, and
 L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
 messages.
 
-ERR_get_error_line() and ERR_peek_error_line() are the same as the
-above, but they additionally store the file name and line number where
+ERR_get_error_line(), ERR_peek_error_line() and
+ERR_peek_last_error_line() are the same as the above, but they
+additionally store the file name and line number where
 the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
 
-ERR_get_error_line_data() and ERR_peek_error_line_data() store
-additional data and flags associated with the error code in *B<data>
+ERR_get_error_line_data(), ERR_peek_error_line_data() and
+ERR_get_last_error_line_data() store additional data and flags
+associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
 if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
 *B<flags>&B<ERR_TXT_MALLOCED> is true.
@@ -59,5 +70,7 @@ ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
 ERR_peek_error_line() are available in all versions of SSLeay and
 OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
 were added in SSLeay 0.9.0.
+ERR_peek_last_error(), ERR_peek_last_error_line() and
+ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7.
 
 =cut
diff --git a/crypto/openssl/doc/crypto/EVP_BytesToKey.pod b/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
new file mode 100644
index 0000000..5ce4add
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+ EVP_BytesToKey - password based encryption routine
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+                       const unsigned char *salt,
+                       const unsigned char *data, int datal, int count,
+                       unsigned char *key,unsigned char *iv);
+
+=head1 DESCRIPTION
+
+EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
+the cipher to derive the key and IV for. B<md> is the message digest to use.
+The B<salt> paramter is used as a salt in the derivation: it should point to
+an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
+B<datal> bytes which is used to derive the keying data. B<count> is the
+iteration count to use. The derived key and IV will be written to B<key>
+and B<iv> respectively.
+
+=head1 NOTES
+
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the B<data> parameter.
+
+Increasing the B<count> parameter slows down the algorithm which makes it
+harder for an attacker to peform a brute force attack using a large number
+of candidate passwords.
+
+If the total key and IV length is less than the digest length and
+B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
+otherwise a non standard extension is used to derive the extra data.
+
+Newer applications should use more standard algorithms such as PKCS#5
+v2.0 for key derivation.
+
+=head1 KEY DERIVATION ALGORITHM
+
+The key and IV is derived by concatenating D_1, D_2, etc until
+enough data is available for the key and IV. D_i is defined as:
+
+	D_i = HASH^count(D_(i-1) || data || salt)
+
+where || denotes concatentaion, D_0 is empty, HASH is the digest
+algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
+is HASH(HASH(data)) and so on.
+
+The initial bytes are used for the key and the subsequent bytes for
+the IV.
+
+=head1 RETURN VALUES
+
+EVP_BytesToKey() returns the size of the derived key in bytes.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+
+=head1 HISTORY
+
+=cut
diff --git a/crypto/openssl/doc/crypto/EVP_DigestInit.pod b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
index b99ecd2..5901c39 100644
--- a/crypto/openssl/doc/crypto/EVP_DigestInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
@@ -2,9 +2,10 @@
 
 =head1 NAME
 
-EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size,
-EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
+EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
+EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
 EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
 EVP digest routines
@@ -13,15 +14,28 @@ EVP digest routines
 
  #include <openssl/evp.h>
 
- void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+ void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
+
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
         unsigned int *s);
 
- #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
 
  int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
 
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+
+
  #define EVP_MD_type(e)			((e)->type)
  #define EVP_MD_pkey_type(e)		((e)->pkey_type)
  #define EVP_MD_size(e)			((e)->md_size)
@@ -32,15 +46,15 @@ EVP digest routines
  #define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
  #define EVP_MD_CTX_type(e)		EVP_MD_type((e)->digest)
 
- EVP_MD *EVP_md_null(void);
- EVP_MD *EVP_md2(void);
- EVP_MD *EVP_md5(void);
- EVP_MD *EVP_sha(void);
- EVP_MD *EVP_sha1(void);
- EVP_MD *EVP_dss(void);
- EVP_MD *EVP_dss1(void);
- EVP_MD *EVP_mdc2(void);
- EVP_MD *EVP_ripemd160(void);
+ const EVP_MD *EVP_md_null(void);
+ const EVP_MD *EVP_md2(void);
+ const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_sha(void);
+ const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_dss(void);
+ const EVP_MD *EVP_dss1(void);
+ const EVP_MD *EVP_mdc2(void);
+ const EVP_MD *EVP_ripemd160(void);
 
  const EVP_MD *EVP_get_digestbyname(const char *name);
  #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -50,25 +64,48 @@ EVP digest routines
 
 The EVP digest routines are a high level interface to message digests.
 
-EVP_DigestInit() initializes a digest context B<ctx> to use a digest
-B<type>: this will typically be supplied by a function such as
-EVP_sha1().
+EVP_MD_CTX_init() initializes digest contet B<ctx>.
+
+EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
+
+EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
+If B<impl> is NULL then the default implementation of digest B<type> is used.
 
 EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
 digest context B<ctx>. This function can be called several times on the
 same B<ctx> to hash additional data.
 
-EVP_DigestFinal() retrieves the digest value from B<ctx> and places
+EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
 it in B<md>. If the B<s> parameter is not NULL then the number of
 bytes of data written (i.e. the length of the digest) will be written
 to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
-After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate()
-can be made, but EVP_DigestInit() can be called to initialize a new
+After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit_ex() can be called to initialize a new
 digest operation.
 
-EVP_MD_CTX_copy() can be used to copy the message digest state from
+EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called
+after a digest context is no longer needed.
+
+EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the
+space allocated to it, it should be called only on a context created
+using EVP_MD_CTX_create().
+
+EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
 B<in> to B<out>. This is useful if large amounts of data are to be
-hashed which only differ in the last few bytes.
+hashed which only differ in the last few bytes. B<out> must be initialized
+before calling this function.
+
+EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
+the passed context B<ctx> does not have to be initialized, and it always
+uses the default digest implementation.
+
+EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
+contet B<ctx> is automatically cleaned up.
+
+EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
+B<out> does not have to be initialized.
 
 EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
 when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
@@ -107,9 +144,10 @@ using, for example, OpenSSL_add_all_digests() for these functions to work.
 
 =head1 RETURN VALUES
 
-EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
+EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
+success and 0 for failure.
 
-EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.
+EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
 
 EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
 corresponding OBJECT IDENTIFIER or NID_undef if none exists.
@@ -134,6 +172,19 @@ transparent to the digest used and much more flexible.
 SHA1 is the digest of choice for new applications. The other digest algorithms
 are still in common use.
 
+For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
+set to NULL to use the default digest implementation.
+
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
+obsolete but are retained to maintain compatibility with existing code. New
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
+EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
+instead of initializing and cleaning it up on each call and allow non default
+implementations of digests to be specified.
+
+In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
+memory leaks will occur. 
+
 =head1 EXAMPLE
 
 This example digests the data "Test Message\n" and "Hello World\n", using the
@@ -165,10 +216,12 @@ digest name passed on the command line.
 	exit(1);
  }
 
- EVP_DigestInit(&mdctx, md);
+ EVP_MD_CTX_init(&mdctx);
+ EVP_DigestInit_ex(&mdctx, md, NULL);
  EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
  EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
- EVP_DigestFinal(&mdctx, md_value, &md_len);
+ EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+ EVP_MD_CTX_cleanup(&mdctx);
 
  printf("Digest is: ");
  for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
@@ -177,17 +230,10 @@ digest name passed on the command line.
 
 =head1 BUGS
 
-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
-
 The link between digests and signing algorithms results in a situation where
 EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
 even though they are identical digests.
 
-The size of an B<EVP_MD_CTX> structure is determined at compile time: this results
-in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
-
 =head1 SEE ALSO
 
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
@@ -199,4 +245,12 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
 available in all versions of SSLeay and OpenSSL.
 
+EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
+EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
+and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
index 483ff62..daf57e5 100644
--- a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
@@ -2,43 +2,65 @@
 
 =head1 NAME
 
-EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit,
-EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate,
-EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl,
-EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid,
-EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size,
-EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags,
-EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid,
-EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length,
-EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type,
-EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1,
-EVP_CIPHER_asn1_to_param - EVP cipher routines
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
+EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
+EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
+EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
+EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
+EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
+EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
+EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
+EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
+EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
+EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
+EVP_CIPHER_CTX_set_padding - EVP cipher routines
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv);
+ int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+
+ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+	 ENGINE *impl, unsigned char *key, unsigned char *iv);
  int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+	 ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
  int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl);
 
  int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
          unsigned char *key, unsigned char *iv);
- int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
  int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
          int *outl);
 
  int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
          unsigned char *key, unsigned char *iv, int enc);
- int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
  int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
          int *outl);
 
+ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
  int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
  int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
  int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
@@ -74,14 +96,19 @@ EVP_CIPHER_asn1_to_param - EVP cipher routines
 The EVP cipher routines are a high level interface to certain
 symmetric ciphers.
 
-EVP_EncryptInit() initializes a cipher context B<ctx> for encryption
-with cipher B<type>. B<type> is normally supplied by a function such
-as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the
-IV to use (if necessary), the actual number of bytes used for the
-key and IV depends on the cipher. It is possible to set all parameters
-to NULL except B<type> in an initial call and supply the remaining
-parameters in subsequent calls, all of which have B<type> set to NULL.
-This is done when the default cipher parameters are not appropriate.
+EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
+
+EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
+with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
+before calling this function. B<type> is normally supplied
+by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+default implementation is used. B<key> is the symmetric key to use
+and B<iv> is the IV to use (if necessary), the actual number of bytes
+used for the key and IV depends on the cipher. It is possible to set
+all parameters to NULL except B<type> in an initial call and supply
+the remaining parameters in subsequent calls, all of which have B<type>
+set to NULL. This is done when the default cipher parameters are not
+appropriate.
 
 EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
 writes the encrypted version to B<out>. This function can be called
@@ -89,32 +116,49 @@ multiple times to encrypt successive blocks of data. The amount
 of data written depends on the block alignment of the encrypted data:
 as a result the amount of data written may be anything from zero bytes
 to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
-room.  The actual number of bytes written is placed in B<outl>.
+room. The actual number of bytes written is placed in B<outl>.
+
+If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
+the "final" data, that is any data that remains in a partial block.
+It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted
+final data is written to B<out> which should have sufficient space for
+one cipher block. The number of bytes written is placed in B<outl>. After
+this function is called the encryption operation is finished and no further
+calls to EVP_EncryptUpdate() should be made.
 
-EVP_EncryptFinal() encrypts the "final" data, that is any data that
-remains in a partial block. It uses L<standard block padding|/NOTES> (aka PKCS
-padding). The encrypted final data is written to B<out> which should
-have sufficient space for one cipher block. The number of bytes written
-is placed in B<outl>. After this function is called the encryption operation
-is finished and no further calls to EVP_EncryptUpdate() should be made.
+If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
+data and it will return an error if any data remains in a partial block:
+that is if the total data length is not a multiple of the block size. 
 
-EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
+EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
 corresponding decryption operations. EVP_DecryptFinal() will return an
-error code if the final block is not correctly formatted. The parameters
-and restrictions are identical to the encryption operations except that
-the decrypted data buffer B<out> passed to EVP_DecryptUpdate() should
-have sufficient room for (B<inl> + cipher_block_size) bytes unless the
-cipher block size is 1 in which case B<inl> bytes is sufficient.
-
-EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions
-that can be used for decryption or encryption. The operation performed
-depends on the value of the B<enc> parameter. It should be set to 1 for
-encryption, 0 for decryption and -1 to leave the value unchanged (the
-actual value of 'enc' being supplied in a previous call).
-
-EVP_CIPHER_CTX_cleanup() clears all information from a cipher context.
-It should be called after all operations using a cipher are complete
-so sensitive information does not remain in memory.
+error code if padding is enabled and the final block is not correctly
+formatted. The parameters and restrictions are identical to the encryption
+operations except that if padding is enabled the decrypted data buffer B<out>
+passed to EVP_DecryptUpdate() should have sufficient room for
+(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
+which case B<inl> bytes is sufficient.
+
+EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
+functions that can be used for decryption or encryption. The operation
+performed depends on the value of the B<enc> parameter. It should be set
+to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+
+EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
+and free up any allocated memory associate with it. It should be called
+after all operations using a cipher are complete so sensitive information
+does not remain in memory.
+
+EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
+similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
+EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+initialized and they always use the default cipher implementation.
+
+EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
+similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
+after the call.
 
 EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
 return an EVP_CIPHER structure when passed a cipher name, a NID or an
@@ -125,6 +169,13 @@ passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
 value is an internal value which may not have a corresponding OBJECT
 IDENTIFIER.
 
+EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
+encryption operations are padded using standard block padding and the
+padding is checked and removed when decrypting. If the B<pad> parameter
+is zero then no padding is performed, the total amount of data encrypted
+or decrypted must then be a multiple of the block size or an error will
+occur.
+
 EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
 length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
 structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
@@ -185,14 +236,14 @@ RC5 can be set.
 
 =head1 RETURN VALUES
 
-EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() return 1 for success
-and 0 for failure.
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and
+EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
 
-EVP_DecryptInit() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
-EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
+EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
+EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
 
-EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
-EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.
+EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
 
 EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
 
@@ -207,6 +258,8 @@ size.
 EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
 length.
 
+EVP_CIPHER_CTX_set_padding() always returns 1.
+
 EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
 length or zero if the cipher does not use an IV.
 
@@ -301,25 +354,26 @@ encrypted then 5 padding bytes of value 5 will be added.
 
 When decrypting the final block is checked to see if it has the correct form.
 
-Although the decryption operation can produce an error, it is not a strong
-test that the input data or key is correct. A random block has better than
-1 in 256 chance of being of the correct format and problems with the
-input data earlier on will not produce a final decrypt error.
+Although the decryption operation can produce an error if padding is enabled,
+it is not a strong test that the input data or key is correct. A random block
+has better than 1 in 256 chance of being of the correct format and problems with
+the input data earlier on will not produce a final decrypt error.
+
+If padding is disabled then the decryption operation will always succeed if
+the total amount of data decrypted is a multiple of the block size.
 
-The functions EVP_EncryptInit(), EVP_EncryptUpdate(), EVP_EncryptFinal(),
-EVP_DecryptInit(), EVP_DecryptUpdate(), EVP_CipherInit() and EVP_CipherUpdate()
-and EVP_CIPHER_CTX_cleanup() did not return errors in OpenSSL version 0.9.5a or
-earlier. Software only versions of encryption algorithms will never return
-error codes for these functions, unless there is a programming error (for example
-and attempt to set the key before the cipher is set in EVP_EncryptInit() ).
+The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
+EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
+compatibility with existing code. New code should use EVP_EncryptInit_ex(),
+EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
+EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
+existing context without allocating and freeing it up on each call.
 
 =head1 BUGS
 
 For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
 a limitation of the current RC5 code rather than the EVP interface.
 
-It should be possible to disable PKCS padding: currently it isn't.
-
 EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
 default key lengths. If custom ciphers exceed these values the results are
 unpredictable. This is because it has become standard practice to define a 
@@ -333,22 +387,113 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
 Get the number of rounds used in RC5:
 
  int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
 
 Get the RC2 effective key length:
 
  int key_bits;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
 
 Set the number of rounds used in RC5:
 
  int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
 
-Set the number of rounds used in RC2:
+Set the effective key length used in RC2:
+
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+
+Encrypt a string using blowfish:
+
+ int do_crypt(char *outfile)
+ 	{
+	unsigned char outbuf[1024];
+	int outlen, tmplen;
+	/* Bogus key and IV: we'd normally set these from
+	 * another source.
+	 */
+	unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+	unsigned char iv[] = {1,2,3,4,5,6,7,8};
+	char intext[] = "Some Crypto Text";
+	EVP_CIPHER_CTX ctx;
+	FILE *out;
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
+
+	if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
+		{
+		/* Error */
+		return 0;
+		}
+	/* Buffer passed to EVP_EncryptFinal() must be after data just
+	 * encrypted to avoid overwriting it.
+	 */
+	if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
+		{
+		/* Error */
+		return 0;
+		}
+	outlen += tmplen;
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	/* Need binary mode for fopen because encrypted data is
+	 * binary data. Also cannot use strlen() on it because
+         * it wont be null terminated and may contain embedded
+	 * nulls.
+	 */
+	out = fopen(outfile, "wb");
+	fwrite(outbuf, 1, outlen, out);
+	fclose(out);
+	return 1;
+	}
+
+The ciphertext from the above example can be decrypted using the B<openssl>
+utility with the command line:
+ 
+ S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
+
+General encryption, decryption function example using FILE I/O and RC2 with an
+80 bit key:
+
+ int do_crypt(FILE *in, FILE *out, int do_encrypt)
+ 	{
+	/* Allow enough space in output buffer for additional block */
+	inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+	int inlen, outlen;
+	/* Bogus key and IV: we'd normally set these from
+	 * another source.
+	 */
+	unsigned char key[] = "0123456789";
+	unsigned char iv[] = "12345678";
+	/* Don't set key or IV because we will modify the parameters */
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
+	EVP_CIPHER_CTX_set_key_length(&ctx, 10);
+	/* We finished modifying parameters so now we can set key and IV */
+	EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
+
+	for(;;) 
+		{
+		inlen = fread(inbuf, 1, 1024, in);
+		if(inlen <= 0) break;
+		if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
+			{
+			/* Error */
+			return 0;
+			}
+		fwrite(outbuf, 1, outlen, out);
+		}
+	if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
+		{
+		/* Error */
+		return 0;
+		}
+	fwrite(outbuf, 1, outlen, out);
+
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	return 1;
+	}
 
- int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL);
 
 =head1 SEE ALSO
 
@@ -356,4 +501,9 @@ L<evp(3)|evp(3)>
 
 =head1 HISTORY
 
+EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
+EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
+EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
+OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_new.pod b/crypto/openssl/doc/crypto/EVP_PKEY_new.pod
new file mode 100644
index 0000000..10687e4
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_PKEY_new.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *EVP_PKEY_new(void);
+ void EVP_PKEY_free(EVP_PKEY *key);
+
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
+structure which is used by OpenSSL to store private keys.
+
+EVP_PKEY_free() frees up the private key B<key>.
+
+=head1 NOTES
+
+The B<EVP_PKEY> structure is used by various OpenSSL functions
+which require a general private key without reference to any
+particular algorithm.
+
+The structure returned by EVP_PKEY_new() is empty. To add a
+private key to this empty structure the functions described in
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
+structure of B<NULL> if an error occurred.
+
+EVP_PKEY_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod b/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod
new file mode 100644
index 0000000..2db692e
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
+EVP_PKEY_type - EVP_PKEY assignment functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+
+ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+
+ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+
+ int EVP_PKEY_type(int type);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
+B<NULL> if the key is not of the correct type.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+however these use the supplied B<key> internally and so B<key>
+will be freed when the parent B<pkey> is freed.
+
+EVP_PKEY_type() returns the type of key corresponding to the value
+B<type>. The type of a key can be obtained with
+EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
+EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
+key types or NID_undef if the key type is unassigned.
+
+=head1 NOTES
+
+In accordance with the OpenSSL naming convention the key obtained
+from or assigned to the B<pkey> using the B<1> functions must be
+freed as well as B<pkey>.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+EVP_PKEY_assign_EC_KEY() are implemented as macros.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
+an error occurred.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/EVP_SealInit.pod b/crypto/openssl/doc/crypto/EVP_SealInit.pod
index 0451eb6..25ef07f 100644
--- a/crypto/openssl/doc/crypto/EVP_SealInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_SealInit.pod
@@ -73,4 +73,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>
 
 =head1 HISTORY
 
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/EVP_SignInit.pod b/crypto/openssl/doc/crypto/EVP_SignInit.pod
index 51d05ff..b203c3a 100644
--- a/crypto/openssl/doc/crypto/EVP_SignInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_SignInit.pod
@@ -8,10 +8,12 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
 
  #include <openssl/evp.h>
 
- void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
  int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
 
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
  int EVP_PKEY_size(EVP_PKEY *pkey);
 
 =head1 DESCRIPTION
@@ -19,9 +21,9 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
 The EVP signature routines are a high level interface to digital
 signatures.
 
-EVP_SignInit() initializes a signing context B<ctx> to using digest
-B<type>: this will typically be supplied by a function such as
-EVP_sha1().
+EVP_SignInit_ex() sets up signing context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function.
 
 EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
 signature context B<ctx>. This function can be called several times on the
@@ -31,18 +33,18 @@ EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
 and places the signature in B<sig>. If the B<s> parameter is not NULL
 then the number of bytes of data written (i.e. the length of the signature)
 will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
-will be written.  After calling EVP_SignFinal() no additional calls to
-EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialize
-a new signature operation.
+will be written. 
+
+EVP_SignInit() initializes a signing context B<ctx> to use the default
+implementation of digest B<type>.
 
 EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
 signature returned by EVP_SignFinal() may be smaller.
 
 =head1 RETURN VALUES
 
-EVP_SignInit() and EVP_SignUpdate() do not return values.
-
-EVP_SignFinal() returns 1 for success and 0 for failure.
+EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
+for success and 0 for failure.
 
 EVP_PKEY_size() returns the maximum size of a signature in bytes.
 
@@ -63,11 +65,18 @@ When signing with DSA private keys the random number generator must be seeded
 or the operation will fail. The random number generator does not need to be
 seeded for RSA signatures.
 
+The call to EVP_SignFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
+later to digest and sign additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
 =head1 BUGS
 
-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
+Older versions of this documentation wrongly stated that calls to 
+EVP_SignUpdate() could not be made after calling EVP_SignFinal().
 
 =head1 SEE ALSO
 
@@ -82,4 +91,6 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
 available in all versions of SSLeay and OpenSSL.
 
+EVP_SignInit_ex() was added in OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/EVP_VerifyInit.pod b/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
index 5d0d1fb..b6afaed 100644
--- a/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
@@ -8,30 +8,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f
 
  #include <openssl/evp.h>
 
- void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
  int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
 
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
 =head1 DESCRIPTION
 
 The EVP signature verification routines are a high level interface to digital
 signatures.
 
-EVP_VerifyInit() initializes a verification context B<ctx> to using digest
-B<type>: this will typically be supplied by a function such as EVP_sha1().
+EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
+EVP_MD_CTX_init() before calling this function.
 
 EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
 verification context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
 
 EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
-and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
-no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
-can be called to initialize a new verification operation.
+and against the B<siglen> bytes at B<sigbuf>.
+
+EVP_VerifyInit() initializes verification context B<ctx> to use the default
+implementation of digest B<type>.
 
 =head1 RETURN VALUES
 
-EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.
+EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
+failure.
 
 EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
 other error occurred.
@@ -49,11 +54,18 @@ digest algorithm must be used with the correct public key type. A list of
 algorithms and associated public key algorithms appears in 
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 
+The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
+later to digest and verify additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
 =head1 BUGS
 
-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
+Older versions of this documentation wrongly stated that calls to 
+EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
 
 =head1 SEE ALSO
 
@@ -69,4 +81,6 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
 available in all versions of SSLeay and OpenSSL.
 
+EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
+
 =cut
diff --git a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
new file mode 100644
index 0000000..7dcc079
--- /dev/null
+++ b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
@@ -0,0 +1,149 @@
+=pod
+
+=head1 NAME
+
+OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
+functions
+
+=head1 SYNOPSIS
+
+ ASN1_OBJECT * OBJ_nid2obj(int n);
+ const char *  OBJ_nid2ln(int n);
+ const char *  OBJ_nid2sn(int n);
+
+ int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
+
+ int OBJ_txt2nid(const char *s);
+
+ ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+
+ int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+ ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
+
+ int OBJ_create(const char *oid,const char *sn,const char *ln);
+ void OBJ_cleanup(void);
+
+=head1 DESCRIPTION
+
+The ASN1 object utility functions process ASN1_OBJECT structures which are
+a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
+an ASN1_OBJECT structure, its long name and its short name respectively,
+or B<NULL> is an error occurred.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
+for the object B<o>, the long name <ln> or the short name <sn> respectively
+or NID_undef if an error occurred.
+
+OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
+a long name, a short name or the numerical respresentation of an object.
+
+OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
+If B<no_name> is 0 then long names and short names will be interpreted
+as well as numerical forms. If B<no_name> is 1 only the numerical form
+is acceptable.
+
+OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
+The representation is written as a null terminated string to B<buf>
+at most B<buf_len> bytes are written, truncating the result if necessary.
+The total amount of space required is returned. If B<no_name> is 0 then
+if the object has a long or short name then that will be used, otherwise
+the numerical form will be used. If B<no_name> is 1 then the numerical
+form will always be used.
+
+OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
+
+OBJ_dup() returns a copy of B<o>.
+
+OBJ_create() adds a new object to the internal table. B<oid> is the 
+numerical form of the object, B<sn> the short name and B<ln> the
+long name. A new NID is returned for the created object.
+
+OBJ_cleanup() cleans up OpenSSLs internal object table: this should
+be called before an application exits if any new objects were added
+using OBJ_create().
+
+=head1 NOTES
+
+Objects in OpenSSL can have a short name, a long name and a numerical
+identifier (NID) associated with them. A standard set of objects is
+represented in an internal table. The appropriate values are defined
+in the header file B<objects.h>.
+
+For example the OID for commonName has the following definitions:
+
+ #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
+
+New objects can be added by calling OBJ_create().
+
+Table objects have certain advantages over other objects: for example
+their NIDs can be used in a C language switch statement. They are
+also static constant structures which are shared: that is there
+is only a single constant structure for each table object.
+
+Objects which are not in the table have the NID value NID_undef.
+
+Objects do not need to be in the internal tables to be processed,
+the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
+form of an OID.
+
+=head1 EXAMPLES
+
+Create an object for B<commonName>:
+
+ ASN1_OBJECT *o;
+ o = OBJ_nid2obj(NID_commonName);
+
+Check if an object is B<commonName>
+
+ if (OBJ_obj2nid(obj) == NID_commonName)
+	/* Do something */
+
+Create a new NID and initialize an object from it:
+
+ int new_nid;
+ ASN1_OBJECT *obj;
+ new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+
+ obj = OBJ_nid2obj(new_nid);
+ 
+Create a new object directly:
+
+ obj = OBJ_txt2obj("1.2.3.4", 1);
+
+=head1 BUGS
+
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
+convention of other OpenSSL functions where the buffer can be set
+to B<NULL> to determine the amount of data that should be written.
+Instead B<buf> must point to a valid buffer and B<buf_len> should
+be set to a positive value. A buffer length of 80 should be more
+than enough to handle any OID encountered in practice.
+
+=head1 RETURN VALUES
+
+OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
+error occurred.
+
+OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
+on error.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
+a NID or B<NID_undef> on error.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
index e8beac2..c39ac35 100644
--- a/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ b/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -75,6 +75,11 @@ or "built on: date not available" otherwise.
 The "Configure" target of the library build in the form "platform: ..."
 if available or "platform: information not available" otherwise.
 
+=item SSLEAY_DIR
+
+The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
+if available or "OPENSSLDIR: N/A" otherwise.
+
 =back
 
 For an unknown B<t>, the text "not available" is returned.
@@ -91,5 +96,6 @@ L<crypto(3)|crypto(3)>
 
 SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
 OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
+B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
 
 =cut
diff --git a/crypto/openssl/doc/crypto/PKCS12_create.pod b/crypto/openssl/doc/crypto/PKCS12_create.pod
new file mode 100644
index 0000000..48f3bb8
--- /dev/null
+++ b/crypto/openssl/doc/crypto/PKCS12_create.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+PKCS12_create - create a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
+				int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+
+=head1 DESCRIPTION
+
+PKCS12_create() creates a PKCS#12 structure.
+
+B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
+the supplied certifictate and key. B<pkey> is the private key to include in
+the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
+is an optional set of certificates to also include in the structure.
+
+B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
+for the key and certificate respectively. B<iter> is the encryption algorithm
+iteration count to use and B<mac_iter> is the MAC iteration count to use.
+B<keytype> is the type of key.
+
+=head1 NOTES
+
+The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
+can all be set to zero and sensible defaults will be used.
+
+These defaults are: 40 bit RC2 encryption for certificates, triple DES
+encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
+(currently 2048) and a MAC iteration count of 1.
+
+The default MAC iteration count is 1 in order to retain compatibility with
+old software which did not interpret MAC iteration counts. If such compatibility
+is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
+
+B<keytype> adds a flag to the store private key. This is a non standard extension
+that is only currently interpreted by MSIE. If set to zero the flag is omitted,
+if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
+it can be used for signing and encryption. This option was useful for old
+export grade software which could use signing only keys of arbitrary size but
+had restrictions on the permissible sizes of keys which could be used for
+encryption.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_create was added in OpenSSL 0.9.3
+
+=cut
diff --git a/crypto/openssl/doc/crypto/PKCS12_parse.pod b/crypto/openssl/doc/crypto/PKCS12_parse.pod
new file mode 100644
index 0000000..51344f8
--- /dev/null
+++ b/crypto/openssl/doc/crypto/PKCS12_parse.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+PKCS12_parse - parse a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+=head1 DESCRIPTION
+
+PKCS12_parse() parses a PKCS12 structure.
+
+B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
+If successful the private key will be written to B<*pkey>, the corresponding
+certificate to B<*cert> and any additional certificates to B<*ca>.
+
+=head1 NOTES
+
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
+in which case additional certificates will be discarded. B<*ca> can also
+be a valid STACK in which case additional certificates are appended to
+B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+
+The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
+will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+
+=head1 BUGS
+
+Only a single private key and corresponding certificate is returned by this function.
+More complex PKCS#12 files with multiple private keys will only return the first
+match.
+
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
+Other attributes are discarded.
+
+Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_parse was added in OpenSSL 0.9.3
+
+=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_decrypt.pod b/crypto/openssl/doc/crypto/PKCS7_decrypt.pod
new file mode 100644
index 0000000..b0ca067
--- /dev/null
+++ b/crypto/openssl/doc/crypto/PKCS7_decrypt.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
+structure. B<pkey> is the private key of the recipient, B<cert> is the
+recipients certificate, B<data> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
+function or errors about unknown algorithms will occur.
+
+Although the recipients certificate is not needed to decrypt the data it is needed
+to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+=head1 RETURN VALUES
+
+PKCS7_decrypt() returns either 1 for success or 0 for failure.
+The error can be obtained from ERR_get_error(3)
+
+=head1 BUGS
+
+PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
+be better if it could look up the correct key and certificate from a database.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+
+=head1 HISTORY
+
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_encrypt.pod b/crypto/openssl/doc/crypto/PKCS7_encrypt.pod
new file mode 100644
index 0000000..1a507b2
--- /dev/null
+++ b/crypto/openssl/doc/crypto/PKCS7_encrypt.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+PKCS7_encrypt - create a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
+supplied to this function must all contain RSA public keys, though they do not have to
+be signed using the RSA algorithm.
+
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
+most clients will support it.
+
+Some old "export grade" clients may only support weak encryption using 40 or 64 bit
+RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
+parameters. 
+
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+
+=head1 RETURN VALUES
+
+PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 BUGS
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_sign.pod b/crypto/openssl/doc/crypto/PKCS7_sign.pod
new file mode 100644
index 0000000..fc7e649
--- /dev/null
+++ b/crypto/openssl/doc/crypto/PKCS7_sign.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+PKCS7_sign - create a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
+is the certificate to sign with, B<pkey> is the corresponsding private key.
+B<certs> is an optional additional set of certificates to include in the
+PKCS#7 structure (for example any intermediate CAs in the chain). 
+
+The data to be signed is read from BIO B<data>.
+
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter.
+
+Many S/MIME clients expect the signed content to include valid MIME headers. If
+the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
+parameter though. This can reduce the size of the signature if the signers certificate
+can be obtained by other means: for example a previously signed message.
+
+The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
+is set in which case it is omitted. This is used for PKCS7 detached signatures
+which are used in S/MIME plaintext signed messages for example.
+
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it.
+
+The signedData structure includes several PKCS#7 autenticatedAttributes including
+the signing time, the PKCS#7 content type and the supported list of ciphers in
+an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
+will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
+omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
+of these algorithms is disabled then it will not be included.
+
+=head1 BUGS
+
+PKCS7_sign() is somewhat limited. It does not support multiple signers, some
+advanced attributes such as counter signatures are not supported.
+
+The SHA1 digest algorithm is currently always used.
+
+When the signed data is not detached it will be stored in memory within the
+B<PKCS7> structure. This effectively limits the size of messages which can be
+signed due to memory restraints. There should be a way to sign data without
+having to hold it all in memory, this would however require fairly major
+revisions of the OpenSSL ASN1 code.
+
+Clear text signing does not store the content in memory but the way PKCS7_sign()
+operates means that two passes of the data must typically be made: one to compute
+the signatures and a second to output the data along with the signature. There
+should be a way to process the data with only a single pass.
+
+=head1 RETURN VALUES
+
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
+
+=head1 HISTORY
+
+PKCS7_sign() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_verify.pod b/crypto/openssl/doc/crypto/PKCS7_verify.pod
new file mode 100644
index 0000000..07c9fda
--- /dev/null
+++ b/crypto/openssl/doc/crypto/PKCS7_verify.pod
@@ -0,0 +1,116 @@
+=pod
+
+=head1 NAME
+
+PKCS7_verify - verify a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
+structure to verify. B<certs> is a set of certificates in which to search for
+the signer's certificate. B<store> is a trusted certficate store (used for
+chain verification). B<indata> is the signed data if the content is not
+present in B<p7> (that is it is detached). The content is written to B<out>
+if it is not NULL.
+
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+
+PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
+B<not> check their validity or whether any signatures are valid. The B<certs>
+and B<flags> parameters have the same meanings as in PKCS7_verify().
+
+=head1 VERIFY PROCESS
+
+Normally the verify process proceeds as follows.
+
+Initially some sanity checks are performed on B<p7>. The type of B<p7> must
+be signedData. There must be at least one signature on the data and if
+the content is detached B<indata> cannot be B<NULL>.
+
+An attempt is made to locate all the signer's certificates, first looking in
+the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
+contained in the B<p7> structure itself. If any signer's certificates cannot be
+located the operation fails.
+
+Each signer's certificate is chain verified using the B<smimesign> purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If any chain verify fails an error code is returned.
+
+Finally the signed content is read (and written to B<out> is it is not NULL) and
+the signature's checked.
+
+If all signature's verify correctly then the function is successful.
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter
+to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
+meaningful to PKCS7_get0_signers().
+
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
+searched when locating the signer's certificate. This means that all the signers
+certificates must be in the B<certs> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
+
+If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
+not used as untrusted CAs. This means that the whole verify chain (apart from
+the signer's certificate) must be contained in the trusted store.
+
+If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
+
+=head1 NOTES
+
+One application of B<PKCS7_NOINTERN> is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the B<certs> parameter. In this case if the signer is not one of the
+certificates supplied in B<certs> then the verify will fail because the
+signer cannot be found.
+
+Care should be taken when modifying the default verify behaviour, for example
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
+and any signed message will be considered valid. This combination is however
+useful if one merely wishes to write the content to B<out> and its validity
+is not considered important.
+
+Chain verification should arguably be performed  using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+
+=head1 RETURN VALUES
+
+PKCS7_verify() returns 1 for a successful verification and zero or a negative
+value if an error occurs.
+
+PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 BUGS
+
+The trusted certificate store is not searched for the signers certificate,
+this is primarily due to the inadequacies of the current B<X509_STORE>
+functionality.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
+
+=head1 HISTORY
+
+PKCS7_verify() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/crypto/openssl/doc/crypto/RAND_bytes.pod b/crypto/openssl/doc/crypto/RAND_bytes.pod
index b6ebd50..ce6329c 100644
--- a/crypto/openssl/doc/crypto/RAND_bytes.pod
+++ b/crypto/openssl/doc/crypto/RAND_bytes.pod
@@ -35,7 +35,8 @@ method.
 
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<RAND_add(3)|RAND_add(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/RAND_egd.pod b/crypto/openssl/doc/crypto/RAND_egd.pod
index 71cab3c..62adbe1 100644
--- a/crypto/openssl/doc/crypto/RAND_egd.pod
+++ b/crypto/openssl/doc/crypto/RAND_egd.pod
@@ -11,6 +11,8 @@ RAND_egd - query entropy gathering daemon
  int RAND_egd(const char *path);
  int RAND_egd_bytes(const char *path, int bytes);
 
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+
 =head1 DESCRIPTION
 
 RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
@@ -27,6 +29,11 @@ be generated, it is not necessary to request the full amount 255 bytes from
 the EGD socket. This can be advantageous, since the amount of entropy
 that can be retrieved from EGD over time is limited.
 
+RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket
+B<path>. If B<buf> is given, B<bytes> bytes are queried and written into
+B<buf>. If B<buf> is NULL, B<bytes> bytes are queried and used to seed the
+OpenSSL built-in PRNG using L<RAND_add(3)|RAND_add(3)>.
+
 =head1 NOTES
 
 On systems without /dev/*random devices providing entropy from the kernel,
@@ -47,12 +54,19 @@ http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
 PRNGD does employ an internal PRNG itself and can therefore never run
 out of entropy.
 
+OpenSSL automatically queries EGD when entropy is requested via RAND_bytes()
+or the status is checked via RAND_status() for the first time, if the socket
+is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
+
 =head1 RETURN VALUE
 
 RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
 daemon on success, and -1 if the connection failed or the daemon did not
 return enough data to fully seed the PRNG.
 
+RAND_query_egd_bytes() returns the number of bytes read from the daemon on
+success, and -1 if the connection failed. The PRNG state is not considered.
+
 =head1 SEE ALSO
 
 L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
@@ -64,4 +78,8 @@ RAND_egd() is available since OpenSSL 0.9.5.
 
 RAND_egd_bytes() is available since OpenSSL 0.9.6.
 
+RAND_query_egd_bytes() is available since OpenSSL 0.9.7.
+
+The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
index 464eba4..c9bb6d9 100644
--- a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
+++ b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
@@ -8,22 +8,30 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 
  #include <openssl/rand.h>
 
- void RAND_set_rand_method(RAND_METHOD *meth);
+ void RAND_set_rand_method(const RAND_METHOD *meth);
 
- RAND_METHOD *RAND_get_rand_method(void);
+ const RAND_METHOD *RAND_get_rand_method(void);
 
  RAND_METHOD *RAND_SSLeay(void);
 
 =head1 DESCRIPTION
 
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
-number generation. By modifying the method, alternative
-implementations such as hardware RNGs may be used.  Initially, the
-default is to use the OpenSSL internal implementation. RAND_SSLeay()
-returns a pointer to that method.
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
 
-RAND_set_rand_method() sets the RAND method to B<meth>.
-RAND_get_rand_method() returns a pointer to the current method.
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
 
 =head1 THE RAND_METHOD STRUCTURE
 
@@ -47,13 +55,29 @@ Each component may be NULL if the function is not implemented.
 RAND_set_rand_method() returns no value. RAND_get_rand_method() and
 RAND_SSLeay() return pointers to the respective methods.
 
+=head1 NOTES
+
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
 
 =head1 HISTORY
 
 RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
 available in all versions of OpenSSL.
 
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/RSA_check_key.pod b/crypto/openssl/doc/crypto/RSA_check_key.pod
index 8a42d2e..a5198f3 100644
--- a/crypto/openssl/doc/crypto/RSA_check_key.pod
+++ b/crypto/openssl/doc/crypto/RSA_check_key.pod
@@ -37,12 +37,31 @@ and public exponent elements populated. It performs integrity checks on all
 the RSA key material, so the RSA key structure must contain all the private
 key data too.
 
+Unlike most other RSA functions, this function does B<not> work
+transparently with any underlying ENGINE implementation because it uses the
+key data in the RSA structure directly. An ENGINE implementation can
+override the way key data is stored and handled, and can even provide
+support for HSM keys - in which case the RSA structure may contain B<no>
+key data at all! If the ENGINE in question is only being used for
+acceleration or analysis purposes, then in all likelihood the RSA key data
+is complete and untouched, but this can't be assumed in the general case.
+
+=head1 BUGS
+
+A method of verifying the RSA key using opaque RSA API functions might need
+to be considered. Right now RSA_check_key() simply uses the RSA structure
+elements directly, bypassing the RSA_METHOD table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a "check_key()" handler to the
+RSA_METHOD function table so that alternative implementations can also
+provide their own verifiers.
+
 =head1 SEE ALSO
 
-L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
 
 =head1 HISTORY
 
-RSA_check() appeared in OpenSSL 0.9.4.
+RSA_check_key() appeared in OpenSSL 0.9.4.
 
 =cut
diff --git a/crypto/openssl/doc/crypto/RSA_generate_key.pod b/crypto/openssl/doc/crypto/RSA_generate_key.pod
index 8714f71..52dbb14 100644
--- a/crypto/openssl/doc/crypto/RSA_generate_key.pod
+++ b/crypto/openssl/doc/crypto/RSA_generate_key.pod
@@ -59,7 +59,8 @@ RSA_generate_key() goes into an infinite loop for illegal input values.
 
 =head1 SEE ALSO
 
-L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_free(3)|RSA_free(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/RSA_new.pod b/crypto/openssl/doc/crypto/RSA_new.pod
index f16490e..3d15b92 100644
--- a/crypto/openssl/doc/crypto/RSA_new.pod
+++ b/crypto/openssl/doc/crypto/RSA_new.pod
@@ -14,7 +14,8 @@ RSA_new, RSA_free - allocate and free RSA objects
 
 =head1 DESCRIPTION
 
-RSA_new() allocates and initializes an B<RSA> structure.
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
 
 RSA_free() frees the B<RSA> structure and its components. The key is
 erased before the memory is returned to the system.
@@ -29,7 +30,9 @@ RSA_free() returns no value.
 
 =head1 SEE ALSO
 
-L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/RSA_print.pod b/crypto/openssl/doc/crypto/RSA_print.pod
index 67876fa..e28d107 100644
--- a/crypto/openssl/doc/crypto/RSA_print.pod
+++ b/crypto/openssl/doc/crypto/RSA_print.pod
@@ -2,9 +2,9 @@
 
 =head1 NAME
 
-RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
-DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
-parameters
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters
 
 =head1 SYNOPSIS
 
diff --git a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
index 6861a98..746a80c 100644
--- a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+++ b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
@@ -59,7 +59,8 @@ obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
-L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
index 02edb7a..d53e19d 100644
--- a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+++ b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
@@ -72,11 +72,8 @@ SSL, PKCS #1 v2.0
 
 =head1 SEE ALSO
 
-L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
-
-=head1 NOTES
-
-The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode.
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_size(3)|RSA_size(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/crypto/RSA_set_method.pod b/crypto/openssl/doc/crypto/RSA_set_method.pod
index c1a5b39..0a305f6 100644
--- a/crypto/openssl/doc/crypto/RSA_set_method.pod
+++ b/crypto/openssl/doc/crypto/RSA_set_method.pod
@@ -3,60 +3,71 @@
 =head1 NAME
 
 RSA_set_default_method, RSA_get_default_method, RSA_set_method,
-RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref,
-RSA_null_method, RSA_flags, RSA_new_method - select RSA method
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
+RSA_new_method - select RSA method
 
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
 
- void RSA_set_default_method(RSA_METHOD *meth);
+ void RSA_set_default_method(const RSA_METHOD *meth);
 
  RSA_METHOD *RSA_get_default_method(void);
 
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
 
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
 
- RSA_METHOD *RSA_PKCS1_RSAref(void);
-
  RSA_METHOD *RSA_null_method(void);
 
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
 
  RSA *RSA_new_method(RSA_METHOD *method);
 
 =head1 DESCRIPTION
 
 An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation,
-unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL>
-options. RSA_PKCS1_SSLeay() returns a pointer to that method.
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
 
-RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref
-library. This is the default method in the C<rsaref> configuration;
-the function is not available in other configurations.
-RSA_null_method() returns a pointer to a method that does not support
-the RSA transformation. It is the default if OpenSSL is compiled with
-C<-DRSA_NULL>. These methods may be useful in the USA because of a
-patent on the RSA cryptosystem.
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
 
-RSA_set_default_method() makes B<meth> the default method for all B<RSA>
-structures created later.
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
 
 RSA_get_default_method() returns a pointer to the current default
-method.
-
-RSA_set_method() selects B<meth> for all operations using the key
-B<rsa>.
-
-RSA_get_method() returns a pointer to the method currently selected
-for B<rsa>.
+RSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
+
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
 
 RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
 
@@ -127,18 +138,44 @@ the default method is used.
 
 =head1 RETURN VALUES
 
-RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
-RSA_get_default_method() and RSA_get_method() return pointers to the
-respective B<RSA_METHOD>s.
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
+and RSA_get_method() return pointers to the respective RSA_METHODs.
 
 RSA_set_default_method() returns no value.
 
-RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
-associated with B<rsa>.
-
-RSA_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
+
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
 
 =head1 SEE ALSO
 
@@ -151,4 +188,15 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
 well as the rsa_sign and rsa_verify components of RSA_METHOD were
 added in OpenSSL 0.9.4.
 
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/RSA_sign.pod b/crypto/openssl/doc/crypto/RSA_sign.pod
index f0bf6ee..71688a6 100644
--- a/crypto/openssl/doc/crypto/RSA_sign.pod
+++ b/crypto/openssl/doc/crypto/RSA_sign.pod
@@ -50,8 +50,8 @@ SSL, PKCS #1 v2.0
 
 =head1 SEE ALSO
 
-L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
 L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
index df9ceb3..e70380b 100644
--- a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -47,8 +47,8 @@ These functions serve no recognizable purpose.
 
 =head1 SEE ALSO
 
-L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
 L<RSA_verify(3)|RSA_verify(3)>
 
 =head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_size.pod b/crypto/openssl/doc/crypto/RSA_size.pod
index b36b4d5..5b7f835 100644
--- a/crypto/openssl/doc/crypto/RSA_size.pod
+++ b/crypto/openssl/doc/crypto/RSA_size.pod
@@ -8,7 +8,7 @@ RSA_size - get RSA modulus size
 
  #include <openssl/rsa.h>
 
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
 
 =head1 DESCRIPTION
 
diff --git a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
new file mode 100644
index 0000000..ffafa37
--- /dev/null
+++ b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+SMIME_read_PKCS7 - parse S/MIME message.
+
+=head1 SYNOPSIS
+
+PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+
+=head1 DESCRIPTION
+
+SMIME_read_PKCS7() parses a message in S/MIME format.
+
+B<in> is a BIO to read the message from.
+
+If cleartext signing is used then the content is saved in
+a memory bio which is written to B<*bcont>, otherwise
+B<*bcont> is set to B<NULL>.
+
+The parsed PKCS#7 structure is returned or B<NULL> if an
+error occurred.
+
+=head1 NOTES
+
+If B<*bcont> is not B<NULL> then the message is clear text
+signed. B<*bcont> can then be passed to PKCS7_verify() with
+the B<PKCS7_DETACHED> flag set.
+
+Otherwise the type of the returned structure can be determined
+using PKCS7_type().
+
+To support future functionality if B<bcont> is not B<NULL>
+B<*bcont> should be initialized to B<NULL>. For example:
+
+ BIO *cont = NULL;
+ PKCS7 *p7;
+
+ p7 = SMIME_read_PKCS7(in, &cont);
+
+=head1 BUGS
+
+The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
+While it will handle most S/MIME messages more complex compound
+formats may not work.
+
+The parser assumes that the PKCS7 structure is always base64
+encoded and will not handle the case where it is in binary format
+or uses quoted printable format.
+
+The use of a memory BIO to hold the signed content limits the size
+of message which can be processed due to memory restraints: a
+streaming single pass option should be available.
+
+=head1 RETURN VALUES
+
+SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
+is an error occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
+L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_read_PKCS7() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod
new file mode 100644
index 0000000..2cfad2e
--- /dev/null
+++ b/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
+
+=head1 SYNOPSIS
+
+int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
+structure to produce an S/MIME message.
+
+B<out> is the BIO to write the data to. B<p7> is the appropriate
+B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
+being used then the signed data must be supplied in the B<data> 
+argument. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The following flags can be passed in the B<flags> parameter.
+
+If B<PKCS7_DETACHED> is set then cleartext signing will be used,
+this option only makes sense for signedData where B<PKCS7_DETACHED>
+is also set when PKCS7_sign() is also called.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
+are added to the content, this only makes sense if B<PKCS7_DETACHED>
+is also set.
+
+If cleartext signing is being used then the data must be read twice:
+once to compute the signature in PKCS7_sign() and once to output the
+S/MIME message.
+
+=head1 BUGS
+
+SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
+should be an option to disable this.
+
+There should really be a way to produce cleartext signing using only
+a single pass of the data.
+
+=head1 RETURN VALUES
+
+SMIME_write_PKCS7() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_write_PKCS7() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
new file mode 100644
index 0000000..d287c18
--- /dev/null
+++ b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
+X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
+X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
+
+=head1 SYNOPSIS
+
+ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len);
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
+and B<ASN1_OBJECT> structure.
+
+X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
+and B<ASN1_STRING> structure.
+
+X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
+
+X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
+B<type> and value determined by B<bytes> and B<len>.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+B<X509_NAME_ENTRY> structure.
+
+=head1 NOTES
+
+X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
+used to examine an B<X509_NAME_ENTRY> function as returned by 
+X509_NAME_get_entry() for example.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
+X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
+are seldom used in practice because B<X509_NAME_ENTRY> structures
+are almost always part of B<X509_NAME> structures and the
+corresponding B<X509_NAME> functions are typically used to
+create and add new entries in a single operation.
+
+The arguments of these functions support similar options to the similarly
+named ones of the corresponding B<X509_NAME> functions such as
+X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
+B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
+set first so the relevant field information can be looked up internally.
+
+=head1 RETURN VALUES
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
+L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
new file mode 100644
index 0000000..4472a1c
--- /dev/null
+++ b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -0,0 +1,110 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
+
+=head1 SYNOPSIS
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+
+=head1 DESCRIPTION
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
+X509_NAME_add_entry_by_NID() add a field whose name is defined
+by a string B<field>, an object B<obj> or a NID B<nid> respectively.
+The field value to be added is in B<bytes> of length B<len>. If
+B<len> is -1 then the field length is calculated internally using
+strlen(bytes).
+
+The type of field is determined by B<type> which can either be a
+definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
+standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
+added to a position determined by B<loc> and B<set>.
+
+X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
+to B<name>. The new entry is added to a position determined by B<loc>
+and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
+the call.
+
+X509_NAME_delete_entry() deletes an entry from B<name> at position
+B<loc>. The deleted entry is returned and must be freed up.
+
+=head1 NOTES
+
+The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
+is strongly recommened for the B<type> parameter. This allows the
+internal code to correctly determine the type of the field and to
+apply length checks according to the relevant standards. This is
+done using ASN1_STRING_set_by_NID().
+
+If instead an ASN1 type is used no checks are performed and the
+supplied data in B<bytes> is used directly.
+
+In X509_NAME_add_entry_by_txt() the B<field> string represents
+the field name using OBJ_txt2obj(field, 0).
+
+The B<loc> and B<set> parameters determine where a new entry should
+be added. For almost all applications B<loc> can be set to -1 and B<set>
+to 0. This adds a new entry to the end of B<name> as a single valued
+RelativeDistinguishedName (RDN).
+
+B<loc> actually determines the index where the new entry is inserted:
+if it is -1 it is appended. 
+
+B<set> determines how the new type is added. If it is zero a
+new RDN is created.
+
+If B<set> is -1 or 1 it is added to the previous or next RDN
+structure respectively. This will then be a multivalued RDN:
+since multivalues RDNs are very seldom used B<set> is almost
+always set to zero.
+
+=head1 EXAMPLES
+
+Create an B<X509_NAME> structure:
+
+"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
+
+ X509_NAME *nm;
+ nm = X509_NAME_new();
+ if (nm == NULL)
+	/* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+			"C", "UK", -1, -1, 0))
+	/* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+			"O", "Disorganized Organization", -1, -1, 0))
+	/* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+			"CN", "Joe Bloggs", -1, -1, 0))
+	/* Error */
+
+=head1 RETURN VALUES
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
+X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
+success of 0 if an error occurred.
+
+X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
+structure of B<NULL> if an error occurred.
+
+=head1 BUGS
+
+B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
+different algorithm to determine field types. Since this form does
+not understand multicharacter types, performs no length checks and
+can result in invalid field types its use is strongly discouraged.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
new file mode 100644
index 0000000..333323d
--- /dev/null
+++ b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -0,0 +1,106 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
+X509_NAME lookup and enumeration functions
+
+=head1 SYNOPSIS
+
+int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
+
+int X509_NAME_entry_count(X509_NAME *name);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+
+=head1 DESCRIPTION
+
+These functions allow an B<X509_NAME> structure to be examined. The
+B<X509_NAME> structure is the same as the B<Name> type defined in
+RFC2459 (and elsewhere) and used for example in certificate subject
+and issuer names.
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
+the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
+should initially be set to -1. If there are no more entries -1 is returned.
+
+X509_NAME_entry_count() returns the total number of entries in B<name>.
+
+X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
+corresponding to index B<loc>. Acceptable values for B<loc> run from
+0 to (X509_NAME_entry_count(name) - 1). The value returned is an
+internal pointer which must not be freed.
+
+X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
+the "text" from the first entry in B<name> which matches B<nid> or
+B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
+will be written and the text written to B<buf> will be null
+terminated. The length of the output string written is returned
+excluding the terminating null. If B<buf> is <NULL> then the amount
+of space needed in B<buf> (excluding the final null) is returned. 
+
+=head1 NOTES
+
+X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
+legacy functions which have various limitations which make them
+of minimal use in practice. They can only find the first matching
+entry and will copy the contents of the field verbatim: this can
+be highly confusing if the target is a muticharacter string type
+like a BMPString or a UTF8String.
+
+For a more general solution X509_NAME_get_index_by_NID() or
+X509_NAME_get_index_by_OBJ() should be used followed by
+X509_NAME_get_entry() on any matching indices and then the
+various B<X509_NAME_ENTRY> utility functions on the result.
+
+=head1 EXAMPLES
+
+Process all entries:
+
+ int i;
+ X509_NAME_ENTRY *e;
+
+ for (i = 0; i < X509_NAME_entry_count(nm); i++)
+	{
+	e = X509_NAME_get_entry(nm, i);
+	/* Do something with e */
+	}
+
+Process all commonName entries:
+
+ int loc;
+ X509_NAME_ENTRY *e;
+
+ loc = -1;
+ for (;;)
+	{
+	lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+	if (lastpos == -1)
+		break;
+	e = X509_NAME_get_entry(nm, lastpos);
+	/* Do something with e */
+	}
+
+=head1 RETURN VALUES
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
+return the index of the next matching entry or -1 if not found.
+
+X509_NAME_entry_count() returns the total number of entries.
+
+X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
+requested entry or B<NULL> if the index is invalid.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod b/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
new file mode 100644
index 0000000..907c04f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+X509_NAME_oneline - X509_NAME printing routines.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+ char *	X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+
+=head1 DESCRIPTION
+
+X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
+line (for multiline formats) is indented by B<indent> spaces. The output format
+can be extensively customised by use of the B<flags> parameter.
+
+X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
+written to FILE pointer B<fp>.
+
+X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
+bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
+and returned, otherwise B<buf> is returned.
+
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
+characters. Multiple lines are used if the output (including indent) exceeds
+80 characters.
+
+=head1 NOTES
+
+The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
+produce a non standard output form, they don't handle multi character fields and
+have various quirks and inconsistencies. Their use is strongly discouraged in new
+applications.
+
+Although there are a large number of possible flags for most purposes
+B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
+As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
+for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example
+B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used.
+
+The complete set of the flags supported by X509_NAME_print_ex() is listed below.
+
+Several options can be ored together.
+
+The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
+B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
+to use. Two distinct separators are used between distinct RelativeDistinguishedName
+components and separate values in the same RDN for a multi-valued RDN. Multi-valued
+RDNs are currently very rare so the second separator will hardly ever be used.
+
+B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
+uses comma and plus with spaces: this is more readable that plain comma and plus.
+B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
+spaced newline and plus respectively.
+
+If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
+
+The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
+B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
+use the short name (e.g. CN) the long name (e.g. commonName) always
+use OID numerical form (normally OIDs are only used if the field name is not
+recognised) and no field name respectively.
+
+If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
+separating field names and values.
+
+If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
+printed instead of the values.
+
+If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
+is only of use for multiline format.
+
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
+control how each field value is displayed.
+
+In addition a number options can be set for commonly used formats.
+
+B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
+is equivalent to:
+ B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
+
+
+B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
+ B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
+
+B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
+ B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
+
+B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
+
+=head1 SEE ALSO
+
+L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/X509_new.pod b/crypto/openssl/doc/crypto/X509_new.pod
new file mode 100644
index 0000000..fd5fc65
--- /dev/null
+++ b/crypto/openssl/doc/crypto/X509_new.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+X509_new, X509_free - X509 certificate ASN1 allocation functions
+
+=head1 SYNOPSIS
+
+ X509 *X509_new(void);
+ void X509_free(X509 *a);
+
+=head1 DESCRIPTION
+
+The X509 ASN1 allocation routines, allocate and free an
+X509 structure, which represents an X509 certificate.
+
+X509_new() allocates and initializes a X509 structure.
+
+X509_free() frees up the B<X509> structure B<a>.
+
+=head1 RETURN VALUES
+
+If the allocation fails, X509_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+X509_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/bn.pod b/crypto/openssl/doc/crypto/bn.pod
index 1524bc2..210dfea 100644
--- a/crypto/openssl/doc/crypto/bn.pod
+++ b/crypto/openssl/doc/crypto/bn.pod
@@ -21,19 +21,27 @@ bn - multiprecision integer arithmetics
  BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
  BIGNUM *BN_dup(const BIGNUM *a);
 
+ BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
+
  int BN_num_bytes(const BIGNUM *a);
  int BN_num_bits(const BIGNUM *a);
  int BN_num_bits_word(BN_ULONG w);
 
- int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
  int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
  int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
  int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
          BN_CTX *ctx);
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
  int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
  int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
          BN_CTX *ctx);
+ int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
  int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
  int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
          const BIGNUM *m, BN_CTX *ctx);
@@ -54,7 +62,7 @@ bn - multiprecision integer arithmetics
 
  int BN_zero(BIGNUM *a);
  int BN_one(BIGNUM *a);
- BIGNUM *BN_value_one(void);
+ const BIGNUM *BN_value_one(void);
  int BN_set_word(BIGNUM *a, unsigned long w);
  unsigned long BN_get_word(BIGNUM *a);
 
@@ -139,7 +147,7 @@ of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
 L<bn_internal(3)|bn_internal(3)>,
 L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
 L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
-L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
 L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
 L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
 L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
diff --git a/crypto/openssl/doc/crypto/bn_internal.pod b/crypto/openssl/doc/crypto/bn_internal.pod
index 8da244a..9805a7c 100644
--- a/crypto/openssl/doc/crypto/bn_internal.pod
+++ b/crypto/openssl/doc/crypto/bn_internal.pod
@@ -34,9 +34,9 @@ library internal functions
    int nb);
  void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
  void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-   BN_ULONG *tmp);
+   int dna,int dnb,BN_ULONG *tmp);
  void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
-   int tn, int n, BN_ULONG *tmp);
+   int n, int tna,int tnb, BN_ULONG *tmp);
  void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
    int n2, BN_ULONG *tmp);
  void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
@@ -152,14 +152,15 @@ bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
 arrays B<r>, B<a> and B<b>.  It computes the B<n> low words of
 B<a>*B<b> and places the result in B<r>.
 
-bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2>
-word arrays B<a> and B<b> and the 2*B<n2> word arrays B<r> and B<t>.
-B<n2> must be a power of 2.  It computes B<a>*B<b> and places the
-result in B<r>.
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+word arrays B<r> and B<t>.  B<n2> must be a power of 2.  It computes
+B<a>*B<b> and places the result in B<r>.
 
-bn_mul_part_recursive(B<r>, B<a>, B<b>, B<tn>, B<n>, B<tmp>) operates
-on the B<n>+B<tn> word arrays B<a> and B<b> and the 4*B<n> word arrays
-B<r> and B<tmp>.
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
 
 bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
 B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
diff --git a/crypto/openssl/doc/crypto/crypto.pod b/crypto/openssl/doc/crypto/crypto.pod
index c12eec1..7a52799 100644
--- a/crypto/openssl/doc/crypto/crypto.pod
+++ b/crypto/openssl/doc/crypto/crypto.pod
@@ -62,6 +62,22 @@ L<txt_db(3)|txt_db(3)>
 
 =back
 
+=head1 NOTES
+
+Some of the newer functions follow a naming convention using the numbers
+B<0> and B<1>. For example the functions:
+
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+ int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+
+The B<0> version uses the supplied structure pointer directly
+in the parent and it will be freed up when the parent is freed.
+In the above example B<crl> would be freed but B<rev> would not.
+
+The B<1> function uses a copy of the supplied structure pointer
+(or in some cases increases its link count) in the parent and
+so both (B<x> and B<obj> above) should be freed up.
+
 =head1 SEE ALSO
 
 L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)>
diff --git a/crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod b/crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod
new file mode 100644
index 0000000..45bb184
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/objects.h>
+
+ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
+ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an ASN1 OBJECT IDENTIFIER.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_DHparams.pod b/crypto/openssl/doc/crypto/d2i_DHparams.pod
index a6d1743..1e98aeb 100644
--- a/crypto/openssl/doc/crypto/d2i_DHparams.pod
+++ b/crypto/openssl/doc/crypto/d2i_DHparams.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-d2i_DHparams, i2d_DHparams - ...
+d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
 
 =head1 SYNOPSIS
 
@@ -13,18 +13,18 @@ d2i_DHparams, i2d_DHparams - ...
 
 =head1 DESCRIPTION
 
-...
+These functions decode and encode PKCS#3 DH parameters using the
+DHparameter structure described in PKCS#3.
 
-=head1 RETURN VALUES
-
-...
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
 
 =head1 SEE ALSO
 
-...
+L<d2i_X509(3)|d2i_X509(3)>
 
 =head1 HISTORY
 
-...
+TBA
 
 =cut
diff --git a/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
new file mode 100644
index 0000000..6ebd304
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
+and parsing functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
+
+ int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
+components structure.
+
+d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a
+SubjectPublicKeyInfo (certificate public key) structure.
+
+d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
+components.
+
+d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
+a B<Dss-Parms> structure as defined in RFC2459.
+
+d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
+B<Dss-Sig-Value> structure as defined in RFC2459.
+
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 NOTES
+
+The B<DSA> structure passed to the private key encoding functions should have
+all the private key components present.
+
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security.
+
+The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
+functions when encoding public keys because they use a standard format.
+
+The B<DSAPublicKey> functions use an non standard format the actual data encoded
+depends on the value of the B<write_params> field of the B<a> key parameter.
+If B<write_params> is zero then only the B<pub_key> field is encoded as an
+B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
+B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
+
+The B<DSAPrivateKey> functions also use a non standard structure consiting
+consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
+B<priv_key> fields respectively.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod b/crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod
new file mode 100644
index 0000000..a54b779
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+=head1 DESCRIPTION
+
+The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
+PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
+
+Other than the use of DER as opposed to PEM these functions are identical to the
+corresponding B<PEM> function as described in the L<pem(3)|pem(3)> manual page.
+
+=head1 NOTES
+
+Before using these functions L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+should be called to initialize the internal algorithm lookup tables otherwise errors about
+unknown algorithms will occur if an attempt is made to decrypt a private key. 
+
+These functions are currently the only way to store encrypted private keys using DER format.
+
+Currently all the functions use BIOs or FILE pointers, there are no functions which
+work directly on memory: this can be readily worked around by converting the buffers
+to memory BIOs, see L<BIO_s_mem(3)|BIO_s_mem(3)> for details.
+
+=head1 SEE ALSO
+
+L<pem(3)|pem(3)>
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
index ff4d0d5..7c71bcb 100644
--- a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
+++ b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ...
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
+d2i_Netscape_RSA - RSA public and private key encoding functions.
 
 =head1 SYNOPSIS
 
@@ -12,6 +14,10 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne
 
  int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
 
+ RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+
  RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
 
  int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
@@ -22,18 +28,39 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne
 
 =head1 DESCRIPTION
 
-...
+d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
+structure.
+
+d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a
+SubjectPublicKeyInfo (certificate public key) structure.
+
+d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
+structure.
+
+d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
+NET format.
+
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 NOTES
+
+The B<RSA> structure passed to the private key encoding functions should have
+all the PKCS#1 private key components present.
 
-=head1 RETURN VALUES
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security. 
 
-...
+The NET format functions are present to provide compatibility with certain very
+old software. This format has some severe security weaknesses and should be
+avoided if possible.
 
 =head1 SEE ALSO
 
-...
+L<d2i_X509(3)|d2i_X509(3)>
 
 =head1 HISTORY
 
-...
+TBA
 
 =cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509.pod b/crypto/openssl/doc/crypto/d2i_X509.pod
new file mode 100644
index 0000000..5e3c3d0
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_X509.pod
@@ -0,0 +1,231 @@
+=pod
+
+=head1 NAME
+
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+i2d_X509_fp - X509 encode and decode functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509 *d2i_X509(X509 **px, unsigned char **in, int len);
+ int i2d_X509(X509 *x, unsigned char **out);
+
+ X509 *d2i_X509_bio(BIO *bp, X509 **x);
+ X509 *d2i_X509_fp(FILE *fp, X509 **x);
+
+ int i2d_X509_bio(X509 *x, BIO *bp);
+ int i2d_X509_fp(X509 *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+The X509 encode and decode routines encode and parse an
+B<X509> structure, which represents an X509 certificate.
+
+d2i_X509() attempts to decode B<len> bytes at B<*out>. If 
+successful a pointer to the B<X509> structure is returned. If an error
+occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+returned structure is written to B<*px>. If B<*px> is not B<NULL>
+then it is assumed that B<*px> contains a valid B<X509>
+structure and an attempt is made to reuse it. If the call is
+successful B<*out> is incremented to the byte following the
+parsed data.
+
+i2d_X509() encodes the structure pointed to by B<x> into DER format.
+If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+at B<*out>, and increments it to point after the data just written.
+If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data. 
+
+For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
+allocated for a buffer and the encoded data written to it. In this
+case B<*out> is not incremented and it points to the start of the
+data just written.
+
+d2i_X509_bio() is similar to d2i_X509() except it attempts
+to parse data from BIO B<bp>.
+
+d2i_X509_fp() is similar to d2i_X509() except it attempts
+to parse data from FILE pointer B<fp>.
+
+i2d_X509_bio() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+i2d_X509_fp() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+=head1 NOTES
+
+The letters B<i> and B<d> in for example B<i2d_X509> stand for
+"internal" (that is an internal C structure) and "DER". So that
+B<i2d_X509> converts from internal to DER.
+
+The functions can also understand B<BER> forms.
+
+The actual X509 structure passed to i2d_X509() must be a valid
+populated B<X509> structure it can B<not> simply be fed with an
+empty structure such as that returned by X509_new().
+
+The encoded data is in binary form and may contain embedded zeroes.
+Therefore any FILE pointers or BIOs should be opened in binary mode.
+Functions such as B<strlen()> will B<not> return the correct length
+of the encoded structure.
+
+The ways that B<*in> and B<*out> are incremented after the operation
+can trap the unwary. See the B<WARNINGS> section for some common
+errors.
+
+The reason for the auto increment behaviour is to reflect a typical
+usage of ASN1 functions: after one structure is encoded or decoded
+another will processed after it.
+
+=head1 EXAMPLES
+
+Allocate and encode the DER encoding of an X509 structure:
+
+ int len;
+ unsigned char *buf, *p;
+
+ len = i2d_X509(x, NULL);
+
+ buf = OPENSSL_malloc(len);
+
+ if (buf == NULL)
+	/* error */
+
+ p = buf;
+
+ i2d_X509(x, &p);
+
+If you are using OpenSSL 0.9.7 or later then this can be
+simplified to:
+
+
+ int len;
+ unsigned char *buf;
+
+ buf = NULL;
+
+ len = i2d_X509(x, &buf);
+
+ if (len < 0)
+	/* error */
+
+Attempt to decode a buffer:
+
+ X509 *x;
+
+ unsigned char *buf, *p;
+
+ int len;
+
+ /* Something to setup buf and len */
+
+ p = buf;
+
+ x = d2i_X509(NULL, &p, len);
+
+ if (x == NULL)
+    /* Some error */
+
+Alternative technique:
+
+ X509 *x;
+
+ unsigned char *buf, *p;
+
+ int len;
+
+ /* Something to setup buf and len */
+
+ p = buf;
+
+ x = NULL;
+
+ if(!d2i_X509(&x, &p, len))
+    /* Some error */
+
+
+=head1 WARNINGS
+
+The use of temporary variable is mandatory. A common
+mistake is to attempt to use a buffer directly as follows:
+
+ int len;
+ unsigned char *buf;
+
+ len = i2d_X509(x, NULL);
+
+ buf = OPENSSL_malloc(len);
+
+ if (buf == NULL)
+	/* error */
+
+ i2d_X509(x, &buf);
+
+ /* Other stuff ... */
+
+ OPENSSL_free(buf);
+
+This code will result in B<buf> apparently containing garbage because
+it was incremented after the call to point after the data just written.
+Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
+and the subsequent call to B<OPENSSL_free()> may well crash.
+
+The auto allocation feature (setting buf to NULL) only works on OpenSSL
+0.9.7 and later. Attempts to use it on earlier versions will typically
+cause a segmentation violation.
+
+Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
+
+ X509 *x;
+
+ if (!d2i_X509(&x, &p, len))
+	/* Some error */
+
+This will probably crash somewhere in B<d2i_X509()>. The reason for this
+is that the variable B<x> is uninitialized and an attempt will be made to
+interpret its (invalid) value as an B<X509> structure, typically causing
+a segmentation violation. If B<x> is set to NULL first then this will not
+happen.
+
+=head1 BUGS
+
+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
+B<*px> is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. As a result the use
+of this "reuse" behaviour is strongly discouraged.
+
+i2d_X509() will not return an error in many versions of OpenSSL,
+if mandatory fields are not initialized due to a programming error
+then the encoded structure may contain invalid data or omit the
+fields entirely and will not be parsed by d2i_X509(). This may be
+fixed in future so code should not assume that i2d_X509() will
+always succeed.
+
+=head1 RETURN VALUES
+
+d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+or B<NULL> if an error occurs. The error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
+successfully encoded or a negative value if an error occurs. The error code
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
+occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
+are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod b/crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod
new file mode 100644
index 0000000..9e5cd92
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
+ int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an B<X509_ALGOR> structure which is
+equivalent to the B<AlgorithmIdentifier> structure.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_CRL.pod b/crypto/openssl/doc/crypto/d2i_X509_CRL.pod
new file mode 100644
index 0000000..06c5b23
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_X509_CRL.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length);
+ int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
+
+ X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
+ X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
+
+ int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
+ int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an X509 CRL (certificate revocation
+list).
+
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_NAME.pod b/crypto/openssl/doc/crypto/d2i_X509_NAME.pod
new file mode 100644
index 0000000..343ffe1
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_X509_NAME.pod
@@ -0,0 +1,31 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
+ int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an B<X509_NAME> structure which is the
+the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
+for example in certificate subject and issuer names.
+
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_REQ.pod b/crypto/openssl/doc/crypto/d2i_X509_REQ.pod
new file mode 100644
index 0000000..be4ad68
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_X509_REQ.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length);
+ int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
+
+ X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
+ X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
+
+ int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
+ int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode a PKCS#10 certificate request.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_SIG.pod b/crypto/openssl/doc/crypto/d2i_X509_SIG.pod
new file mode 100644
index 0000000..e48fd79
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_X509_SIG.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
+ int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an X509_SIG structure which is
+equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/crypto/openssl/doc/crypto/des.pod b/crypto/openssl/doc/crypto/des.pod
index 9908039..528c73a 100644
--- a/crypto/openssl/doc/crypto/des.pod
+++ b/crypto/openssl/doc/crypto/des.pod
@@ -2,113 +2,105 @@
 
 =head1 NAME
 
-des_random_key, des_set_key, des_key_sched, des_set_key_checked,
-des_set_key_unchecked, des_set_odd_parity, des_is_weak_key,
-des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt,
-des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt,
-des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt,
-des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt,
-des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt,
-des_read_password, des_read_2passwords, des_read_pw_string,
-des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys,
-des_fcrypt, des_crypt, des_enc_read, des_enc_write - DES encryption
+DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
+DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
+DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
+DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
+DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
+DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
+DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
 
 =head1 SYNOPSIS
 
  #include <openssl/des.h>
 
- void des_random_key(des_cblock *ret);
+ void DES_random_key(DES_cblock *ret);
 
- int des_set_key(const_des_cblock *key, des_key_schedule schedule);
- int des_key_sched(const_des_cblock *key, des_key_schedule schedule);
- int des_set_key_checked(const_des_cblock *key,
-        des_key_schedule schedule);
- void des_set_key_unchecked(const_des_cblock *key,
-        des_key_schedule schedule);
+ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key,
+        DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key,
+        DES_key_schedule *schedule);
 
- void des_set_odd_parity(des_cblock *key);
- int des_is_weak_key(const_des_cblock *key);
+ void DES_set_odd_parity(DES_cblock *key);
+ int DES_is_weak_key(const_DES_cblock *key);
 
- void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, 
-        des_key_schedule ks, int enc);
- void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, 
-        des_key_schedule ks1, des_key_schedule ks2, int enc);
- void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, 
-        des_key_schedule ks1, des_key_schedule ks2, 
-        des_key_schedule ks3, int enc);
+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, 
+        DES_key_schedule *ks, int enc);
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, 
+        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, 
+        DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        DES_key_schedule *ks3, int enc);
 
- void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
-        long length, des_key_schedule schedule, des_cblock *ivec, 
+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
         int enc);
- void des_cfb_encrypt(const unsigned char *in, unsigned char *out,
-        int numbits, long length, des_key_schedule schedule,
-        des_cblock *ivec, int enc);
- void des_ofb_encrypt(const unsigned char *in, unsigned char *out,
-        int numbits, long length, des_key_schedule schedule,
-        des_cblock *ivec);
- void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
-        long length, des_key_schedule schedule, des_cblock *ivec, 
+ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+        int numbits, long length, DES_key_schedule *schedule,
+        DES_cblock *ivec, int enc);
+ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+        int numbits, long length, DES_key_schedule *schedule,
+        DES_cblock *ivec);
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
         int enc);
- void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-        long length, des_key_schedule schedule, des_cblock *ivec,
+ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
         int *num, int enc);
- void des_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-        long length, des_key_schedule schedule, des_cblock *ivec,
+ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
         int *num);
 
- void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
-        long length, des_key_schedule schedule, des_cblock *ivec, 
-        const_des_cblock *inw, const_des_cblock *outw, int enc);
-
- void des_ede2_cbc_encrypt(const unsigned char *input,
-        unsigned char *output, long length, des_key_schedule ks1,
-        des_key_schedule ks2, des_cblock *ivec, int enc);
- void des_ede2_cfb64_encrypt(const unsigned char *in,
-        unsigned char *out, long length, des_key_schedule ks1,
-        des_key_schedule ks2, des_cblock *ivec, int *num, int enc);
- void des_ede2_ofb64_encrypt(const unsigned char *in,
-        unsigned char *out, long length, des_key_schedule ks1,
-        des_key_schedule ks2, des_cblock *ivec, int *num);
-
- void des_ede3_cbc_encrypt(const unsigned char *input,
-        unsigned char *output, long length, des_key_schedule ks1,
-        des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec,
+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+
+ void DES_ede2_cbc_encrypt(const unsigned char *input,
+        unsigned char *output, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+ void DES_ede2_cfb64_encrypt(const unsigned char *in,
+        unsigned char *out, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
+ void DES_ede2_ofb64_encrypt(const unsigned char *in,
+        unsigned char *out, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+
+ void DES_ede3_cbc_encrypt(const unsigned char *input,
+        unsigned char *output, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
         int enc);
- void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
-        long length, des_key_schedule ks1, des_key_schedule ks2, 
-        des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, 
+ void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, 
         int enc);
- void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
-        long length, des_key_schedule ks1, des_key_schedule ks2,
-        des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
- void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
-        long length, des_key_schedule ks1, 
-        des_key_schedule ks2, des_key_schedule ks3, 
-        des_cblock *ivec, int *num);
-
- int des_read_password(des_cblock *key, const char *prompt, int verify);
- int des_read_2passwords(des_cblock *key1, des_cblock *key2, 
-        const char *prompt, int verify);
- int des_read_pw_string(char *buf, int length, const char *prompt,
-        int verify);
-
- DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, 
-        long length, des_key_schedule schedule, 
-        const_des_cblock *ivec);
- DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], 
-        long length, int out_count, des_cblock *seed);
- void des_string_to_key(const char *str, des_cblock *key);
- void des_string_to_2keys(const char *str, des_cblock *key1,
-        des_cblock *key2);
-
- char *des_fcrypt(const char *buf, const char *salt, char *ret);
- char *des_crypt(const char *buf, const char *salt);
- char *crypt(const char *buf, const char *salt);
-
- int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
-        des_cblock *iv);
- int des_enc_write(int fd, const void *buf, int len,
-        des_key_schedule sched, des_cblock *iv);
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+        long length, DES_key_schedule *ks1, 
+        DES_key_schedule *ks2, DES_key_schedule *ks3, 
+        DES_cblock *ivec, int *num);
+
+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, 
+        long length, DES_key_schedule *schedule, 
+        const_DES_cblock *ivec);
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], 
+        long length, int out_count, DES_cblock *seed);
+ void DES_string_to_key(const char *str, DES_cblock *key);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1,
+        DES_cblock *key2);
+
+ char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+ char *DES_crypt(const char *buf, const char *salt);
+
+ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+        DES_cblock *iv);
+ int DES_enc_write(int fd, const void *buf, int len,
+        DES_key_schedule *sched, DES_cblock *iv);
 
 =head1 DESCRIPTION
 
@@ -116,56 +108,52 @@ This library contains a fast implementation of the DES encryption
 algorithm.
 
 There are two phases to the use of DES encryption.  The first is the
-generation of a I<des_key_schedule> from a key, the second is the
-actual encryption.  A DES key is of type I<des_cblock>. This type is
+generation of a I<DES_key_schedule> from a key, the second is the
+actual encryption.  A DES key is of type I<DES_cblock>. This type is
 consists of 8 bytes with odd parity.  The least significant bit in
 each byte is the parity bit.  The key schedule is an expanded form of
 the key; it is used to speed the encryption process.
 
-des_random_key() generates a random key.  The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>; for backward
-compatibility the function des_random_seed() is available as well).
-If the PRNG could not generate a secure key, 0 is returned.  In
-earlier versions of the library, des_random_key() did not generate
-secure keys.
+DES_random_key() generates a random key.  The PRNG must be seeded
+prior to using this function (see L<rand(3)|rand(3)>).  If the PRNG
+could not generate a secure key, 0 is returned.
 
 Before a DES key can be used, it must be converted into the
-architecture dependent I<des_key_schedule> via the
-des_set_key_checked() or des_set_key_unchecked() function.
+architecture dependent I<DES_key_schedule> via the
+DES_set_key_checked() or DES_set_key_unchecked() function.
 
-des_set_key_checked() will check that the key passed is of odd parity
+DES_set_key_checked() will check that the key passed is of odd parity
 and is not a week or semi-weak key.  If the parity is wrong, then -1
 is returned.  If the key is a weak key, then -2 is returned.  If an
 error is returned, the key schedule is not generated.
 
-des_set_key() (called des_key_sched() in the MIT library) works like
-des_set_key_checked() if the I<des_check_key> flag is non-zero,
-otherwise like des_set_key_unchecked().  These functions are available
+DES_set_key() works like
+DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
+otherwise like DES_set_key_unchecked().  These functions are available
 for compatibility; it is recommended to use a function that does not
 depend on a global variable.
 
-des_set_odd_parity() (called des_fixup_key_parity() in the MIT
-library) sets the parity of the passed I<key> to odd.
+DES_set_odd_parity() sets the parity of the passed I<key> to odd.
 
-des_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
+DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
 is ok.  The probability that a randomly generated key is weak is
 1/2^52, so it is not really worth checking for them.
 
 The following routines mostly operate on an input and output stream of
-I<des_cblock>s.
+I<DES_cblock>s.
 
-des_ecb_encrypt() is the basic DES encryption routine that encrypts or
-decrypts a single 8-byte I<des_cblock> in I<electronic code book>
+DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
+decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
 (ECB) mode.  It always transforms the input data, pointed to by
 I<input>, into the output data, pointed to by the I<output> argument.
 If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
 (cleartext) is encrypted in to the I<output> (ciphertext) using the
 key_schedule specified by the I<schedule> argument, previously set via
-I<des_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
+I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
 ciphertext) is decrypted into the I<output> (now cleartext).  Input
-and output may overlap.  des_ecb_encrypt() does not return a value.
+and output may overlap.  DES_ecb_encrypt() does not return a value.
 
-des_ecb3_encrypt() encrypts/decrypts the I<input> block by using
+DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
 three-key Triple-DES encryption in ECB mode.  This involves encrypting
 the input with I<ks1>, decrypting with the key schedule I<ks2>, and
 then encrypting with I<ks3>.  This routine greatly reduces the chances
@@ -173,10 +161,10 @@ of brute force breaking of DES and has the advantage of if I<ks1>,
 I<ks2> and I<ks3> are the same, it is equivalent to just encryption
 using ECB mode and I<ks1> as the key.
 
-The macro des_ecb2_encrypt() is provided to perform two-key Triple-DES
+The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
 encryption by using I<ks1> for the final encryption.
 
-des_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
+DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
 (CBC) mode of DES.  If the I<encrypt> argument is non-zero, the
 routine cipher-block-chain encrypts the cleartext data pointed to by
 the I<input> argument into the ciphertext pointed to by the I<output>
@@ -186,24 +174,24 @@ I<length> argument is not an integral multiple of eight bytes, the
 last block is copied to a temporary area and zero filled.  The output
 is always an integral multiple of eight bytes.
 
-des_xcbc_encrypt() is RSA's DESX mode of DES.  It uses I<inw> and
+DES_xcbc_encrypt() is RSA's DESX mode of DES.  It uses I<inw> and
 I<outw> to 'whiten' the encryption.  I<inw> and I<outw> are secret
 (unlike the iv) and are as such, part of the key.  So the key is sort
 of 24 bytes.  This is much better than CBC DES.
 
-des_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
+DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
 three keys. This means that each DES operation inside the CBC mode is
 really an C<C=E(ks3,D(ks2,E(ks1,M)))>.  This mode is used by SSL.
 
-The des_ede2_cbc_encrypt() macro implements two-key Triple-DES by
+The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
 reusing I<ks1> for the final encryption.  C<C=E(ks1,D(ks2,E(ks1,M)))>.
 This form of Triple-DES is used by the RSAREF library.
 
-des_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
 chaining mode used by Kerberos v4. Its parameters are the same as
-des_ncbc_encrypt().
+DES_ncbc_encrypt().
 
-des_cfb_encrypt() encrypt/decrypts using cipher feedback mode.  This
+DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode.  This
 method takes an array of characters as input and outputs and array of
 characters.  It does not require any padding to 8 character groups.
 Note: the I<ivec> variable is changed and the new changed value needs to
@@ -211,7 +199,7 @@ be passed to the next call to this function.  Since this function runs
 a complete DES ECB encryption per I<numbits>, this function is only
 suggested for use when sending small numbers of characters.
 
-des_cfb64_encrypt()
+DES_cfb64_encrypt()
 implements CFB mode of DES with 64bit feedback.  Why is this
 useful you ask?  Because this routine will allow you to encrypt an
 arbitrary number of bytes, no 8 byte padding.  Each call to this
@@ -219,10 +207,10 @@ routine will encrypt the input bytes to output and then update ivec
 and num.  num contains 'how far' we are though ivec.  If this does
 not make much sense, read more about cfb mode of DES :-).
 
-des_ede3_cfb64_encrypt() and des_ede2_cfb64_encrypt() is the same as
-des_cfb64_encrypt() except that Triple-DES is used.
+DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
+DES_cfb64_encrypt() except that Triple-DES is used.
 
-des_ofb_encrypt() encrypts using output feedback mode.  This method
+DES_ofb_encrypt() encrypts using output feedback mode.  This method
 takes an array of characters as input and outputs and array of
 characters.  It does not require any padding to 8 character groups.
 Note: the I<ivec> variable is changed and the new changed value needs to
@@ -230,39 +218,22 @@ be passed to the next call to this function.  Since this function runs
 a complete DES ECB encryption per numbits, this function is only
 suggested for use when sending small numbers of characters.
 
-des_ofb64_encrypt() is the same as des_cfb64_encrypt() using Output
+DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
 Feed Back mode.
 
-des_ede3_ofb64_encrypt() and des_ede2_ofb64_encrypt() is the same as
-des_ofb64_encrypt(), using Triple-DES.
+DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
+DES_ofb64_encrypt(), using Triple-DES.
 
 The following functions are included in the DES library for
-compatibility with the MIT Kerberos library. des_read_pw_string()
-is also available under the name EVP_read_pw_string().
-
-des_read_pw_string() writes the string specified by I<prompt> to
-standard output, turns echo off and reads in input string from the
-terminal.  The string is returned in I<buf>, which must have space for
-at least I<length> bytes.  If I<verify> is set, the user is asked for
-the password twice and unless the two copies match, an error is
-returned.  A return code of -1 indicates a system error, 1 failure due
-to use interaction, and 0 is success.
-
-des_read_password() does the same and converts the password to a DES
-key by calling des_string_to_key(); des_read_2password() operates in
-the same way as des_read_password() except that it generates two keys
-by using the des_string_to_2key() function.  des_string_to_key() is
-available for backward compatibility with the MIT library.  New
-applications should use a cryptographic hash function.  The same
-applies for des_string_to_2key().
-
-des_cbc_cksum() produces an 8 byte checksum based on the input stream
+compatibility with the MIT Kerberos library.
+
+DES_cbc_cksum() produces an 8 byte checksum based on the input stream
 (via CBC encryption).  The last 4 bytes of the checksum are returned
 and the complete 8 bytes are placed in I<output>. This function is
 used by Kerberos v4.  Other applications should use
 L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead.
 
-des_quad_cksum() is a Kerberos v4 function.  It returns a 4 byte
+DES_quad_cksum() is a Kerberos v4 function.  It returns a 4 byte
 checksum from the input bytes.  The algorithm can be iterated over the
 input, depending on I<out_count>, 1, 2, 3 or 4 times.  If I<output> is
 non-NULL, the 8 bytes generated by each pass are written into
@@ -270,19 +241,19 @@ I<output>.
 
 The following are DES-based transformations:
 
-des_fcrypt() is a fast version of the Unix crypt(3) function.  This
+DES_fcrypt() is a fast version of the Unix crypt(3) function.  This
 version takes only a small amount of space relative to other fast
 crypt() implementations.  This is different to the normal crypt in
 that the third parameter is the buffer that the return value is
 written into.  It needs to be at least 14 bytes long.  This function
 is thread safe, unlike the normal crypt.
 
-des_crypt() is a faster replacement for the normal system crypt().
-This function calls des_fcrypt() with a static array passed as the
+DES_crypt() is a faster replacement for the normal system crypt().
+This function calls DES_fcrypt() with a static array passed as the
 third parameter.  This emulates the normal non-thread safe semantics
 of crypt(3).
 
-des_enc_write() writes I<len> bytes to file descriptor I<fd> from
+DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
 buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
 using I<sched> for the key and I<iv> as a starting vector.  The actual
 data send down I<fd> consists of 4 bytes (in network byte order)
@@ -290,40 +261,40 @@ containing the length of the following encrypted data.  The encrypted
 data then follows, padded with random data out to a multiple of 8
 bytes.
 
-des_enc_read() is used to read I<len> bytes from file descriptor
+DES_enc_read() is used to read I<len> bytes from file descriptor
 I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to
-have come from des_enc_write() and is decrypted using I<sched> for
+have come from DES_enc_write() and is decrypted using I<sched> for
 the key schedule and I<iv> for the initial vector.
 
-B<Warning:> The data format used by des_enc_write() and des_enc_read()
+B<Warning:> The data format used by DES_enc_write() and DES_enc_read()
 has a cryptographic weakness: When asked to write more than MAXWRITE
-bytes, des_enc_write() will split the data into several chunks that
+bytes, DES_enc_write() will split the data into several chunks that
 are all encrypted using the same IV.  So don't use these functions
 unless you are sure you know what you do (in which case you might not
 want to use them anyway).  They cannot handle non-blocking sockets.
-des_enc_read() uses an internal state and thus cannot be used on
+DES_enc_read() uses an internal state and thus cannot be used on
 multiple files.
 
-I<des_rw_mode> is used to specify the encryption mode to use with
-des_enc_read() and des_end_write().  If set to I<DES_PCBC_MODE> (the
-default), des_pcbc_encrypt is used.  If set to I<DES_CBC_MODE>
-des_cbc_encrypt is used.
+I<DES_rw_mode> is used to specify the encryption mode to use with
+DES_enc_read() and DES_end_write().  If set to I<DES_PCBC_MODE> (the
+default), DES_pcbc_encrypt is used.  If set to I<DES_CBC_MODE>
+DES_cbc_encrypt is used.
 
 =head1 NOTES
 
 Single-key DES is insecure due to its short key size.  ECB mode is
-not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
+not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
 
 The L<evp(3)|evp(3)> library provides higher-level encryption functions.
 
 =head1 BUGS
 
-des_3cbc_encrypt() is flawed and must not be used in applications.
+DES_3cbc_encrypt() is flawed and must not be used in applications.
 
-des_cbc_encrypt() does not modify B<ivec>; use des_ncbc_encrypt()
+DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
 instead.
 
-des_cfb_encrypt() and des_ofb_encrypt() operates on input of 8 bits.
+DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
 What this means is that if you set numbits to 12, and length to 2, the
 first 12 bits will come from the 1st input byte and the low half of
 the second input byte.  The second 12 bits will have the low 8 bits
@@ -333,8 +304,9 @@ implemented this way because most people will be using a multiple of 8
 and because once you get into pulling bytes input bytes apart things
 get ugly!
 
-des_read_pw_string() is the most machine/OS dependent function and
-normally generates the most problems when porting this code.
+DES_string_to_key() is available for backward compatibility with the
+MIT library.  New applications should use a cryptographic hash function.
+The same applies for DES_string_to_2key().
 
 =head1 CONFORMING TO
 
@@ -349,10 +321,20 @@ crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
 
 =head1 HISTORY
 
+In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
+clashes with older versions of libdes.  Compatibility des_ functions
+are provided for a short while, as well as crypt().
+Declarations for these are in <openssl/des_old.h>. There is no DES_
+variant for des_random_seed().
+This will happen to other functions
+as well if they are deemed redundant (des_random_seed() just calls
+RAND_seed() and is present for backward compatibility only), buggy or
+already scheduled for removal.
+
 des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
 des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
-des_quad_cksum(), des_random_key(), des_read_password() and
-des_string_to_key() are available in the MIT Kerberos library;
+des_quad_cksum(), des_random_key() and des_string_to_key()
+are available in the MIT Kerberos library;
 des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
 are available in newer versions of that library.
 
diff --git a/crypto/openssl/doc/crypto/dh.pod b/crypto/openssl/doc/crypto/dh.pod
index 0a9b7c0..c3ccd06 100644
--- a/crypto/openssl/doc/crypto/dh.pod
+++ b/crypto/openssl/doc/crypto/dh.pod
@@ -7,24 +7,25 @@ dh - Diffie-Hellman key agreement
 =head1 SYNOPSIS
 
  #include <openssl/dh.h>
+ #include <openssl/engine.h>
 
  DH *	DH_new(void);
  void	DH_free(DH *dh);
 
- int	DH_size(DH *dh);
+ int	DH_size(const DH *dh);
 
  DH *	DH_generate_parameters(int prime_len, int generator,
 		void (*callback)(int, int, void *), void *cb_arg);
- int	DH_check(DH *dh, int *codes);
+ int	DH_check(const DH *dh, int *codes);
 
  int	DH_generate_key(DH *dh);
  int	DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
 
- void DH_set_default_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
- DH *DH_new_method(DH_METHOD *meth);
- DH_METHOD *DH_OpenSSL(void);
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
+ const DH_METHOD *DH_OpenSSL(void);
 
  int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	     int (*dup_func)(), void (*free_func)());
@@ -32,10 +33,10 @@ dh - Diffie-Hellman key agreement
  char *DH_get_ex_data(DH *d, int idx);
 
  DH *	d2i_DHparams(DH **a, unsigned char **pp, long length);
- int	i2d_DHparams(DH *a, unsigned char **pp);
+ int	i2d_DHparams(const DH *a, unsigned char **pp);
 
- int	DHparams_print_fp(FILE *fp, DH *x);
- int	DHparams_print(BIO *bp, DH *x);
+ int	DHparams_print_fp(FILE *fp, const DH *x);
+ int	DHparams_print(BIO *bp, const DH *x);
 
 =head1 DESCRIPTION
 
@@ -56,11 +57,20 @@ The B<DH> structure consists of several BIGNUM components.
         };
  DH
 
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 SEE ALSO
 
 L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
-L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
 L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
 L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
 L<RSA_print(3)|RSA_print(3)> 
diff --git a/crypto/openssl/doc/crypto/dsa.pod b/crypto/openssl/doc/crypto/dsa.pod
index 2c09244..da07d2b 100644
--- a/crypto/openssl/doc/crypto/dsa.pod
+++ b/crypto/openssl/doc/crypto/dsa.pod
@@ -7,17 +7,18 @@ dsa - Digital Signature Algorithm
 =head1 SYNOPSIS
 
  #include <openssl/dsa.h>
+ #include <openssl/engine.h>
 
  DSA *	DSA_new(void);
  void	DSA_free(DSA *dsa);
 
- int	DSA_size(DSA *dsa);
+ int	DSA_size(const DSA *dsa);
 
  DSA *	DSA_generate_parameters(int bits, unsigned char *seed,
                 int seed_len, int *counter_ret, unsigned long *h_ret,
 		void (*callback)(int, int, void *), void *cb_arg);
 
- DH *	DSA_dup_DH(DSA *r);
+ DH *	DSA_dup_DH(const DSA *r);
 
  int	DSA_generate_key(DSA *dsa);
 
@@ -26,13 +27,13 @@ dsa - Digital Signature Algorithm
  int	DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
                 BIGNUM **rp);
  int	DSA_verify(int dummy, const unsigned char *dgst, int len,
-		unsigned char *sigbuf, int siglen, DSA *dsa);
+		const unsigned char *sigbuf, int siglen, DSA *dsa);
 
- void DSA_set_default_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
- DSA *DSA_new_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_OpenSSL(void);
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
+ const DSA_METHOD *DSA_OpenSSL(void);
 
  int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	     int (*dup_func)(), void (*free_func)());
@@ -41,7 +42,7 @@ dsa - Digital Signature Algorithm
 
  DSA_SIG *DSA_SIG_new(void);
  void	DSA_SIG_free(DSA_SIG *a);
- int	i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+ int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
  DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
 
  DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
@@ -51,14 +52,14 @@ dsa - Digital Signature Algorithm
  DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
  DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
  DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
- int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
- int	i2d_DSAparams(DSA *a,unsigned char **pp);
+ int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int	i2d_DSAparams(const DSA *a,unsigned char **pp);
 
- int	DSAparams_print(BIO *bp, DSA *x);
- int	DSAparams_print_fp(FILE *fp, DSA *x);
- int	DSA_print(BIO *bp, DSA *x, int off);
- int	DSA_print_fp(FILE *bp, DSA *x, int off);
+ int	DSAparams_print(BIO *bp, const DSA *x);
+ int	DSAparams_print_fp(FILE *fp, const DSA *x);
+ int	DSA_print(BIO *bp, const DSA *x, int off);
+ int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 
 =head1 DESCRIPTION
 
@@ -84,6 +85,14 @@ The B<DSA> structure consists of several BIGNUM components.
 
 In public keys, B<priv_key> is NULL.
 
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 CONFORMING TO
 
 US Federal Information Processing Standard FIPS 186 (Digital Signature
@@ -92,7 +101,8 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/crypto/openssl/doc/crypto/engine.pod b/crypto/openssl/doc/crypto/engine.pod
new file mode 100644
index 0000000..c77dad5
--- /dev/null
+++ b/crypto/openssl/doc/crypto/engine.pod
@@ -0,0 +1,621 @@
+=pod
+
+=head1 NAME
+
+engine - ENGINE cryptographic module support
+
+=head1 SYNOPSIS
+
+ #include <openssl/engine.h>
+
+ ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
+
+ int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
+
+ ENGINE *ENGINE_by_id(const char *id);
+
+ int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
+
+ void ENGINE_load_openssl(void);
+ void ENGINE_load_dynamic(void);
+ void ENGINE_load_cswift(void);
+ void ENGINE_load_chil(void);
+ void ENGINE_load_atalla(void);
+ void ENGINE_load_nuron(void);
+ void ENGINE_load_ubsec(void);
+ void ENGINE_load_aep(void);
+ void ENGINE_load_sureware(void);
+ void ENGINE_load_4758cca(void);
+ void ENGINE_load_openbsd_dev_crypto(void);
+ void ENGINE_load_builtin_engines(void);
+
+ void ENGINE_cleanup(void);
+
+ ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
+
+ int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
+
+ int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+ unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
+
+ int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
+
+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+         long i, void *p, void (*f)(), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                 int cmd_optional);
+
+ int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+ void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+
+ int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+
+ const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+
+ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+
+ void ENGINE_add_conf_module(void);
+
+=head1 DESCRIPTION
+
+These functions create, manipulate, and use cryptographic modules in the
+form of B<ENGINE> objects. These objects act as containers for
+implementations of cryptographic algorithms, and support a
+reference-counted mechanism to allow them to be dynamically loaded in and
+out of the running application.
+
+The cryptographic functionality that can be provided by an B<ENGINE>
+implementation includes the following abstractions;
+
+ RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
+
+=head2 Reference counting and handles
+
+Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
+treated as handles - ie. not only as pointers, but also as references to
+the underlying ENGINE object. Ie. you should obtain a new reference when
+making copies of an ENGINE pointer if the copies will be used (and
+released) independantly.
+
+ENGINE objects have two levels of reference-counting to match the way in
+which the objects are used. At the most basic level, each ENGINE pointer is
+inherently a B<structural> reference - you need a structural reference
+simply to refer to the pointer value at all, as this kind of reference is
+your guarantee that the structure can not be deallocated until you release
+your reference.
+
+However, a structural reference provides no guarantee that the ENGINE has
+been initiliased to be usable to perform any of its cryptographic
+implementations - and indeed it's quite possible that most ENGINEs will not
+initialised at all on standard setups, as ENGINEs are typically used to
+support specialised hardware. To use an ENGINE's functionality, you need a
+B<functional> reference. This kind of reference can be considered a
+specialised form of structural reference, because each functional reference
+implicitly contains a structural reference as well - however to avoid
+difficult-to-find programming bugs, it is recommended to treat the two
+kinds of reference independantly. If you have a functional reference to an
+ENGINE, you have a guarantee that the ENGINE has been initialised ready to
+perform cryptographic operations and will not be uninitialised or cleaned
+up until after you have released your reference.
+
+We will discuss the two kinds of reference separately, including how to
+tell which one you are dealing with at any given point in time (after all
+they are both simply (ENGINE *) pointers, the difference is in the way they
+are used).
+
+I<Structural references>
+
+This basic type of reference is typically used for creating new ENGINEs
+dynamically, iterating across OpenSSL's internal linked-list of loaded
+ENGINEs, reading information about an ENGINE, etc. Essentially a structural
+reference is sufficient if you only need to query or manipulate the data of
+an ENGINE implementation rather than use its functionality.
+
+The ENGINE_new() function returns a structural reference to a new (empty)
+ENGINE object. Other than that, structural references come from return
+values to various ENGINE API functions such as; ENGINE_by_id(),
+ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(),
+ENGINE_get_prev(). All structural references should be released by a
+corresponding to call to the ENGINE_free() function - the ENGINE object
+itself will only actually be cleaned up and deallocated when the last
+structural reference is released.
+
+It should also be noted that many ENGINE API function calls that accept a
+structural reference will internally obtain another reference - typically
+this happens whenever the supplied ENGINE will be needed by OpenSSL after
+the function has returned. Eg. the function to add a new ENGINE to
+OpenSSL's internal list is ENGINE_add() - if this function returns success,
+then OpenSSL will have stored a new structural reference internally so the
+caller is still responsible for freeing their own reference with
+ENGINE_free() when they are finished with it. In a similar way, some
+functions will automatically release the structural reference passed to it
+if part of the function's job is to do so. Eg. the ENGINE_get_next() and
+ENGINE_get_prev() functions are used for iterating across the internal
+ENGINE list - they will return a new structural reference to the next (or
+previous) ENGINE in the list or NULL if at the end (or beginning) of the
+list, but in either case the structural reference passed to the function is
+released on behalf of the caller.
+
+To clarify a particular function's handling of references, one should
+always consult that function's documentation "man" page, or failing that
+the openssl/engine.h header file includes some hints.
+
+I<Functional references>
+
+As mentioned, functional references exist when the cryptographic
+functionality of an ENGINE is required to be available. A functional
+reference can be obtained in one of two ways; from an existing structural
+reference to the required ENGINE, or by asking OpenSSL for the default
+operational ENGINE for a given cryptographic purpose.
+
+To obtain a functional reference from an existing structural reference,
+call the ENGINE_init() function. This returns zero if the ENGINE was not
+already operational and couldn't be successfully initialised (eg. lack of
+system drivers, no special hardware attached, etc), otherwise it will
+return non-zero to indicate that the ENGINE is now operational and will
+have allocated a new B<functional> reference to the ENGINE. In this case,
+the supplied ENGINE pointer is, from the point of the view of the caller,
+both a structural reference and a functional reference - so if the caller
+intends to use it as a functional reference it should free the structural
+reference with ENGINE_free() first. If the caller wishes to use it only as
+a structural reference (eg. if the ENGINE_init() call was simply to test if
+the ENGINE seems available/online), then it should free the functional
+reference; all functional references are released by the ENGINE_finish()
+function.
+
+The second way to get a functional reference is by asking OpenSSL for a
+default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
+section, though they are not usually required by application programmers as
+they are used automatically when creating and using the relevant
+algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
+
+=head2 Default implementations
+
+For each supported abstraction, the ENGINE code maintains an internal table
+of state to control which implementations are available for a given
+abstraction and which should be used by default. These implementations are
+registered in the tables separated-out by an 'nid' index, because
+abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
+algorithms and modes - ENGINEs will support different numbers and
+combinations of these. In the case of other abstractions like RSA, DSA,
+etc, there is only one "algorithm" so all implementations implicitly
+register using the same 'nid' index. ENGINEs can be B<registered> into
+these tables to make themselves available for use automatically by the
+various abstractions, eg. RSA. For illustrative purposes, we continue with
+the RSA example, though all comments apply similarly to the other
+abstractions (they each get their own table and linkage to the
+corresponding section of openssl code).
+
+When a new RSA key is being created, ie. in RSA_new_method(), a
+"get_default" call will be made to the ENGINE subsystem to process the RSA
+state table and return a functional reference to an initialised ENGINE
+whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it
+will return NULL and the RSA key will operate with a NULL ENGINE handle by
+using the conventional RSA implementation in OpenSSL (and will from then on
+behave the way it used to before the ENGINE API existed - for details see
+L<RSA_new_method(3)|RSA_new_method(3)>).
+
+Each state table has a flag to note whether it has processed this
+"get_default" query since the table was last modified, because to process
+this question it must iterate across all the registered ENGINEs in the
+table trying to initialise each of them in turn, in case one of them is
+operational. If it returns a functional reference to an ENGINE, it will
+also cache another reference to speed up processing future queries (without
+needing to iterate across the table). Likewise, it will cache a NULL
+response if no ENGINE was available so that future queries won't repeat the
+same iteration unless the state table changes. This behaviour can also be
+changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
+ENGINE_set_table_flags()), no attempted initialisations will take place,
+instead the only way for the state table to return a non-NULL ENGINE to the
+"get_default" query will be if one is expressly set in the table. Eg.
+ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
+that it also sets the state table's cached response for the "get_default"
+query.
+
+In the case of abstractions like EVP_CIPHER, where implementations are
+indexed by 'nid', these flags and cached-responses are distinct for each
+'nid' value.
+
+It is worth illustrating the difference between "registration" of ENGINEs
+into these per-algorithm state tables and using the alternative
+"set_default" functions. The latter handles both "registration" and also
+setting the cached "default" ENGINE in each relevant state table - so
+registered ENGINEs will only have a chance to be initialised for use as a
+default if a default ENGINE wasn't already set for the same state table.
+Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports
+ciphers {A} and DSA, and the following code is executed;
+
+ ENGINE_register_complete(X);
+ ENGINE_set_default(Y, ENGINE_METHOD_ALL);
+ e1 = ENGINE_get_default_RSA();
+ e2 = ENGINE_get_cipher_engine(A);
+ e3 = ENGINE_get_cipher_engine(B);
+ e4 = ENGINE_get_default_DSA();
+ e5 = ENGINE_get_cipher_engine(C);
+
+The results would be as follows;
+
+ assert(e1 == X);
+ assert(e2 == Y);
+ assert(e3 == X);
+ assert(e4 == Y);
+ assert(e5 == NULL);
+
+=head2 Application requirements
+
+This section will explain the basic things an application programmer should
+support to make the most useful elements of the ENGINE functionality
+available to the user. The first thing to consider is whether the
+programmer wishes to make alternative ENGINE modules available to the
+application and user. OpenSSL maintains an internal linked list of
+"visible" ENGINEs from which it has to operate - at start-up, this list is
+empty and in fact if an application does not call any ENGINE API calls and
+it uses static linking against openssl, then the resulting application
+binary will not contain any alternative ENGINE code at all. So the first
+consideration is whether any/all available ENGINE implementations should be
+made visible to OpenSSL - this is controlled by calling the various "load"
+functions, eg.
+
+ /* Make the "dynamic" ENGINE available */
+ void ENGINE_load_dynamic(void);
+ /* Make the CryptoSwift hardware acceleration support available */
+ void ENGINE_load_cswift(void);
+ /* Make support for nCipher's "CHIL" hardware available */
+ void ENGINE_load_chil(void);
+ ...
+ /* Make ALL ENGINE implementations bundled with OpenSSL available */
+ void ENGINE_load_builtin_engines(void);
+
+Having called any of these functions, ENGINE objects would have been
+dynamically allocated and populated with these implementations and linked
+into OpenSSL's internal linked list. At this point it is important to
+mention an important API function;
+
+ void ENGINE_cleanup(void);
+
+If no ENGINE API functions are called at all in an application, then there
+are no inherent memory leaks to worry about from the ENGINE functionality,
+however if any ENGINEs are "load"ed, even if they are never registered or
+used, it is necessary to use the ENGINE_cleanup() function to
+correspondingly cleanup before program exit, if the caller wishes to avoid
+memory leaks. This mechanism uses an internal callback registration table
+so that any ENGINE API functionality that knows it requires cleanup can
+register its cleanup details to be called during ENGINE_cleanup(). This
+approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
+at all that your program uses, yet doesn't automatically create linker
+dependencies to all possible ENGINE functionality - only the cleanup
+callbacks required by the functionality you do use will be required by the
+linker.
+
+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+the program and loaded into memory at run-time) does not mean they are
+"registered" or called into use by OpenSSL automatically - that behaviour
+is something for the application to have control over. Some applications
+will want to allow the user to specify exactly which ENGINE they want used
+if any is to be used at all. Others may prefer to load all support and have
+OpenSSL automatically use at run-time any ENGINE that is able to
+successfully initialise - ie. to assume that this corresponds to
+acceleration hardware attached to the machine or some such thing. There are
+probably numerous other ways in which applications may prefer to handle
+things, so we will simply illustrate the consequences as they apply to a
+couple of simple cases and leave developers to consider these and the
+source code to openssl's builtin utilities as guides.
+
+I<Using a specific ENGINE implementation>
+
+Here we'll assume an application has been configured by its user or admin
+to want to use the "ACME" ENGINE if it is available in the version of
+OpenSSL the application was compiled with. If it is available, it should be
+used by default for all RSA, DSA, and symmetric cipher operation, otherwise
+OpenSSL should use its builtin software as per usual. The following code
+illustrates how to approach this;
+
+ ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if(!e)
+     /* the engine isn't available */
+     return;
+ if(!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if(!ENGINE_set_default_RSA(e))
+     /* This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did. */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
+
+I<Automatically using builtin ENGINE implementations>
+
+Here we'll assume we want to load and register all ENGINE implementations
+bundled with OpenSSL, such that for any cryptographic algorithm required by
+OpenSSL - if there is an ENGINE that implements it and can be initialise,
+it should be used. The following code illustrates how this can work;
+
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
+
+That's all that's required. Eg. the next time OpenSSL tries to set up an
+RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
+ENGINE_init() and if any of those succeed, that ENGINE will be set as the
+default for use with RSA from then on.
+
+=head2 Advanced configuration support
+
+There is a mechanism supported by the ENGINE framework that allows each
+ENGINE implementation to define an arbitrary set of configuration
+"commands" and expose them to OpenSSL and any applications based on
+OpenSSL. This mechanism is entirely based on the use of name-value pairs
+and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
+applications want to provide a transparent way for users to provide
+arbitrary configuration "directives" directly to such ENGINEs. It is also
+possible for the application to dynamically interrogate the loaded ENGINE
+implementations for the names, descriptions, and input flags of their
+available "control commands", providing a more flexible configuration
+scheme. However, if the user is expected to know which ENGINE device he/she
+is using (in the case of specialised hardware, this goes without saying)
+then applications may not need to concern themselves with discovering the
+supported control commands and simply prefer to allow settings to passed
+into ENGINEs exactly as they are provided by the user.
+
+Before illustrating how control commands work, it is worth mentioning what
+they are typically used for. Broadly speaking there are two uses for
+control commands; the first is to provide the necessary details to the
+implementation (which may know nothing at all specific to the host system)
+so that it can be initialised for use. This could include the path to any
+driver or config files it needs to load, required network addresses,
+smart-card identifiers, passwords to initialise password-protected devices,
+logging information, etc etc. This class of commands typically needs to be
+passed to an ENGINE B<before> attempting to initialise it, ie. before
+calling ENGINE_init(). The other class of commands consist of settings or
+operations that tweak certain behaviour or cause certain operations to take
+place, and these commands may work either before or after ENGINE_init(), or
+in same cases both. ENGINE implementations should provide indications of
+this in the descriptions attached to builtin control commands and/or in
+external product documentation.
+
+I<Issuing control commands to an ENGINE>
+
+Let's illustrate by example; a function for which the caller supplies the
+name of the ENGINE it wishes to use, a table of string-pairs for use before
+initialisation, and another table for use after initialisation. Note that
+the string-pairs used for control commands consist of a command "name"
+followed by the command "parameter" - the parameter could be NULL in some
+cases but the name can not. This function should initialise the ENGINE
+(issuing the "pre" commands beforehand and the "post" commands afterwards)
+and set it as the default for everything except RAND and then return a
+boolean success or failure.
+
+ int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if(!e) return 0;
+     while(pre_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+	 pre_cmds += 2;
+     }
+     if(!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /* ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id(). */
+     ENGINE_free(e);
+     while(post_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+	 post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
+
+Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
+relax the semantics of the function - if set non-zero it will only return
+failure if the ENGINE supported the given command name but failed while
+executing it, if the ENGINE doesn't support the command name it will simply
+return success without doing anything. In this case we assume the user is
+only supplying commands specific to the given ENGINE so we set this to
+FALSE.
+
+I<Discovering supported control commands>
+
+It is possible to discover at run-time the names, numerical-ids, descriptions
+and input parameters of the control commands supported from a structural
+reference to any ENGINE. It is first important to note that some control
+commands are defined by OpenSSL itself and it will intercept and handle these
+control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not
+used for the control command. openssl/engine.h defines a symbol,
+ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any
+command value lower than this symbol is considered a "generic" command is
+handled directly by the OpenSSL core routines.
+
+It is using these "core" control commands that one can discover the the control
+commands implemented by a given ENGINE, specifically the commands;
+
+ #define ENGINE_HAS_CTRL_FUNCTION		10
+ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
+ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
+ #define ENGINE_CTRL_GET_CMD_FROM_NAME		13
+ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
+ #define ENGINE_CTRL_GET_NAME_FROM_CMD		15
+ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
+ #define ENGINE_CTRL_GET_DESC_FROM_CMD		17
+ #define ENGINE_CTRL_GET_CMD_FLAGS		18
+
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each ENGINE by which to process these
+queries. An ENGINE has 3 properties it exposes that can affect this behaviour;
+it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
+the ENGINE's flags, and it can expose an array of control command descriptions.
+If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
+simply pass all these "core" control commands directly to the ENGINE's ctrl()
+handler (and thus, it must have supplied one), so it is up to the ENGINE to
+reply to these "discovery" commands itself. If that flag is not set, then the
+OpenSSL framework code will work with the following rules;
+
+ if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
+
+If the ENGINE's array of control commands is empty then all other commands will
+fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
+the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
+identifier of a command supported by the ENGINE and returns the next command
+identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
+name for a command and returns the corresponding identifier or fails if no such
+command name exists, and the remaining commands take a command identifier and
+return properties of the corresponding commands. All except
+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
+possible values;
+
+ #define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
+ #define ENGINE_CMD_FLAG_STRING			(unsigned int)0x0002
+ #define ENGINE_CMD_FLAG_NO_INPUT		(unsigned int)0x0004
+ #define ENGINE_CMD_FLAG_INTERNAL		(unsigned int)0x0008
+
+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+informational to the caller - this flag will prevent the command being usable
+for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
+"INTERNAL" commands are not intended to be exposed to text-based configuration
+by applications, administrations, users, etc. These can support arbitrary
+operations via ENGINE_ctrl(), including passing to and/or from the control
+commands data of any arbitrary type. These commands are supported in the
+discovery mechanisms simply to allow applications determinie if an ENGINE
+supports certain specific commands it might want to use (eg. application "foo"
+might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
+and ENGINE could therefore decide whether or not to support this "foo"-specific
+extension).
+
+=head2 Future developments
+
+The ENGINE API and internal architecture is currently being reviewed. Slated for
+possible release in 0.9.8 is support for transparent loading of "dynamic"
+ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
+implementations to be provided independantly of OpenSSL libraries and/or
+OpenSSL-based applications, and would also remove any requirement for
+applications to explicitly use the "dynamic" ENGINE to bind to shared-library
+implementations.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
+
+=cut
diff --git a/crypto/openssl/doc/crypto/evp.pod b/crypto/openssl/doc/crypto/evp.pod
index edf47db..b3ca143 100644
--- a/crypto/openssl/doc/crypto/evp.pod
+++ b/crypto/openssl/doc/crypto/evp.pod
@@ -24,6 +24,13 @@ functions.  The B<EVP_Digest>I<...> functions provide message digests.
 
 Algorithms are loaded with OpenSSL_add_all_algorithms(3).
 
+All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+modules providing alternative implementations. If ENGINE implementations of
+ciphers or digests are registered as defaults, then the various EVP functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the engine(3)
+man page.
+
 =head1 SEE ALSO
 
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
@@ -32,6 +39,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
 
 =cut
diff --git a/crypto/openssl/doc/crypto/hmac.pod b/crypto/openssl/doc/crypto/hmac.pod
index f86e7d7..3976baf 100644
--- a/crypto/openssl/doc/crypto/hmac.pod
+++ b/crypto/openssl/doc/crypto/hmac.pod
@@ -13,11 +13,16 @@ authentication code
                int key_len, const unsigned char *d, int n,
                unsigned char *md, unsigned int *md_len);
 
+ void HMAC_CTX_init(HMAC_CTX *ctx);
+
  void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
                const EVP_MD *md);
+ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+               	   const EVP_MD *md);
  void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
  void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 
+ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
  void HMAC_cleanup(HMAC_CTX *ctx);
 
 =head1 DESCRIPTION
@@ -39,13 +44,31 @@ B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
 B<key> and B<evp_md> may be B<NULL> if a key and hash function have
 been set in a previous call to HMAC_Init() for that B<HMAC_CTX>.
 
-HMAC_cleanup() erases the key and other data from the B<HMAC_CTX>.
+HMAC_CTX_init() initialises a B<HMAC_CTX> before first use. It must be
+called.
+
+HMAC_CTX_cleanup() erases the key and other data from the B<HMAC_CTX>
+and releases any associated resources. It must be called when an
+B<HMAC_CTX> is no longer required.
+
+HMAC_cleanup() is an alias for HMAC_CTX_cleanup() included for back
+compatibility with 0.9.6b, it is deprecated.
 
 The following functions may be used if the message is not completely
 stored in memory:
 
 HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
-function B<evp_md> and the key B<key> which is B<key_len> bytes long.
+function B<evp_md> and the key B<key> which is B<key_len> bytes
+long. It is deprecated and only included for backward compatibility
+with OpenSSL 0.9.6b.
+
+HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
+the function B<evp_md> and key B<key>. Either can be NULL, in which
+case the existing one will be reused. HMAC_CTX_init() must have been
+called before the first use of an B<HMAC_CTX> in this
+function. B<N.B. HMAC_Init() had this undocumented behaviour in
+previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
+programs that expect it will cause them to stop working>.
 
 HMAC_Update() can be called repeatedly with chunks of the message to
 be authenticated (B<len> bytes at B<data>).
@@ -57,8 +80,8 @@ must have space for the hash function output.
 
 HMAC() returns a pointer to the message authentication code.
 
-HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() do not
-return values.
+HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
+HMAC_CTX_cleanup() do not return values.
 
 =head1 CONFORMING TO
 
@@ -73,4 +96,7 @@ L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
 HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup()
 are available since SSLeay 0.9.0.
 
+HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available
+since OpenSSL 0.9.7.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/lhash.pod b/crypto/openssl/doc/crypto/lhash.pod
index 4e87aee..dcdbb43 100644
--- a/crypto/openssl/doc/crypto/lhash.pod
+++ b/crypto/openssl/doc/crypto/lhash.pod
@@ -2,43 +2,108 @@
 
 =head1 NAME
 
-lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
-lh_doall_arg, lh_error - dynamic hash table
+lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error - dynamic hash table
 
 =head1 SYNOPSIS
 
  #include <openssl/lhash.h>
 
- LHASH *lh_new(unsigned long (*hash)(/*void *a*/),
-          int (*compare)(/*void *a,void *b*/));
+ LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare);
  void lh_free(LHASH *table);
 
  void *lh_insert(LHASH *table, void *data);
  void *lh_delete(LHASH *table, void *data);
  void *lh_retrieve(LHASH *table, void *data);
 
- void lh_doall(LHASH *table, void (*func)(/*void *b*/));
- void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/),
+ void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func);
+ void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func,
           void *arg);
 
  int lh_error(LHASH *table);
 
+ typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
+ typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
+ typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
+ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+
 =head1 DESCRIPTION
 
 This library implements dynamic hash tables. The hash table entries
 can be arbitrary structures. Usually they consist of key and value
 fields.
 
-lh_new() creates a new B<LHASH> structure. B<hash> takes a pointer to
-the structure and returns an unsigned long hash value of its key
-field. The hash value is normally truncated to a power of 2, so make
-sure that your hash function returns well mixed low order
-bits. B<compare> takes two arguments, and returns 0 if their keys are
-equal, non-zero otherwise.
+lh_new() creates a new B<LHASH> structure to store arbitrary data
+entries, and provides the 'hash' and 'compare' callbacks to be used in
+organising the table's entries.  The B<hash> callback takes a pointer
+to a table entry as its argument and returns an unsigned long hash
+value for its key field.  The hash value is normally truncated to a
+power of 2, so make sure that your hash function returns well mixed
+low order bits.  The B<compare> callback takes two arguments (pointers
+to two hash table entries), and returns 0 if their keys are equal,
+non-zero otherwise.  If your hash table will contain items of some
+particular type and the B<hash> and B<compare> callbacks hash/compare
+these types, then the B<DECLARE_LHASH_HASH_FN> and
+B<IMPLEMENT_LHASH_COMP_FN> macros can be used to create callback
+wrappers of the prototypes required by lh_new().  These provide
+per-variable casts before calling the type-specific callbacks written
+by the application author.  These macros, as well as those used for
+the "doall" callbacks, are defined as;
+
+ #define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+         unsigned long f_name##_LHASH_HASH(const void *);
+ #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+         unsigned long f_name##_LHASH_HASH(const void *arg) { \
+                 o_type a = (o_type)arg; \
+                 return f_name(a); }
+ #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+
+ #define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+         int f_name##_LHASH_COMP(const void *, const void *);
+ #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+         int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                 o_type a = (o_type)arg1; \
+                 o_type b = (o_type)arg2; \
+                 return f_name(a,b); }
+ #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+
+ #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+         void f_name##_LHASH_DOALL(const void *);
+ #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+         void f_name##_LHASH_DOALL(const void *arg) { \
+                 o_type a = (o_type)arg; \
+                 f_name(a); }
+ #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+
+ #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+         void f_name##_LHASH_DOALL_ARG(const void *, const void *);
+ #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+         void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \
+                 o_type a = (o_type)arg1; \
+                 a_type b = (a_type)arg2; \
+                 f_name(a,b); }
+ #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+
+An example of a hash table storing (pointers to) structures of type 'STUFF'
+could be defined as follows;
+
+ /* Calculates the hash value of 'tohash' (implemented elsewhere) */
+ unsigned long STUFF_hash(const STUFF *tohash);
+ /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
+ int STUFF_cmp(const STUFF *arg1, const STUFF *arg2);
+ /* Create the type-safe wrapper functions for use in the LHASH internals */
+ static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *)
+ static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *);
+ /* ... */
+ int main(int argc, char *argv[]) {
+         /* Create the new hash table using the hash/compare wrappers */
+         LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash),
+                                   LHASH_COMP_FN(STUFF_cmp));
+	 /* ... */
+ }
 
 lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
 entries will not be freed; consider using lh_doall() to deallocate any
-remaining entries in the hash table.
+remaining entries in the hash table (see below).
 
 lh_insert() inserts the structure pointed to by B<data> into B<table>.
 If there already is an entry with the same key, the old value is
@@ -52,23 +117,53 @@ a structure with the key field(s) set; the function will return a
 pointer to a fully populated structure.
 
 lh_doall() will, for every entry in the hash table, call B<func> with
-the data item as parameters.
-This function can be quite useful when used as follows:
- void cleanup(STUFF *a)
-  { STUFF_free(a); }
- lh_doall(hash,cleanup);
- lh_free(hash);
-This can be used to free all the entries. lh_free() then cleans up the
-'buckets' that point to nothing. When doing this, be careful if you
-delete entries from the hash table in B<func>: the table may decrease
-in size, moving item that you are currently on down lower in the hash
-table.  This could cause some entries to be skipped.  The best
-solution to this problem is to set hash-E<gt>down_load=0 before you
-start.  This will stop the hash table ever being decreased in size.
-
-lh_doall_arg() is the same as lh_doall() except that B<func> will
-be called with B<arg> as the second argument.
-
+the data item as its parameter.  For lh_doall() and lh_doall_arg(),
+function pointer casting should be avoided in the callbacks (see
+B<NOTE>) - instead, either declare the callbacks to match the
+prototype required in lh_new() or use the declare/implement macros to
+create type-safe wrappers that cast variables prior to calling your
+type-specific callbacks.  An example of this is illustrated here where
+the callback is used to cleanup resources for items in the hash table
+prior to the hashtable itself being deallocated:
+
+ /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+ void STUFF_cleanup(STUFF *a);
+ /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
+ IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *)
+         /* ... then later in the code ... */
+ /* So to run "STUFF_cleanup" against all items in a hash table ... */
+ lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
+ /* Then the hash table itself can be deallocated */
+ lh_free(hashtable);
+
+When doing this, be careful if you delete entries from the hash table
+in your callbacks: the table may decrease in size, moving the item
+that you are currently on down lower in the hash table - this could
+cause some entries to be skipped during the iteration.  The second
+best solution to this problem is to set hash-E<gt>down_load=0 before
+you start (which will stop the hash table ever decreasing in size).
+The best solution is probably to avoid deleting items from the hash
+table inside a "doall" callback!
+
+lh_doall_arg() is the same as lh_doall() except that B<func> will be
+called with B<arg> as the second argument and B<func> should be of
+type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype that is passed
+both the table entry and an extra argument).  As with lh_doall(), you
+can instead choose to declare your callback with a prototype matching
+the types you are dealing with and use the declare/implement macros to
+create compatible wrappers that cast variables before calling your
+type-specific callbacks.  An example of this is demonstrated here
+(printing all hash table entries to a BIO that is provided by the
+caller):
+
+ /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+ void STUFF_print(const STUFF *a, BIO *output_bio);
+ /* Implement a prototype-compatible wrapper for "STUFF_print" */
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *)
+         /* ... then later in the code ... */
+ /* Print out the entire hashtable to a particular BIO */
+ lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio);
+ 
 lh_error() can be used to determine if an error occurred in the last
 operation. lh_error() is a macro.
 
@@ -91,6 +186,45 @@ otherwise.
 
 lh_free(), lh_doall() and lh_doall_arg() return no values.
 
+=head1 NOTE
+
+The various LHASH macros and callback types exist to make it possible
+to write type-safe code without resorting to function-prototype
+casting - an evil that makes application code much harder to
+audit/verify and also opens the window of opportunity for stack
+corruption and other hard-to-find bugs.  It also, apparently, violates
+ANSI-C.
+
+The LHASH code regards table entries as constant data.  As such, it
+internally represents lh_insert()'d items with a "const void *"
+pointer type.  This is why callbacks such as those used by lh_doall()
+and lh_doall_arg() declare their prototypes with "const", even for the
+parameters that pass back the table items' data pointers - for
+consistency, user-provided data is "const" at all times as far as the
+LHASH code is concerned.  However, as callers are themselves providing
+these pointers, they can choose whether they too should be treating
+all such parameters as constant.
+
+As an example, a hash table may be maintained by code that, for
+reasons of encapsulation, has only "const" access to the data being
+indexed in the hash table (ie. it is returned as "const" from
+elsewhere in their code) - in this case the LHASH prototypes are
+appropriate as-is.  Conversely, if the caller is responsible for the
+life-time of the data in question, then they may well wish to make
+modifications to table item passed back in the lh_doall() or
+lh_doall_arg() callbacks (see the "STUFF_cleanup" example above).  If
+so, the caller can either cast the "const" away (if they're providing
+the raw callbacks themselves) or use the macros to declare/implement
+the wrapper functions without "const" types.
+
+Callers that only have "const" access to data they're indexing in a
+table, yet declare callbacks without constant types (or cast the
+"const" away themselves), are therefore creating their own risks/bugs
+without being encouraged to do so by the API.  On a related note,
+those auditing code should pay special attention to any instances of
+DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
+without any "const" qualifiers.
+
 =head1 BUGS
 
 lh_insert() returns B<NULL> both for success and error.
@@ -131,7 +265,7 @@ generating hashes that are the same for different values.  It is
 probably worth changing your hash function if this is the case because
 even if your hash table has 10 items in a 'bucket', it can be searched
 with 10 B<unsigned long> compares and 10 linked list traverses.  This
-will be much less expensive that 10 calls to you compare function.
+will be much less expensive that 10 calls to your compare function.
 
 lh_strhash() is a demo string hashing function:
 
@@ -152,4 +286,9 @@ lh_error() was added in SSLeay 0.9.1b.
 
 This manpage is derived from the SSLeay documentation.
 
+In OpenSSL 0.9.7, all lhash functions that were passed function pointers
+were changed for better type safety, and the function types LHASH_COMP_FN_TYPE,
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE 
+became available.
+
 =cut
diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod
new file mode 100644
index 0000000..a4f8cc3
--- /dev/null
+++ b/crypto/openssl/doc/crypto/pem.pod
@@ -0,0 +1,476 @@
+=pod
+
+=head1 NAME
+
+PEM - PEM routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/pem.h>
+
+ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+
+ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+
+ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+
+ RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+
+ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+
+ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+
+ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+
+ DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+
+ int PEM_write_DSAparams(FILE *fp, DSA *x);
+
+ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+
+ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DHparams(BIO *bp, DH *x);
+
+ int PEM_write_DHparams(FILE *fp, DH *x);
+
+ X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+
+ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_X509(BIO *bp, X509 *x);
+
+ int PEM_write_X509(FILE *fp, X509 *x);
+
+ X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+
+ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+
+ int PEM_write_X509_AUX(FILE *fp, X509 *x);
+
+ X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+					pem_password_cb *cb, void *u);
+
+ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+
+ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+
+ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+
+ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+
+ X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+					pem_password_cb *cb, void *u);
+ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+					pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+
+ PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+
+ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+
+ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+
+ NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
+						NETSCAPE_CERT_SEQUENCE **x,
+						pem_password_cb *cb, void *u);
+
+ NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
+						NETSCAPE_CERT_SEQUENCE **x,
+						pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x);
+
+ int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x);
+
+=head1 DESCRIPTION
+
+The PEM functions read or write structures in PEM format. In
+this sense PEM format is simply base64 encoded data surrounded
+by header lines.
+
+For more details about the meaning of arguments see the
+B<PEM FUNCTION ARGUMENTS> section.
+
+Each operation has four functions associated with it. For
+clarity the term "B<foobar> functions" will be used to collectively
+refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
+PEM_write_bio_foobar() and PEM_write_foobar() functions.
+
+The B<PrivateKey> functions read or write a private key in
+PEM format using an EVP_PKEY structure. The write routines use
+"traditional" private key format and can handle both RSA and DSA
+private keys. The read functions can additionally transparently
+handle PKCS#8 format encrypted and unencrypted keys too.
+
+PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
+write a private key in an EVP_PKEY structure in PKCS#8
+EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
+algorithms. The B<cipher> argument specifies the encryption algoritm to
+use: unlike all other PEM routines the encryption is applied at the
+PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
+encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
+
+PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
+also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
+it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
+to use is specified in the B<nid> parameter and should be the NID of the
+corresponding OBJECT IDENTIFIER (see NOTES section).
+
+The B<PUBKEY> functions process a public key using an EVP_PKEY
+structure. The public key is encoded as a SubjectPublicKeyInfo
+structure.
+
+The B<RSAPrivateKey> functions process an RSA private key using an
+RSA structure. It handles the same formats as the B<PrivateKey>
+functions but an error occurs if the private key is not RSA.
+
+The B<RSAPublicKey> functions process an RSA public key using an
+RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
+structure.
+
+The B<RSA_PUBKEY> functions also process an RSA public key using
+an RSA structure. However the public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not RSA.
+
+The B<DSAPrivateKey> functions process a DSA private key using a
+DSA structure. It handles the same formats as the B<PrivateKey>
+functions but an error occurs if the private key is not DSA.
+
+The B<DSA_PUBKEY> functions process a DSA public key using
+a DSA structure. The public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not DSA.
+
+The B<DSAparams> functions process DSA parameters using a DSA
+structure. The parameters are encoded using a foobar structure.
+
+The B<DHparams> functions process DH parameters using a DH
+structure. The parameters are encoded using a PKCS#3 DHparameter
+structure.
+
+The B<X509> functions process an X509 certificate using an X509
+structure. They will also process a trusted X509 certificate but
+any trust settings are discarded.
+
+The B<X509_AUX> functions process a trusted X509 certificate using
+an X509 structure. 
+
+The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
+certificate request using an X509_REQ structure. The B<X509_REQ>
+write functions use B<CERTIFICATE REQUEST> in the header whereas
+the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
+(as required by some CAs). The B<X509_REQ> read functions will
+handle either form so there are no B<X509_REQ_NEW> read functions.
+
+The B<X509_CRL> functions process an X509 CRL using an X509_CRL
+structure.
+
+The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
+structure.
+
+The B<NETSCAPE_CERT_SEQUENCE> functions process a Netscape Certificate
+Sequence using a NETSCAPE_CERT_SEQUENCE structure.
+
+=head1 PEM FUNCTION ARGUMENTS
+
+The PEM functions have many common arguments.
+
+The B<bp> BIO parameter (if present) specifies the BIO to read from
+or write to.
+
+The B<fp> FILE parameter (if present) specifies the FILE pointer to
+read from or write to.
+
+The PEM read functions all take an argument B<TYPE **x> and return
+a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
+uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
+NULL but B<*x> is NULL then the structure returned will be written
+to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
+to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
+Irrespective of the value of B<x> a pointer to the structure is always
+returned (or NULL if an error occurred).
+
+The PEM functions which write private keys take an B<enc> parameter
+which specifies the encryption algorithm to use, encryption is done
+at the PEM level. If this parameter is set to NULL then the private
+key is written in unencrypted form.
+
+The B<cb> argument is the callback to use when querying for the pass
+phrase used for encrypted PEM structures (normally only private keys).
+
+For the PEM write routines if the B<kstr> parameter is not NULL then
+B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
+ignored.
+
+If the B<cb> parameters is set to NULL and the B<u> parameter is not
+NULL then the B<u> parameter is interpreted as a null terminated string
+to use as the passphrase. If both B<cb> and B<u> are NULL then the
+default callback routine is used which will typically prompt for the
+passphrase on the current terminal with echoing turned off.
+
+The default passphrase callback is sometimes inappropriate (for example
+in a GUI application) so an alternative can be supplied. The callback
+routine has the following form:
+
+ int cb(char *buf, int size, int rwflag, void *u);
+
+B<buf> is the buffer to write the passphrase to. B<size> is the maximum
+length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
+which is set to 0 when reading and 1 when writing. A typical routine
+will ask the user to verify the passphrase (for example by prompting
+for it twice) if B<rwflag> is 1. The B<u> parameter has the same
+value as the B<u> parameter passed to the PEM routine. It allows
+arbitrary data to be passed to the callback by the application
+(for example a window handle in a GUI application). The callback
+B<must> return the number of characters in the passphrase or 0 if
+an error occurred.
+
+=head1 EXAMPLES
+
+Although the PEM routines take several arguments in almost all applications
+most of them are set to 0 or NULL.
+
+Read a certificate in PEM format from a BIO:
+
+ X509 *x;
+ x = PEM_read_bio(bp, NULL, 0, NULL);
+ if (x == NULL)
+	{
+	/* Error */
+	}
+
+Alternative method:
+
+ X509 *x = NULL;
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+	{
+	/* Error */
+	}
+
+Write a certificate to a BIO:
+
+ if (!PEM_write_bio_X509(bp, x))
+	{
+	/* Error */
+	}
+
+Write an unencrypted private key to a FILE pointer:
+
+ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
+	{
+	/* Error */
+	}
+
+Write a private key (using traditional format) to a BIO using
+triple DES encryption, the pass phrase is prompted for:
+
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+	{
+	/* Error */
+	}
+
+Write a private key (using PKCS#8 format) to a BIO using triple
+DES encryption, using the pass phrase "hello":
+
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
+	{
+	/* Error */
+	}
+
+Read a private key from a BIO using the pass phrase "hello":
+
+ key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
+ if (key == NULL)
+	{
+	/* Error */
+	}
+
+Read a private key from a BIO using a pass phrase callback:
+
+ key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+ if (key == NULL)
+	{
+	/* Error */
+	}
+
+Skeleton pass phrase callback:
+
+ int pass_cb(char *buf, int size, int rwflag, void *u);
+	{
+	int len;
+	char *tmp;
+	/* We'd probably do something else if 'rwflag' is 1 */
+	printf("Enter pass phrase for \"%s\"\n", u);
+
+	/* get pass phrase, length 'len' into 'tmp' */
+	tmp = "hello";
+	len = strlen(tmp);
+
+	if (len <= 0) return 0;
+	/* if too long, truncate */
+	if (len > size) len = size;
+	memcpy(buf, tmp, len);
+	return len;
+	}
+
+=head1 NOTES
+
+The old B<PrivateKey> write routines are retained for compatibility.
+New applications should write private keys using the
+PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
+because they are more secure (they use an iteration count of 2048 whereas
+the traditional routines use a count of 1) unless compatibility with older
+versions of OpenSSL is important.
+
+The B<PrivateKey> read routines can be used in all applications because
+they handle all formats transparently.
+
+A frequent cause of problems is attempting to use the PEM routines like
+this:
+
+ X509 *x;
+ PEM_read_bio_X509(bp, &x, 0, NULL);
+
+this is a bug because an attempt will be made to reuse the data at B<x>
+which is an uninitialised pointer.
+
+=head1 PEM ENCRYPTION FORMAT
+
+This old B<PrivateKey> routines use a non standard technique for encryption.
+
+The private key (or other data) takes the following form: 
+
+ -----BEGIN RSA PRIVATE KEY-----
+ Proc-Type: 4,ENCRYPTED
+ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
+
+ ...base64 encoded data...
+ -----END RSA PRIVATE KEY-----
+
+The line beginning DEK-Info contains two comma separated pieces of information:
+the encryption algorithm name as used by EVP_get_cipherbyname() and an 8
+byte B<salt> encoded as a set of hexadecimal digits.
+
+After this is the base64 encoded encrypted data.
+
+The encryption key is determined using EVP_bytestokey(), using B<salt> and an
+iteration count of 1. The IV used is the value of B<salt> and *not* the IV
+returned by EVP_bytestokey().
+
+=head1 BUGS
+
+The PEM read routines in some versions of OpenSSL will not correctly reuse
+an existing structure. Therefore the following:
+
+ PEM_read_bio(bp, &x, 0, NULL);
+
+where B<x> already contains a valid certificate, may not work, whereas: 
+
+ X509_free(x);
+ x = PEM_read_bio(bp, NULL, 0, NULL);
+
+is guaranteed to work.
+
+=head1 RETURN CODES
+
+The read routines return either a pointer to the structure read or NULL
+is an error occurred.
+
+The write routines return 1 for success or 0 for failure.
diff --git a/crypto/openssl/doc/crypto/rand.pod b/crypto/openssl/doc/crypto/rand.pod
index 96901f1..1c068c8 100644
--- a/crypto/openssl/doc/crypto/rand.pod
+++ b/crypto/openssl/doc/crypto/rand.pod
@@ -8,13 +8,14 @@ rand - pseudo-random number generator
 
  #include <openssl/rand.h>
 
+ int  RAND_set_rand_engine(ENGINE *engine);
+
  int  RAND_bytes(unsigned char *buf, int num);
  int  RAND_pseudo_bytes(unsigned char *buf, int num);
 
  void RAND_seed(const void *buf, int num);
  void RAND_add(const void *buf, int num, int entropy);
  int  RAND_status(void);
- void RAND_screen(void);
 
  int  RAND_load_file(const char *file, long max_bytes);
  int  RAND_write_file(const char *file);
@@ -22,14 +23,31 @@ rand - pseudo-random number generator
 
  int  RAND_egd(const char *path);
 
- void RAND_set_rand_method(RAND_METHOD *meth);
- RAND_METHOD *RAND_get_rand_method(void);
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+ const RAND_METHOD *RAND_get_rand_method(void);
  RAND_METHOD *RAND_SSLeay(void);
 
  void RAND_cleanup(void);
 
+ /* For Win32 only */
+ void RAND_screen(void);
+ int RAND_event(UINT, WPARAM, LPARAM);
+
 =head1 DESCRIPTION
 
+Since the introduction of the ENGINE API, the recommended way of controlling
+default implementations is by using the ENGINE API functions. The default
+B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+RAND_get_rand_method(), is only used if no ENGINE has been set as the default
+"rand" implementation. Hence, these two functions are no longer the recommened
+way to control defaults.
+
+If an alternative B<RAND_METHOD> implementation is being used (either set
+directly or as provided by an ENGINE module), then it is entirely responsible
+for the generation and management of a cryptographically secure PRNG stream. The
+mechanisms described below relate solely to the software PRNG implementation
+built in to OpenSSL and used by default.
+
 These functions implement a cryptographically secure pseudo-random
 number generator (PRNG). It is used by other library functions for
 example to generate random keys, and applications can use it when they
diff --git a/crypto/openssl/doc/crypto/rsa.pod b/crypto/openssl/doc/crypto/rsa.pod
index ec7458c..45ac53f 100644
--- a/crypto/openssl/doc/crypto/rsa.pod
+++ b/crypto/openssl/doc/crypto/rsa.pod
@@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
+ #include <openssl/engine.h>
 
  RSA * RSA_new(void);
  void RSA_free(RSA *rsa);
@@ -15,13 +16,17 @@ rsa - RSA public key cryptosystem
     unsigned char *to, RSA *rsa, int padding);
  int RSA_private_decrypt(int flen, unsigned char *from,
     unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa,int padding);
 
  int RSA_sign(int type, unsigned char *m, unsigned int m_len,
     unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  int RSA_verify(int type, unsigned char *m, unsigned int m_len,
     unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
 
  RSA *RSA_generate_key(int num, unsigned long e,
     void (*callback)(int,int,void *), void *cb_arg);
@@ -31,15 +36,14 @@ rsa - RSA public key cryptosystem
  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  void RSA_blinding_off(RSA *rsa);
 
- void RSA_set_default_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
- RSA_METHOD *RSA_PKCS1_RSAref(void);
  RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
+ int RSA_flags(const RSA *rsa);
+ RSA *RSA_new_method(ENGINE *engine);
 
  int RSA_print(BIO *bp, RSA *x, int offset);
  int RSA_print_fp(FILE *fp, RSA *x, int offset);
@@ -49,11 +53,6 @@ rsa - RSA public key cryptosystem
  int RSA_set_ex_data(RSA *r,int idx,char *arg);
  char *RSA_get_ex_data(RSA *r, int idx);
 
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa,int padding);
-
  int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
     unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
     RSA *rsa);
@@ -90,6 +89,14 @@ B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
 keys, but the RSA operations are much faster when these values are
 available.
 
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 CONFORMING TO
 
 SSL, PKCS #1 v2.0
@@ -101,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000.
 =head1 SEE ALSO
 
 L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
 L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
 L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
 L<RSA_generate_key(3)|RSA_generate_key(3)>,
diff --git a/crypto/openssl/doc/crypto/threads.pod b/crypto/openssl/doc/crypto/threads.pod
index 136844b..afa45cd 100644
--- a/crypto/openssl/doc/crypto/threads.pod
+++ b/crypto/openssl/doc/crypto/threads.pod
@@ -53,7 +53,7 @@ OpenSSL can safely be used in multi-threaded applications provided
 that at least two callback functions are set.
 
 locking_function(int mode, int n, const char *file, int line) is
-needed to perform locking on shared data structures.
+needed to perform locking on shared data structures. 
 (Note that OpenSSL uses a number of global data structures that
 will be implicitly shared whenever multiple threads use OpenSSL.)
 Multi-threaded applications will crash at random if it is not set.
diff --git a/crypto/openssl/doc/crypto/ui.pod b/crypto/openssl/doc/crypto/ui.pod
new file mode 100644
index 0000000..2b3535a
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ui.pod
@@ -0,0 +1,194 @@
+=pod
+
+=head1 NAME
+
+UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
+UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
+UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
+UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
+
+=head1 SYNOPSIS
+
+ #include <openssl/ui.h>
+
+ typedef struct ui_st UI;
+ typedef struct ui_method_st UI_METHOD;
+
+ UI *UI_new(void);
+ UI *UI_new_method(const UI_METHOD *method);
+ void UI_free(UI *ui);
+
+ int UI_add_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+ int UI_add_info_string(UI *ui, const char *text);
+ int UI_dup_info_string(UI *ui, const char *text);
+ int UI_add_error_string(UI *ui, const char *text);
+ int UI_dup_error_string(UI *ui, const char *text);
+
+ /* These are the possible flags.  They can be or'ed together. */
+ #define UI_INPUT_FLAG_ECHO		0x01
+ #define UI_INPUT_FLAG_DEFAULT_PWD	0x02
+
+ char *UI_construct_prompt(UI *ui_method,
+	const char *object_desc, const char *object_name);
+
+ void *UI_add_user_data(UI *ui, void *user_data);
+ void *UI_get0_user_data(UI *ui);
+
+ const char *UI_get0_result(UI *ui, int i);
+
+ int UI_process(UI *ui);
+
+ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+ #define UI_CTRL_PRINT_ERRORS		1
+ #define UI_CTRL_IS_REDOABLE		2
+
+ void UI_set_default_method(const UI_METHOD *meth);
+ const UI_METHOD *UI_get_default_method(void);
+ const UI_METHOD *UI_get_method(UI *ui);
+ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+ UI_METHOD *UI_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+UI stands for User Interface, and is general purpose set of routines to
+prompt the user for text-based information.  Through user-written methods
+(see L<ui_create(3)|ui_create(3)>), prompting can be done in any way
+imaginable, be it plain text prompting, through dialog boxes or from a
+cell phone.
+
+All the functions work through a context of the type UI.  This context
+contains all the information needed to prompt correctly as well as a
+reference to a UI_METHOD, which is an ordered vector of functions that
+carry out the actual prompting.
+
+The first thing to do is to create a UI with UI_new() or UI_new_method(),
+then add information to it with the UI_add or UI_dup functions.  Also,
+user-defined random data can be passed down to the underlying method
+through calls to UI_add_user_data.  The default UI method doesn't care
+about these data, but other methods might.  Finally, use UI_process()
+to actually perform the prompting and UI_get0_result() to find the result
+to the prompt.
+
+A UI can contain more than one prompt, which are performed in the given
+sequence.  Each prompt gets an index number which is returned by the
+UI_add and UI_dup functions, and has to be used to get the corresponding
+result with UI_get0_result().
+
+The functions are as follows:
+
+UI_new() creates a new UI using the default UI method.  When done with
+this UI, it should be freed using UI_free().
+
+UI_new_method() creates a new UI using the given UI method.  When done with
+this UI, it should be freed using UI_free().
+
+UI_OpenSSL() returns the built-in UI method (note: not the default one,
+since the default can be changed.  See further on).  This method is the
+most machine/OS dependent part of OpenSSL and normally generates the
+most problems when porting.
+
+UI_free() removes a UI from memory, along with all other pieces of memory
+that's connected to it, like duplicated input strings, results and others.
+
+UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
+as well as flags and a result buffer and the desired minimum and maximum
+sizes of the result.  The given information is used to prompt for
+information, for example a password, and to verify a password (i.e. having
+the user enter it twice and check that the same string was entered twice).
+UI_add_verify_string() takes and extra argument that should be a pointer
+to the result buffer of the input string that it's supposed to verify, or
+verification will fail.
+
+UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
+in a boolean way, with a single character for yes and a different character
+for no.  A set of characters that can be used to cancel the prompt is given
+as well.  The prompt itself is really divided in two, one part being the
+descriptive text (given through the I<prompt> argument) and one describing
+the possible answers (given through the I<action_desc> argument).
+
+UI_add_info_string() and UI_add_error_string() add strings that are shown at
+the same time as the prompt for extra information or to show an error string.
+The difference between the two is only conceptual.  With the builtin method,
+there's no technical difference between them.  Other methods may make a
+difference between them, however.
+
+The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
+UI_add_input_string() and will have the users response be echoed (when
+prompting for a password, this flag should obviously not be used, and
+UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
+sort will be used (completely depending on the application and the UI
+method).
+
+UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
+UI_dup_info_string() and UI_dup_error_string() are basically the same
+as their UI_add counterparts, except that they make their own copies
+of all strings.
+
+UI_construct_prompt() is a helper function that can be used to create
+a prompt from two pieces of information: an description and a name.
+The default constructor (if there is none provided by the method used)
+creates a string "Enter I<description> for I<name>:".  With the
+description "pass phrase" and the file name "foo.key", that becomes
+"Enter pass phrase for foo.key:".  Other methods may create whatever
+string and may include encodings that will be processed by the other
+method functions.
+
+UI_add_user_data() adds a piece of memory for the method to use at any
+time.  The builtin UI method doesn't care about this info.  Note that several
+calls to this function doesn't add data, it replaces the previous blob
+with the one given as argument.
+
+UI_get0_user_data() retrieves the data that has last been given to the
+UI with UI_add_user_data().
+
+UI_get0_result() returns a pointer to the result buffer associated with
+the information indexed by I<i>.
+
+UI_process() goes through the information given so far, does all the printing
+and prompting and returns.
+
+UI_ctrl() adds extra control for the application author.  For now, it
+understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
+print the OpenSSL error stack as part of processing the UI, and
+UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
+be used again or not.
+
+UI_set_default_method() changes the default UI method to the one given.
+
+UI_get_default_method() returns a pointer to the current default UI method.
+
+UI_get_method() returns the UI method associated with a given UI.
+
+UI_set_method() changes the UI method associated with a given UI.
+
+=head1 SEE ALSO
+
+L<ui_create(3)|ui_create(3)>, L<ui_compat(3)|ui_compat(3)>
+
+=head1 HISTORY
+
+The UI section was first introduced in OpenSSL 0.9.7.
+
+=head1 AUTHOR
+
+Richard Levitte (richard@levitte.org) for the OpenSSL project
+(http://www.openssl.org).
+
+=cut
diff --git a/crypto/openssl/doc/crypto/ui_compat.pod b/crypto/openssl/doc/crypto/ui_compat.pod
new file mode 100644
index 0000000..9ab3c69
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ui_compat.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw -
+Compatibility user interface functions
+
+=head1 SYNOPSIS
+
+ int des_read_password(DES_cblock *key,const char *prompt,int verify);
+ int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
+ 	const char *prompt,int verify);
+
+ int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+ int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+=head1 DESCRIPTION
+
+The DES library contained a few routines to prompt for passwords.  These
+aren't necessarely dependent on DES, and have therefore become part of the
+UI compatibility library.
+
+des_read_pw() writes the string specified by I<prompt> to standard output
+turns echo off and reads an input string from the terminal.  The string is
+returned in I<buf>, which must have spac for at least I<size> bytes.
+If I<verify> is set, the user is asked for the password twice and unless
+the two copies match, an error is returned.  The second password is stored
+in I<buff>, which must therefore also be at least I<size> bytes.  A return
+code of -1 indicates a system error, 1 failure due to use interaction, and
+0 is success.  All other functions described here use des_read_pw() to do
+the work.
+
+des_read_pw_string() is a variant of des_read_pw() that provides a buffer
+for you if I<verify> is set.
+
+des_read_password() calls des_read_pw() and converts the password to a
+DES key by calling DES_string_to_key(); des_read_2password() operates in
+the same way as des_read_password() except that it generates two keys
+by using the DES_string_to_2key() function.
+
+=head1 NOTES
+
+des_read_pw_string() is available in the MIT Kerberos library as well, and
+is also available under the name EVP_read_pw_string().
+
+=head1 SEE ALSO
+
+L<ui(3)|ui(3)>, L<ui_create(3)|ui_create(3)>
+
+=head1 AUTHOR
+
+Richard Levitte (richard@levitte.org) for the OpenSSL project
+(http://www.openssl.org).
+
+=cut
diff --git a/crypto/openssl/doc/openssl.txt b/crypto/openssl/doc/openssl.txt
index 5da519e..432a17b 100644
--- a/crypto/openssl/doc/openssl.txt
+++ b/crypto/openssl/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
 
 Examples:
 
-subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
 
 Issuer Alternative Name.
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod b/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
index af326c2..82676b2 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
@@ -37,6 +37,14 @@ removed and replaced by the new session. If the session is actually
 identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
 is a no-op, and the return value is 0.
 
+If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
+flag then the internal cache will not be populated automatically by new
+sessions negotiated by the SSL/TLS implementation, even though the internal
+cache will be searched automatically for session-resume requests (the
+latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+application can use SSL_CTX_add_session() directly to have full control
+over the sessions that can be resumed if desired.
+
 
 =head1 RETURN VALUES
 
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod b/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
index 4228225..fb6adcf 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
@@ -8,10 +8,10 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal hand
 
  #include <openssl/ssl.h>
 
- long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
+ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
  long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
 
- long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
+ long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
  long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
 
 =head1 DESCRIPTION
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
index 723fc14..c0f4f85 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
@@ -8,38 +8,36 @@ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
 
  #include <openssl/ssl.h>
 
- void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(),
-                                       char *arg);
- int (*callback)();
+ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
 
 =head1 DESCRIPTION
 
 SSL_CTX_set_cert_verify_callback() sets the verification callback function for
-B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at
-the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored.
+I<ctx>. SSL objects that are created from I<ctx> inherit the setting valid at
+the time when L<SSL_new(3)|SSL_new(3)> is called.
 
 =head1 NOTES
 
 Whenever a certificate is verified during a SSL/TLS handshake, a verification
 function is called. If the application does not explicitly specify a
 verification callback function, the built-in verification function is used.
-If a verification callback B<callback> is specified via
+If a verification callback I<callback> is specified via
 SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
-instead. By setting B<callback> to NULL, the default behaviour is restored.
+instead. By setting I<callback> to NULL, the default behaviour is restored.
 
-When the verification must be performed, B<callback> will be called with
-the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg>
-that can be specified when setting B<callback> are currently ignored.
+When the verification must be performed, I<callback> will be called with
+the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The 
+argument I<arg> is specified by the application when setting I<callback>.
 
-B<callback> should return 1 to indicate verification success and 0 to
-indicate verification failure. If SSL_VERIFY_PEER is set and B<callback>
+I<callback> should return 1 to indicate verification success and 0 to
+indicate verification failure. If SSL_VERIFY_PEER is set and I<callback>
 returns 0, the handshake will fail. As the verification procedure may
 allow to continue the connection in case of failure (by always returning 1)
 the verification result must be set in any case using the B<error>
-member of B<x509_store_ctx>, so that the calling application will be informed
+member of I<x509_store_ctx> so that the calling application will be informed
 about the detailed result of the verification procedure! 
 
-Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback>
+Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
 function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
 
 =head1 WARNINGS
@@ -56,12 +54,6 @@ the B<verify_callback> function.
 
 =head1 BUGS
 
-It is possible to specify arguments to be passed to the verification callback.
-Currently they are however not passed but ignored.
-
-The B<callback> function is not specified via a prototype, so that no
-type checking takes place.
-
 =head1 RETURN VALUES
 
 SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
@@ -72,4 +64,12 @@ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
 L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
 L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
 
+=head1 HISTORY
+
+Previous to OpenSSL 0.9.7, the I<arg> argument to B<SSL_CTX_set_cert_verify_callback>
+was ignored, and I<callback> was called simply as
+ int (*callback)(X509_STORE_CTX *)
+To compile software written for previous versions of OpenSSL, a dummy
+argument will have to be added to I<callback>.
+
 =cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod
new file mode 100644
index 0000000..798e844
--- /dev/null
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod
@@ -0,0 +1,150 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id - manipulate generation of SSL session IDs (server only)
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+ int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+ int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+				 unsigned int id_len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_generate_session_id() sets the callback function for generating
+new session ids for SSL/TLS sessions for B<ctx> to be B<cb>.
+
+SSL_set_generate_session_id() sets the callback function for generating
+new session ids for SSL/TLS sessions for B<ssl> to be B<cb>.
+
+SSL_has_matching_session_id() checks, whether a session with id B<id>
+(of length B<id_len>) is already contained in the internal session cache
+of the parent context of B<ssl>.
+
+=head1 NOTES
+
+When a new session is established between client and server, the server
+generates a session id. The session id is an arbitrary sequence of bytes.
+The length of the session id is 16 bytes for SSLv2 sessions and between
+1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical
+but must be unique for the server. Additionally, the session id is
+transmitted in the clear when reusing the session so it must not contain
+sensitive information.
+
+Without a callback being set, an OpenSSL server will generate a unique
+session id from pseudo random numbers of the maximum possible length.
+Using the callback function, the session id can be changed to contain
+additional information like e.g. a host id in order to improve load balancing
+or external caching techniques.
+
+The callback function receives a pointer to the memory location to put
+B<id> into and a pointer to the maximum allowed length B<id_len>. The
+buffer at location B<id> is only guaranteed to have the size B<id_len>.
+The callback is only allowed to generate a shorter id and reduce B<id_len>;
+the callback B<must never> increase B<id_len> or write to the location
+B<id> exceeding the given limit.
+
+If a SSLv2 session id is generated and B<id_len> is reduced, it will be
+restored after the callback has finished and the session id will be padded
+with 0x00. It is not recommended to change the B<id_len> for SSLv2 sessions.
+The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> function
+to check, whether the session is of type SSLv2.
+
+The location B<id> is filled with 0x00 before the callback is called, so the
+callback may only fill part of the possible length and leave B<id_len>
+untouched while maintaining reproducibility.
+
+Since the sessions must be distinguished, session ids must be unique.
+Without the callback a random number is used, so that the probability
+of generating the same session id is extremely small (2^128 possible ids
+for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the
+uniqueness of the generated session id, the callback must call
+SSL_has_matching_session_id() and generate another id if a conflict occurs.
+If an id conflict is not resolved, the handshake will fail.
+If the application codes e.g. a unique host id, a unique process number, and
+a unique sequence number into the session id, uniqueness could easily be
+achieved without randomness added (it should however be taken care that
+no confidential information is leaked this way). If the application can not
+guarantee uniqueness, it is recommended to use the maximum B<id_len> and
+fill in the bytes not used to code special information with random data
+to avoid collisions.
+
+SSL_has_matching_session_id() will only query the internal session cache,
+not the external one. Since the session id is generated before the
+handshake is completed, it is not immediately added to the cache. If
+another thread is using the same internal session cache, a race condition
+can occur in that another thread generates the same session id.
+Collisions can also occur when using an external session cache, since
+the external cache is not tested with SSL_has_matching_session_id()
+and the same race condition applies.
+
+When calling SSL_has_matching_session_id() for an SSLv2 session with
+reduced B<id_len>, the match operation will be performed using the
+fixed length required and with a 0x00 padded id.
+
+The callback must return 0 if it cannot generate a session id for whatever
+reason and return 1 on success.
+
+=head1 EXAMPLES
+
+The callback function listed will generate a session id with the
+server id given, and will fill the rest with pseudo random bytes:
+
+ const char session_id_prefix = "www-18";
+
+ #define MAX_SESSION_ID_ATTEMPTS 10
+ static int generate_session_id(const SSL *ssl, unsigned char *id,
+                              unsigned int *id_len)
+      {
+      unsigned int count = 0;
+      const char *version;
+
+      version = SSL_get_version(ssl);
+      if (!strcmp(version, "SSLv2"))
+	  /* we must not change id_len */;
+
+      do      {
+              RAND_pseudo_bytes(id, *id_len);
+              /* Prefix the session_id with the required prefix. NB: If our
+               * prefix is too long, clip it - but there will be worse effects
+               * anyway, eg. the server could only possibly create 1 session
+               * ID (ie. the prefix!) so all future session negotiations will
+               * fail due to conflicts. */
+              memcpy(id, session_id_prefix,
+                      (strlen(session_id_prefix) < *id_len) ?
+                      strlen(session_id_prefix) : *id_len);
+              }
+      while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+              (++count < MAX_SESSION_ID_ATTEMPTS));
+      if(count >= MAX_SESSION_ID_ATTEMPTS)
+              return 0;
+      return 1;
+      }
+
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id()
+always return 1.
+
+SSL_has_matching_session_id() returns 1 if another session with the
+same id is already in the cache.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_version(3)|SSL_get_version(3)>
+
+=head1 HISTORY
+
+SSL_CTX_set_generate_session_id(), SSL_set_generate_session_id()
+and SSL_has_matching_session_id() have been introduced in
+OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod
new file mode 100644
index 0000000..da68cb9
--- /dev/null
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, - manipulate allowed for the peer's certificate chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+ long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
+
+ long SSL_set_max_cert_list(SSL *ssl, long size);
+ long SSL_get_max_cert_list(SSL *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's
+certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
+The SSL objects inherit the setting valid for B<ctx> at the time
+L<SSL_new(3)|SSL_new(3)> is being called.
+
+SSL_CTX_get_max_cert_list() returns the currently set maximum size for B<ctx>.
+
+SSL_set_max_cert_list() sets the maximum size allowed for the peer's
+certificate chain for B<ssl> to be <size> bytes. This setting stays valid
+until a new value is set.
+
+SSL_get_max_cert_list() returns the currently set maximum size for B<ssl>.
+
+=head1 NOTES
+
+During the handshake process, the peer may send a certificate chain.
+The TLS/SSL standard does not give any maximum size of the certificate chain.
+The OpenSSL library handles incoming data by a dynamically allocated buffer.
+In order to prevent this buffer from growing without bounds due to data
+received from a faulty or malicious peer, a maximum size for the certificate
+chain is set.
+
+The default value for the maximum certificate chain size is 100kB (30kB
+on the 16bit DOS platform). This should be sufficient for usual certificate
+chains (OpenSSL's default maximum chain length is 10, see
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, and certificates
+without special extensions have a typical size of 1-2kB).
+
+For special applications it can be necessary to extend the maximum certificate
+chain size allowed to be sent by the peer, see e.g. the work on
+"Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
+and "TLS Delegation Protocol" at http://www.ietf.org/ and
+http://www.globus.org/ .
+
+Under normal conditions it should never be necessary to set a value smaller
+than the default, as the buffer is handled dynamically and only uses the
+memory actually required by the data sent by the peer.
+
+If the maximum certificate chain size allowed is exceeded, the handshake will
+fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously
+set value.
+
+SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently
+set value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+
+=head1 HISTORY
+
+SSL*_set/get_max_cert_list() have been introduced in OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
new file mode 100644
index 0000000..0015e6e
--- /dev/null
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -0,0 +1,99 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg - install callback for observing protocol messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+ void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
+define a message callback function I<cb> for observing all SSL/TLS
+protocol messages (such as handshake messages) that are received or
+sent.  SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
+can be used to set argument I<arg> to the callback function, which is
+available for arbitrary application use.
+
+SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
+default settings that will be copied to new B<SSL> objects by
+L<SSL_new(3)|SSL_new(3)>. SSL_set_msg_callback() and
+SSL_set_msg_callback_arg() modify the actual settings of an B<SSL>
+object. Using a B<0> pointer for I<cb> disables the message callback.
+
+When I<cb> is called by the SSL/TLS library for a protocol message,
+the function arguments have the following meaning:
+
+=over 4
+
+=item I<write_p>
+
+This flag is B<0> when a protocol message has been received and B<1>
+when a protocol message has been sent.
+
+=item I<version>
+
+The protocol version according to which the protocol message is
+interpreted by the library. Currently, this is one of
+B<SSL2_VERSION>, B<SSL3_VERSION> and B<TLS1_VERSION> (for SSL 2.0, SSL
+3.0 and TLS 1.0, respectively).
+
+=item I<content_type>
+
+In the case of SSL 2.0, this is always B<0>.  In the case of SSL 3.0
+or TLS 1.0, this is one of the B<ContentType> values defined in the
+protocol specification (B<change_cipher_spec(20)>, B<alert(21)>,
+B<handshake(22)>; but never B<application_data(23)> because the
+callback will only be called for protocol messages).
+
+=item I<buf>, I<len>
+
+I<buf> points to a buffer containing the protocol message, which
+consists of I<len> bytes. The buffer is no longer valid after the
+callback function has returned.
+
+=item I<ssl>
+
+The B<SSL> object that received or sent the message.
+
+=item I<arg>
+
+The user-defined argument optionally defined by
+SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
+
+=back
+
+=head1 NOTES
+
+Protocol messages are passed to the callback function after decryption
+and fragment collection where applicable. (Thus record boundaries are
+not visible.)
+
+If processing a received protocol message results in an error,
+the callback function may not be called.  For example, the callback
+function will never see messages that are considered too large to be
+processed.
+
+Due to automatic protocol version negotiation, I<version> is not
+necessarily the protocol version used by the sender of the message: If
+a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
+I<version> will be B<SSL3_VERSION>.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
+
+=head1 HISTORY
+
+SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(),
+SSL_set_msg_callback() and SSL_get_msg_callback_arg() were added in OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
index 5c07e53..f5e2ec3 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
@@ -100,18 +100,6 @@ doing a re-connect, always takes the first cipher in the cipher list.
 
 ...
 
-=item SSL_OP_TLS_ROLLBACK_BUG
-
-Disable version rollback attack detection.
-
-During the client key exchange, the client must send the same information
-about acceptable SSL/TLS protocol levels as during the first hello. Some
-clients violate this rule by adapting to the server's answer. (Example:
-the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
-only understands up to SSLv3. In this case the client must still use the
-same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
-to the server's answer and violate the version rollback protection.)
-
 =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
 
 Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
@@ -133,6 +121,18 @@ The following B<modifying> options are available:
 
 =over 4
 
+=item SSL_OP_TLS_ROLLBACK_BUG
+
+Disable version rollback attack detection.
+
+During the client key exchange, the client must send the same information
+about acceptable SSL/TLS protocol levels as during the first hello. Some
+clients violate this rule by adapting to the server's answer. (Example:
+the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
+only understands up to SSLv3. In this case the client must still use the
+same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+to the server's answer and violate the version rollback protection.)
+
 =item SSL_OP_SINGLE_DH_USE
 
 Always create a new key when using temporary/ephemeral DH parameters
@@ -142,7 +142,7 @@ the DH parameters were not generated using "strong" primes
 (e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
 If "strong" primes were used, it is not strictly necessary to generate
 a new DH key during each handshake but it is also recommended.
-SSL_OP_SINGLE_DH_USE should therefore be enabled whenever
+B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
 temporary/ephemeral DH parameters are used.
 
 =item SSL_OP_EPHEMERAL_RSA
@@ -157,6 +157,14 @@ SSL/TLS specifications and may lead to interoperability problems with
 clients and should therefore never be used. Ciphers with EDH (ephemeral
 Diffie-Hellman) key exchange should be used instead.
 
+=item SSL_OP_CIPHER_SERVER_PREFERENCE
+
+When choosing a cipher, use the server's preferences instead of the client
+preferences. When not set, the SSL server will always follow the clients
+preferences. When set, the SSLv3/TLSv1 server will choose following its
+own preferences. Because of the different protocol, for SSLv2 the server
+will send his list of preferences to the client and the client chooses.
+
 =item SSL_OP_PKCS1_CHECK_1
 
 ...
@@ -187,6 +195,12 @@ Do not use the SSLv3 protocol.
 
 Do not use the TLSv1 protocol.
 
+=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+When performing renegotiation as a server, always start a new session
+(i.e., session resumption requests are only accepted in the initial
+handshake).  This option is not needed for clients.
+
 =back
 
 =head1 RETURN VALUES
@@ -205,7 +219,13 @@ L<dhparam(1)|dhparam(1)>
 
 =head1 HISTORY
 
-SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
+B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
+B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
+OpenSSL 0.9.7.
+
+B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
+enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
+and must be explicitly set.
 
 B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
 Versions up to OpenSSL 0.9.6c do not include the countermeasure that
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
index 9aa6c6b..c5d2f43 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -26,12 +26,14 @@ SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
 object.
 
 In order to reuse a session, a client must send the session's id to the
-server. It can only send exactly one id.  The server then decides whether it
-agrees in reusing the session or starts the handshake for a new session.
+server. It can only send exactly one id.  The server then either 
+agrees to reuse the session or it starts a full handshake (to create a new
+session).
 
-A server will lookup up the session in its internal session storage. If
-the session is not found in internal storage or internal storage is
-deactivated, the server will try the external storage if available.
+A server will lookup up the session in its internal session storage. If the
+session is not found in internal storage or lookups for the internal storage
+have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+the external storage if available.
 
 Since a client may try to reuse a session intended for use in a different
 context, the session id context must be set by the server (see
@@ -57,9 +59,10 @@ function. This option is not activated by default.
 =item SSL_SESS_CACHE_SERVER
 
 Server sessions are added to the session cache. When a client proposes a
-session to be reused, the session is looked up in the internal session cache.
-If the session is found, the server will try to reuse the session.
-This is the default.
+session to be reused, the server looks for the corresponding session in (first)
+the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+then (second) in the external cache if available. If the session is found, the
+server will try to reuse the session.  This is the default.
 
 =item SSL_SESS_CACHE_BOTH
 
@@ -77,12 +80,32 @@ explicitly by the application.
 
 =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
 
-By setting this flag sessions are cached in the internal storage but
-they are not looked up automatically. If an external session cache
-is enabled, sessions are looked up in the external cache. As automatic
-lookup only applies for SSL/TLS servers, the flag has no effect on
+By setting this flag, session-resume operations in an SSL/TLS server will not
+automatically look up sessions in the internal cache, even if sessions are
+automatically stored there. If external session caching callbacks are in use,
+this flag guarantees that all lookups are directed to the external cache.
+As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
 clients.
 
+=item SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
+sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
+Normally a new session is added to the internal cache as well as any external
+session caching (callback) that is configured for the SSL_CTX. This flag will
+prevent sessions being stored in the internal cache (though the application can
+add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
+in any SSL/TLS servers where external caching is configured, any successful
+session lookups in the external cache (ie. for session-resume requests) would
+normally be copied into the local cache before processing continues - this flag
+prevents these additions to the internal cache as well.
+
+=item SSL_SESS_CACHE_NO_INTERNAL
+
+Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
+SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
+
+
 =back
 
 The default mode is SSL_SESS_CACHE_SERVER.
@@ -98,6 +121,7 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
 
 L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
 L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
 L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
 L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
 L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
@@ -105,4 +129,9 @@ L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
 L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
 L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
 
+=head1 HISTORY
+
+SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
+were introduced in OpenSSL 0.9.6h.
+
 =cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
index 5bb21ca..d15b2a3 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
@@ -235,7 +235,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
      * At this point, err contains the last verification error. We can use
      * it for something special
      */
-    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
     {
       X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
       printf("issuer= %s\n", buf);
diff --git a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod b/crypto/openssl/doc/ssl/SSL_alert_type_string.pod
index 7837589..94e28cc 100644
--- a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod
+++ b/crypto/openssl/doc/ssl/SSL_alert_type_string.pod
@@ -8,11 +8,11 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al
 
  #include <openssl/ssl.h>
 
- char *SSL_alert_type_string(int value);
- char *SSL_alert_type_string_long(int value);
+ const char *SSL_alert_type_string(int value);
+ const char *SSL_alert_type_string_long(int value);
 
- char *SSL_alert_desc_string(int value);
- char *SSL_alert_desc_string_long(int value);
+ const char *SSL_alert_desc_string(int value);
+ const char *SSL_alert_desc_string_long(int value);
 
 =head1 DESCRIPTION
 
diff --git a/crypto/openssl/doc/ssl/SSL_rstate_string.pod b/crypto/openssl/doc/ssl/SSL_rstate_string.pod
index 6dbbb99..bdb8a1f 100644
--- a/crypto/openssl/doc/ssl/SSL_rstate_string.pod
+++ b/crypto/openssl/doc/ssl/SSL_rstate_string.pod
@@ -8,8 +8,8 @@ SSL_rstate_string, SSL_rstate_string_long - get textual description of state of
 
  #include <openssl/ssl.h>
 
- char *SSL_rstate_string(SSL *ssl);
- char *SSL_rstate_string_long(SSL *ssl);
+ const char *SSL_rstate_string(SSL *ssl);
+ const char *SSL_rstate_string_long(SSL *ssl);
 
 =head1 DESCRIPTION
 
diff --git a/crypto/openssl/doc/ssl/SSL_state_string.pod b/crypto/openssl/doc/ssl/SSL_state_string.pod
index 4404595..b4be1aa 100644
--- a/crypto/openssl/doc/ssl/SSL_state_string.pod
+++ b/crypto/openssl/doc/ssl/SSL_state_string.pod
@@ -8,8 +8,8 @@ SSL_state_string, SSL_state_string_long - get textual description of state of an
 
  #include <openssl/ssl.h>
 
- char *SSL_state_string(SSL *ssl);
- char *SSL_state_string_long(SSL *ssl);
+ const char *SSL_state_string(SSL *ssl);
+ const char *SSL_state_string_long(SSL *ssl);
 
 =head1 DESCRIPTION
 
diff --git a/crypto/openssl/doc/ssl/ssl.pod b/crypto/openssl/doc/ssl/ssl.pod
index 2dcee03..3dc5358 100644
--- a/crypto/openssl/doc/ssl/ssl.pod
+++ b/crypto/openssl/doc/ssl/ssl.pod
@@ -317,6 +317,10 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
 
+=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
+
 =item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
 
 =item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
@@ -347,7 +351,7 @@ appropriate size (using ???) and return it.
 
 long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
 
-The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
 session instead of a context.
 
 =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
@@ -576,6 +580,10 @@ connection defined in the B<SSL> structure.
 
 =item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
 
+=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
+
 =item void B<SSL_set_options>(SSL *ssl, unsigned long op);
 
 =item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
@@ -669,8 +677,11 @@ L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
 L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
 L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
 L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>,
 L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
+L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>,
 L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
+L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
 L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
 L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
 L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
diff --git a/crypto/openssl/doc/standards.txt b/crypto/openssl/doc/standards.txt
index 61ccc5d..44d263b 100644
--- a/crypto/openssl/doc/standards.txt
+++ b/crypto/openssl/doc/standards.txt
@@ -24,7 +24,8 @@ http://www.rsasecurity.com/rsalabs/pkcs/.
 Implemented:
 ------------
 
-These are documents that describe things that are implemented in OpenSSL.
+These are documents that describe things that are implemented (in
+whole or at least great parts) in OpenSSL.
 
 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
      (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
@@ -41,9 +42,6 @@ These are documents that describe things that are implemented in OpenSSL.
 2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
      January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
 
-2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
-     March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
-
 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
      March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
 
@@ -51,14 +49,44 @@ These are documents that describe things that are implemented in OpenSSL.
      J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
      RFC2313) (Status: INFORMATIONAL)
 
-2459 Internet X.509 Public Key Infrastructure Certificate and CRL
-     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
-     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
-
 PKCS#8: Private-Key Information Syntax Standard
 
 PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
 
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)
+
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
+2898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
+     B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
+     INFORMATIONAL)
+
+2986 PKCS #10: Certification Request Syntax Specification Version 1.7.
+     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
+     (Obsoletes RFC2314) (Status: INFORMATIONAL)
+
+3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
+     September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
+
+3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
+     Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
+     (Status: PROPOSED STANDARD)
+
+3279 Algorithms and Identifiers for the Internet X.509 Public Key
+     Infrastructure Certificate and Certificate Revocation List (CRL)
+     Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
+     TXT=53833 bytes) (Status: PROPOSED STANDARD)
+
+3280 Internet X.509 Public Key Infrastructure Certificate and
+     Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
+     Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
+     RFC2459) (Status: PROPOSED STANDARD)
+
 
 Related:
 --------
@@ -84,19 +112,60 @@ STARTTLS documents.
      Certification and Related Services. B. Kaliski. February 1993.
      (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
 
-2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
-     January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
+2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
+     1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
+
+2510 Internet X.509 Public Key Infrastructure Certificate Management
+     Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
+     bytes) (Status: PROPOSED STANDARD)
+
+2511 Internet X.509 Certificate Request Message Format. M. Myers, C.
+     Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
+     (Status: PROPOSED STANDARD)
+
+2527 Internet X.509 Public Key Infrastructure Certificate Policy and
+     Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
+     (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
+
+2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
+     3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
+     PROPOSED STANDARD)
+
+2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
+     D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
+     PROPOSED STANDARD)
+
+2559 Internet X.509 Public Key Infrastructure Operational Protocols -
+     LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
+     TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
 
 2585 Internet X.509 Public Key Infrastructure Operational Protocols:
      FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
      bytes) (Status: PROPOSED STANDARD)
 
+2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
+     Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
+     (Status: PROPOSED STANDARD)
+
 2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
      (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
 
-2712 Addition of Kerberos Cipher Suites to Transport Layer Security
-     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
-     (Status: PROPOSED STANDARD)
+2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
+     (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
+
+2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
+     1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
+
+2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
+     1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
+
+2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
+     February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
+     EXPERIMENTAL)
+
+2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
+     Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
+     PROPOSED STANDARD)
 
 2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
      2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
@@ -105,6 +174,77 @@ STARTTLS documents.
 2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
      (Status: INFORMATIONAL)
 
+2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
+     2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
+
+2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
+     October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
+
+2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
+     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
+     (Status: INFORMATIONAL)
+
+3029 Internet X.509 Public Key Infrastructure Data Validation and
+     Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
+     R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
+     EXPERIMENTAL)
+
+3039 Internet X.509 Public Key Infrastructure Qualified Certificates
+     Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
+     (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
+
+3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
+     Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
+     (Status: INFORMATIONAL)
+
+3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
+     (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
+     (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
+
+3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
+     October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
+
+3207 SMTP Service Extension for Secure SMTP over Transport Layer
+     Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
+     (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
+
+3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
+     (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
+
+3274 Compressed Data Content Type for Cryptographic Message Syntax
+     (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
+     PROPOSED STANDARD)
+
+3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
+     Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
+     Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
+     INFORMATIONAL)
+
+3281 An Internet Attribute Certificate Profile for Authorization. S.
+     Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
+     PROPOSED STANDARD)
+
+3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
+     (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
+     PROPOSED STANDARD)
+
+3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
+     2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
+     PROPOSED STANDARD)
+
+3377 Lightweight Directory Access Protocol (v3): Technical
+     Specification. J. Hodges, R. Morgan. September 2002. (Format:
+     TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
+     RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
+
+3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
+     R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
+     INFORMATIONAL)
+
+3436 Transport Layer Security over Stream Control Transmission
+     Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
+     (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
+
   "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
  
 
@@ -114,8 +254,3 @@ To be implemented:
 These are documents that describe things that are planed to be
 implemented in the hopefully short future.
 
-2560 X.509 Internet Public Key Infrastructure Online Certificate
-     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
-     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
-     STANDARD)
-
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
index d49c6ef..f7d09c5 100644
--- a/crypto/openssl/e_os.h
+++ b/crypto/openssl/e_os.h
@@ -77,18 +77,24 @@ extern "C" {
 #endif
 
 #ifndef DEVRANDOM
-/* set this to your 'random' device if you have one.
- * My default, we will try to read this file */
-#define DEVRANDOM "/dev/urandom"
+/* set this to a comma-separated list of 'random' device files to try out.
+ * My default, we will try to read at least one of these files */
+#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+#endif
+#ifndef DEVRANDOM_EGD
+/* set this to a comma-seperated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device files
+ * listed in DEVRANDOM did not return enough entropy. */
+#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
 #endif
 
-#if defined(VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS)
 #  define NO_SYS_PARAM_H
 #  define NO_CHMOD
 #  define NO_SYSLOG
 #endif
   
-#if defined(__MWERKS__) && defined(macintosh)
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
 # if macintosh==1
 #  ifndef MAC_OS_GUSI_SOURCE
 #    define MAC_OS_pre_X
@@ -108,23 +114,23 @@ extern "C" {
  ********************************************************************/
 /* The following is used becaue of the small stack in some
  * Microsoft operating systems */
-#if defined(WIN16) || defined(MSDOS)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
 #  define MS_STATIC	static
 #else
 #  define MS_STATIC
 #endif
 
-#if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_UWIN)
+#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
 #  define WIN32
 #endif
-
-#if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__) && !defined(_UWIN)
-#  ifndef WINDOWS
-#    define WINDOWS
-#  endif
-#  ifndef MSDOS
-#    define MSDOS
-#  endif
+#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
+#  define WIN16
+#endif
+#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+#  define MSDOS
 #endif
 
 #if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
@@ -142,20 +148,26 @@ extern "C" {
 #define clear_sys_error()	errno=0
 #endif
 
-#if defined(WINDOWS) && !defined(__CYGWIN32__)  && !defined(_UWIN)
-
+#if defined(WINDOWS)
 #define get_last_socket_error()	WSAGetLastError()
 #define clear_socket_error()	WSASetLastError(0)
 #define readsocket(s,b,n)	recv((s),(b),(n),0)
 #define writesocket(s,b,n)	send((s),(b),(n),0)
 #define EADDRINUSE		WSAEADDRINUSE
+#elif defined(__DJGPP__)
+#define WATT32
+#define get_last_socket_error()	errno
+#define clear_socket_error()	errno=0
+#define closesocket(s)		close_s(s)
+#define readsocket(s,b,n)	read_s(s,b,n)
+#define writesocket(s,b,n)	send(s,b,n,0)
 #elif defined(MAC_OS_pre_X)
 #define get_last_socket_error()	errno
 #define clear_socket_error()	errno=0
 #define closesocket(s)		MacSocket_close(s)
 #define readsocket(s,b,n)	MacSocket_recv((s),(b),(n),true)
 #define writesocket(s,b,n)	MacSocket_send((s),(b),(n))
-#elif defined(VMS)
+#elif defined(OPENSSL_SYS_VMS)
 #define get_last_socket_error() errno
 #define clear_socket_error()    errno=0
 #define ioctlsocket(a,b,c)      ioctl(a,b,c)
@@ -172,7 +184,7 @@ extern "C" {
 #endif
 
 #ifdef WIN16
-#  define NO_FP_API
+#  define OPENSSL_NO_FP_API
 #  define MS_CALLBACK	_far _loadds
 #  define MS_FAR	_far
 #else
@@ -180,11 +192,22 @@ extern "C" {
 #  define MS_FAR
 #endif
 
-#ifdef NO_STDIO
-#  define NO_FP_API
+#ifdef OPENSSL_NO_STDIO
+#  define OPENSSL_NO_FP_API
 #endif
 
-#if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__) && !defined(_UWIN)
+#if (defined(WINDOWS) || defined(MSDOS))
+
+#  ifdef __DJGPP__
+#    include <unistd.h>
+#    include <sys/stat.h>
+#    include <sys/socket.h>
+#    include <tcp.h>
+#    include <netdb.h>
+#    define _setmode setmode
+#    define _O_TEXT O_TEXT
+#    define _O_BINARY O_BINARY
+#  endif /* __DJGPP__ */
 
 #  ifndef S_IFDIR
 #    define S_IFDIR	_S_IFDIR
@@ -194,7 +217,7 @@ extern "C" {
 #    define S_IFMT	_S_IFMT
 #  endif
 
-#  if !defined(WINNT)
+#  if !defined(WINNT) && !defined(__DJGPP__)
 #    define NO_SYSLOG
 #  endif
 #  define NO_DIRENT
@@ -209,6 +232,10 @@ extern "C" {
 #  include <io.h>
 #  include <fcntl.h>
 
+#  ifdef OPENSSL_SYS_WINCE
+#    include <winsock_extras.h>
+#  endif
+
 #  define ssize_t long
 
 #  if defined (__BORLANDC__)
@@ -219,10 +246,11 @@ extern "C" {
 #    define _kbhit kbhit
 #  endif
 
-#  if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
-#    define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+#  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+#    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+#    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
 #  else
-#    define EXIT(n)		return(n);
+#    define EXIT(n) return(n)
 #  endif
 #  define LIST_SEPARATOR_CHAR ';'
 #  ifndef X_OK
@@ -238,15 +266,16 @@ extern "C" {
 #  define SSLEAY_CONF	OPENSSL_CONF
 #  define NUL_DEV	"nul"
 #  define RFILE		".rnd"
-#  define DEFAULT_HOME  "C:"
+#  ifdef OPENSSL_SYS_WINCE
+#    define DEFAULT_HOME  ""
+#  else
+#    define DEFAULT_HOME  "C:"
+#  endif
 
 #else /* The non-microsoft world world */
 
-#  if defined(__VMS) && !defined(VMS)
-#  define VMS 1
-#  endif
-
-#  ifdef VMS
+#  ifdef OPENSSL_SYS_VMS
+#    define VMS 1
   /* some programs don't include stdlib, so exit() and others give implicit 
      function warnings */
 #    include <stdlib.h>
@@ -260,6 +289,8 @@ extern "C" {
 #    define RFILE		".rnd"
 #    define LIST_SEPARATOR_CHAR ','
 #    define NUL_DEV		"NLA0:"
+  /* We don't have any well-defined random devices on VMS, yet... */
+#    undef DEVRANDOM
   /* We need to do this since VMS has the following coding on status codes:
 
      Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
@@ -275,22 +306,17 @@ extern "C" {
      the status is tagged as an error, which I believe is what is wanted here.
      -- Richard Levitte
   */
-#    if !defined(MONOLITH) || defined(OPENSSL_C)
-#      define EXIT(n)		do { int __VMS_EXIT = n; \
+#    define EXIT(n)		do { int __VMS_EXIT = n; \
                                      if (__VMS_EXIT == 0) \
 				       __VMS_EXIT = 1; \
 				     else \
 				       __VMS_EXIT = (n << 3) | 2; \
                                      __VMS_EXIT |= 0x10000000; \
-				     exit(__VMS_EXIT); \
-				     return(__VMS_EXIT); } while(0)
-#    else
-#      define EXIT(n)		return(n)
-#    endif
+				     exit(__VMS_EXIT); } while(0)
 #    define NO_SYS_PARAM_H
 #  else
      /* !defined VMS */
-#    ifdef MPE
+#    ifdef OPENSSL_SYS_MPE
 #      define NO_SYS_PARAM_H
 #    endif
 #    ifdef OPENSSL_UNISTD
@@ -301,13 +327,13 @@ extern "C" {
 #    ifndef NO_SYS_TYPES_H
 #      include <sys/types.h>
 #    endif
-#    if defined(NeXT) || defined(NEWS4)
+#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
 #      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
                          * (unless when compiling with -D_POSIX_SOURCE,
                          * which doesn't work for us) */
 #      define ssize_t int /* ditto */
 #    endif
-#    ifdef NEWS4 /* setvbuf is missing on mips-sony-bsd */
+#    ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
 #      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
        typedef unsigned long clock_t;
 #    endif
@@ -317,11 +343,7 @@ extern "C" {
 #    define RFILE		".rnd"
 #    define LIST_SEPARATOR_CHAR ':'
 #    define NUL_DEV		"/dev/null"
-#    ifndef MONOLITH
-#      define EXIT(n)		exit(n); return(n)
-#    else
-#      define EXIT(n)		return(n)
-#    endif
+#    define EXIT(n)		exit(n)
 #  endif
 
 #  define SSLeay_getpid()	getpid()
@@ -335,18 +357,23 @@ extern "C" {
 #  if defined(WINDOWS) || defined(MSDOS)
       /* windows world */
 
-#    ifdef NO_SOCK
+#    ifdef OPENSSL_NO_SOCK
 #      define SSLeay_Write(a,b,c)	(-1)
 #      define SSLeay_Read(a,b,c)	(-1)
 #      define SHUTDOWN(fd)		close(fd)
 #      define SHUTDOWN2(fd)		close(fd)
-#    else
+#    elif !defined(__DJGPP__)
 #      include <winsock.h>
 extern HINSTANCE _hInstance;
 #      define SSLeay_Write(a,b,c)	send((a),(b),(c),0)
 #      define SSLeay_Read(a,b,c)	recv((a),(b),(c),0)
 #      define SHUTDOWN(fd)		{ shutdown((fd),0); closesocket(fd); }
 #      define SHUTDOWN2(fd)		{ shutdown((fd),2); closesocket(fd); }
+#    else
+#      define SSLeay_Write(a,b,c)	write_s(a,b,c,0)
+#      define SSLeay_Read(a,b,c)	read_s(a,b,c)
+#      define SHUTDOWN(fd)		close_s(fd)
+#      define SHUTDOWN2(fd)		close_s(fd)
 #    endif
 
 #  elif defined(MAC_OS_pre_X)
@@ -362,14 +389,14 @@ extern HINSTANCE _hInstance;
 #    ifndef NO_SYS_PARAM_H
 #      include <sys/param.h>
 #    endif
-#    ifdef VXWORKS
+#    ifdef OPENSSL_SYS_VXWORKS
 #      include <time.h> 
-#    elif !defined(MPE)
+#    elif !defined(OPENSSL_SYS_MPE)
 #      include <sys/time.h> /* Needed under linux for FD_XXX */
 #    endif
 
 #    include <netdb.h>
-#    if defined(VMS) && !defined(__DECC)
+#    if defined(OPENSSL_SYS_VMS_NODECC)
 #      include <socket.h>
 #      include <in.h>
 #      include <inet.h>
@@ -387,7 +414,7 @@ extern HINSTANCE _hInstance;
 #      include <sys/types.h>
 #    endif
 
-#    ifdef AIX
+#    ifdef OPENSSL_SYS_AIX
 #      include <sys/select.h>
 #    endif
 
@@ -419,7 +446,9 @@ extern HINSTANCE _hInstance;
 #    define SSLeay_Write(a,b,c)    write((a),(b),(c))
 #    define SHUTDOWN(fd)    { shutdown((fd),0); closesocket((fd)); }
 #    define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }
+#    ifndef INVALID_SOCKET
 #    define INVALID_SOCKET	(-1)
+#    endif /* INVALID_SOCKET */
 #  endif
 #endif
 
@@ -441,6 +470,14 @@ extern char *sys_errlist[]; extern int sys_nerr;
 	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
 #endif
 
+#ifndef OPENSSL_EXIT
+# if defined(MONOLITH) && !defined(OPENSSL_C)
+#  define OPENSSL_EXIT(n) return(n)
+# else
+#  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
+# endif
+#endif
+
 /***********************************************/
 
 /* do we need to do this for getenv.
@@ -460,22 +497,46 @@ extern char *sys_errlist[]; extern int sys_nerr;
 #ifdef sgi
 #define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */
 #endif
-#ifdef SNI
+#ifdef OPENSSL_SYS_SNI
 #define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
 #endif
 
-#ifdef NO_MD2
-#define MD2_Init MD2Init
-#define MD2_Update MD2Update
-#define MD2_Final MD2Final
-#define MD2_DIGEST_LENGTH 16
+#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
+# include <io.h>
+# include <fcntl.h>
+# define NO_SYSLOG
+# define strcasecmp stricmp
+#endif
+
+/* vxworks */
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <ioLib.h>
+#include <tickLib.h>
+#include <sysLib.h>
+
+#define TTY_STRUCT int
+
+#define sleep(a) taskDelay((a) * sysClkRateGet())
+#if defined(ioctlsocket)
+#undef ioctlsocket
 #endif
-#ifdef NO_MD5
-#define MD5_Init MD5Init 
-#define MD5_Update MD5Update
-#define MD5_Final MD5Final
-#define MD5_DIGEST_LENGTH 16
+#define ioctlsocket(a,b,c) ioctl((a),(b),*(c))
+
+#include <vxWorks.h>
+#include <sockLib.h>
+#include <taskLib.h>
+
+#define getpid taskIdSelf
+
+/* NOTE: these are implemented by helpers in database app!
+ * if the database is not linked, we need to implement them
+ * elswhere */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
 #endif
+/* end vxworks */
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/e_os2.h b/crypto/openssl/e_os2.h
index 3d1dec1..81be302 100644
--- a/crypto/openssl/e_os2.h
+++ b/crypto/openssl/e_os2.h
@@ -1,15 +1,206 @@
 /* e_os2.h */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
 
 #ifndef HEADER_E_OS2_H
 #define HEADER_E_OS2_H
 
-#include <openssl/opensslconf.h> /* OPENSSL_UNISTD */
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef MSDOS
+/******************************************************************************
+ * Detect operating systems.  This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+#define OPENSSL_SYS_UNIX
+
+/* ----------------------- Macintosh, before MacOS X ----------------------- */
+#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_MACINTOSH_CLASSIC
+#endif
+
+/* ---------------------- Microsoft operating systems ---------------------- */
+
+/* The 16 bit environments are pretty straightforward */
+#if defined(OPENSSL_SYSNAME_WIN16) || defined(OPENSSL_SYSNAME_MSDOS)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_MSDOS
+#endif
+#if defined(OPENSSL_SYSNAME_WIN16)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN16
+#endif
+
+/* For 32 bit environment, there seems to be the CygWin environment and then
+   all the others that try to do the same thing Microsoft does... */
+#if defined(OPENSSL_SYSNAME_UWIN)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN32_UWIN
+#else
+# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WIN32_CYGWIN
+# else
+#  if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
+#   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_WIN32
+#  endif
+#  if defined(OPENSSL_SYSNAME_WINNT)
+#   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_WINNT
+#  endif
+#  if defined(OPENSSL_SYSNAME_WINCE)
+#   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_WINCE
+#  endif
+# endif
+#endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_SYS_MSDOS
+#  define OPENSSL_SYS_MSDOS
+# endif
+#endif
+
+/* DLL settings.  This part is a bit tough, because it's up to the application
+   implementor how he or she will link the application, so it requires some
+   macro to be used. */
+#ifdef OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_OPT_WINDLL
+#  if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
+                          DLL linkage should be used */
+#   define OPENSSL_OPT_WINDLL
+#  endif
+# endif
+#endif
+
+/* -------------------------------- OpenVMS -------------------------------- */
+#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_VMS
+# if defined(__DECC)
+#  define OPENSSL_SYS_VMS_DECC
+# elif defined(__DECCXX)
+#  define OPENSSL_SYS_VMS_DECC
+#  define OPENSSL_SYS_VMS_DECCXX
+# else
+#  define OPENSSL_SYS_VMS_NODECC
+# endif
+#endif
+
+/* --------------------------------- OS/2 ---------------------------------- */
+#if defined(__EMX__) || defined(__OS2__)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_OS2
+#endif
+
+/* --------------------------------- Unix ---------------------------------- */
+#ifdef OPENSSL_SYS_UNIX
+# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
+#  define OPENSSL_SYS_LINUX
+# endif
+# ifdef OPENSSL_SYSNAME_MPE
+#  define OPENSSL_SYS_MPE
+# endif
+# ifdef OPENSSL_SYSNAME_SNI
+#  define OPENSSL_SYS_SNI
+# endif
+# ifdef OPENSSL_SYSNAME_ULTRASPARC
+#  define OPENSSL_SYS_ULTRASPARC
+# endif
+# ifdef OPENSSL_SYSNAME_NEWS4
+#  define OPENSSL_SYS_NEWS4
+# endif
+# ifdef OPENSSL_SYSNAME_MACOSX
+#  define OPENSSL_SYS_MACOSX
+# endif
+# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
+#  define OPENSSL_SYS_MACOSX_RHAPSODY
+#  define OPENSSL_SYS_MACOSX
+# endif
+# ifdef OPENSSL_SYSNAME_SUNOS
+#  define OPENSSL_SYS_SUNOS
+#endif
+# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
+#  define OPENSSL_SYS_CRAY
+# endif
+# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
+#  define OPENSSL_SYS_AIX
+# endif
+#endif
+
+/* ------------------------------- VxWorks --------------------------------- */
+#ifdef OPENSSL_SYSNAME_VXWORKS
+# define OPENSSL_SYS_VXWORKS
+#endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+
+/* Specials for I/O an exit */
+#ifdef OPENSSL_SYS_MSDOS
 # define OPENSSL_UNISTD_IO <io.h>
 # define OPENSSL_DECLARE_EXIT extern void exit(int);
 #else
@@ -17,22 +208,63 @@ extern "C" {
 # define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
 #endif
 
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN,
-   to define and declare certain global
-   symbols that, with some compilers under VMS, have to be defined and
-   declared explicitely with globaldef and globalref.  On other OS:es,
-   these macros are defined with something sensible. */
+/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
+   certain global symbols that, with some compilers under VMS, have to be
+   defined and declared explicitely with globaldef and globalref.
+   Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
+   DLL exports and imports for compilers under Win32.  These are a little
+   more complicated to use.  Basically, for any library that exports some
+   global variables, the following code must be present in the header file
+   that declares them, before OPENSSL_EXTERN is used:
+
+   #ifdef SOME_BUILD_FLAG_MACRO
+   # undef OPENSSL_EXTERN
+   # define OPENSSL_EXTERN OPENSSL_EXPORT
+   #endif
+
+   The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
+   have some generally sensible values, and for OPENSSL_EXTERN to have the
+   value OPENSSL_IMPORT.
+*/
 
-#if defined(VMS) && !defined(__DECC) && !defined(__DECCXX)
-# define OPENSSL_EXTERN globalref
+#if defined(OPENSSL_SYS_VMS_NODECC)
+# define OPENSSL_EXPORT globalref
+# define OPENSSL_IMPORT globalref
 # define OPENSSL_GLOBAL globaldef
+#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+# define OPENSSL_EXPORT extern _declspec(dllexport)
+# define OPENSSL_IMPORT extern _declspec(dllimport)
+# define OPENSSL_GLOBAL
 #else
-# define OPENSSL_EXTERN extern
+# define OPENSSL_EXPORT extern
+# define OPENSSL_IMPORT extern
 # define OPENSSL_GLOBAL
 #endif
+#define OPENSSL_EXTERN OPENSSL_IMPORT
+
+/* Macros to allow global variables to be reached through function calls when
+   required (if a shared library version requvres it, for example.
+   The way it's done allows definitions like this:
+
+	// in foobar.c
+	OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;
+	// in foobar.h
+	OPENSSL_DECLARE_GLOBAL(int,foobar);
+	#define foobar OPENSSL_GLOBAL_REF(foobar)
+*/
+#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) static type _hide_##name; \
+        type *_shadow_##name(void) { return &_hide_##name; } \
+        static type _hide_##name
+# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+#else
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
+# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+# define OPENSSL_GLOBAL_REF(name) _shadow_##name
+#endif
 
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec
index 9bd9edb..4d68d70 100644
--- a/crypto/openssl/openssl.spec
+++ b/crypto/openssl/openssl.spec
@@ -1,15 +1,15 @@
 %define libmaj 0
 %define libmin 9
-%define librel 6
-%define librev g
+%define librel 7
+#%define librev a
 Release: 1
 
 %define openssldir /var/ssl
 
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-#Version: %{libmaj}.%{libmin}.%{librel}
-Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+Version: %{libmaj}.%{libmin}.%{librel}
+#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 Copyright: Freely distributable
 Group: System Environment/Libraries
@@ -109,10 +109,6 @@ for x in $RPM_BUILD_ROOT/usr/man/man*/*
 	do mv ${x} ${x}ssl
 done
 
-# Install RSAref stuff
-install -m644 rsaref/rsaref.h $RPM_BUILD_ROOT/usr/include/openssl
-install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib
-
 # Make backwards-compatibility symlink to ssleay
 ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
 
@@ -156,7 +152,8 @@ ldconfig
 %changelog
 * Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
 - Removed redundant subsection that re-installed libcrypto.a and libssl.a
-  as well.
+  as well.  Also remove RSAref stuff completely, since it's not needed
+  any more.
 * Thu Mar 15 2001 Jeremiah Johnson <jjohnson@penguincomputing.com>
 - Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
   libssl.so.0.9.6.  As well as the subsection that created symlinks for
diff --git a/crypto/openssl/os2/OS2-EMX.cmd b/crypto/openssl/os2/OS2-EMX.cmd
new file mode 100644
index 0000000..acab99a
--- /dev/null
+++ b/crypto/openssl/os2/OS2-EMX.cmd
@@ -0,0 +1,66 @@
+@echo off
+
+perl Configure OS2-EMX
+perl util\mkfiles.pl > MINFO
+
+@rem create make file
+perl util\mk1mf.pl OS2-EMX > OS2-EMX.mak
+perl util\mk1mf.pl dll OS2-EMX > OS2-EMX-DLL.mak
+
+echo Generating export definition files
+perl util\mkdef.pl crypto OS2 > os2\crypto.def
+perl util\mkdef.pl ssl OS2 > os2\ssl.def
+
+echo Generating x86 for GNU assember
+
+echo Bignum
+cd crypto\bn\asm
+rem perl x86.pl a.out > bn-os2.asm
+perl bn-586.pl a.out > bn-os2.asm 
+perl co-586.pl a.out > co-os2.asm 
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl a.out > d-os2.asm
+cd ..\..\..
+
+echo crypt(3)
+cd crypto\des\asm
+perl crypt586.pl a.out > y-os2.asm
+cd ..\..\..
+
+echo Blowfish
+cd crypto\bf\asm
+perl bf-586.pl a.out > b-os2.asm
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl a.out > c-os2.asm
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl a.out > r4-os2.asm
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl a.out > m5-os2.asm
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl a.out > s1-os2.asm
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl a.out > rm-os2.asm
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl a.out > r5-os2.asm
+cd ..\..\..
diff --git a/crypto/openssl/ssl/Makefile.ssl b/crypto/openssl/ssl/Makefile.ssl
index 4b8053a..e36a79b 100644
--- a/crypto/openssl/ssl/Makefile.ssl
+++ b/crypto/openssl/ssl/Makefile.ssl
@@ -5,15 +5,18 @@
 DIR=	ssl
 TOP=	..
 CC=	cc
-INCLUDES= -I../crypto -I../include
+INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+# KRB5 stuff
+KRB5_INCLUDES=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
@@ -22,6 +25,7 @@ TEST=ssltest.c
 APPS=
 
 LIB=$(TOP)/libssl.a
+SHARED_LIB= libssl$(SHLIB_EXT)
 LIBSRC=	\
 	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
 	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
@@ -30,7 +34,7 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c \
-	bio_ssl.c ssl_err.c
+	bio_ssl.c ssl_err.c kssl.c
 LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
@@ -39,26 +43,30 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o \
-	bio_ssl.o ssl_err.o
+	bio_ssl.o ssl_err.o kssl.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
-HEADER=	$(EXHEADER) ssl_locl.h
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h
+HEADER=	$(EXHEADER) ssl_locl.h kssl_lcl.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all:	lib
+all:	lib shared
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+shared:
+	if [ -n "$(SHARED_LIBS)" ]; then \
+		(cd ..; $(MAKE) $(SHARED_LIB)); \
+	fi
+
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
@@ -84,7 +92,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -95,18 +103,20 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-bio_ssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+bio_ssl.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+bio_ssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bio_ssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bio_ssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bio_ssl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-bio_ssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-bio_ssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bio_ssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bio_ssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+bio_ssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 bio_ssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -115,134 +125,176 @@ bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-bio_ssl.o: ../include/openssl/x509_vfy.h
-s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+bio_ssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c
+kssl.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+kssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+kssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+kssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+kssl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+kssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+kssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+kssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+kssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+kssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+kssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+kssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+kssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+kssl.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+kssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+kssl.o: ../include/openssl/x509_vfy.h kssl.c
+s23_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s23_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s23_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s23_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c
+s23_clnt.o: ssl_locl.h
+s23_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s23_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s23_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s23_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h
+s23_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s23_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s23_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s23_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h
+s23_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s23_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s23_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s23_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h
+s23_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s23_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s23_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s2_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s23_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
+s23_srvr.o: ssl_locl.h
+s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -251,21 +303,24 @@ s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
+s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
 s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
@@ -274,21 +329,24 @@ s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_lib.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
+s2_enc.o: ssl_locl.h
+s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
@@ -297,42 +355,49 @@ s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
+s2_lib.o: ssl_locl.h
+s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s2_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s2_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
+s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
 s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
@@ -341,21 +406,24 @@ s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
+s2_pkt.o: ssl_locl.h
+s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -364,45 +432,50 @@ s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
+s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_both.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_both.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_both.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_both.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s3_both.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s3_both.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_both.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_both.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
+s3_both.o: ssl_locl.h
+s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -411,156 +484,176 @@ s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
+s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s3_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s3_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
+s3_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s3_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s3_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h
+s3_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s3_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s3_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h
+s3_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s3_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s3_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
+s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
 s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
 s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
 s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_srvr.o: s3_srvr.c ssl_locl.h
+ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_algs.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_algs.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_algs.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 ssl_algs.o: ../include/openssl/md4.h ../include/openssl/md5.h
 ssl_algs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_asn1.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
-ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_algs.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_algs.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
+ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -569,22 +662,24 @@ ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_cert.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
+ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_cert.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_cert.o: ../include/openssl/des.h ../include/openssl/des_old.h
 ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_cert.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_cert.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
@@ -593,42 +688,48 @@ ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_cert.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_cert.o: ../include/openssl/x509v3.h ssl_locl.h
-ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h
+ssl_ciph.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_ciph.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_ciph.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_ciph.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_ciph.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 ssl_ciph.o: ../include/openssl/md4.h ../include/openssl/md5.h
 ssl_ciph.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_ciph.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_ciph.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_ciph.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h
+ssl_err.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_err.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_err.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_err.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_err.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 ssl_err.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -637,20 +738,23 @@ ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err.o: ../include/openssl/x509_vfy.h
-ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err2.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_err.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_err.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c
+ssl_err2.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_err2.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err2.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err2.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err2.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_err2.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_err2.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err2.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_err2.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 ssl_err2.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -659,21 +763,24 @@ ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err2.o: ../include/openssl/x509_vfy.h
+ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
+ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
 ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -682,44 +789,50 @@ ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
-ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
+ssl_lib.o: ssl_lib.c ssl_locl.h
+ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_rsa.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_rsa.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 ssl_rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
 ssl_rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_sess.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
+ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
 ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -728,162 +841,184 @@ ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
+ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_stat.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_stat.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_stat.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 ssl_stat.o: ../include/openssl/md4.h ../include/openssl/md5.h
 ssl_stat.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_stat.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_stat.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_stat.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c
+ssl_txt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_txt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_txt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_txt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_txt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 ssl_txt.o: ../include/openssl/md4.h ../include/openssl/md5.h
 ssl_txt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_txt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_txt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_txt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c
+t1_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 t1_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
 t1_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+t1_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_clnt.o: t1_clnt.c
+t1_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_enc.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 t1_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
 t1_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
-t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_enc.o: t1_enc.c
+t1_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 t1_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
 t1_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_lib.c
+t1_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 t1_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
 t1_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c
+t1_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
 t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 t1_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
 t1_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+t1_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_srvr.o: t1_srvr.c
diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c
index d85555a..467e149 100644
--- a/crypto/openssl/ssl/bio_ssl.c
+++ b/crypto/openssl/ssl/bio_ssl.c
@@ -206,6 +206,10 @@ static int ssl_read(BIO *b, char *out, int outl)
 		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_SSL_X509_LOOKUP;
 		break;
+	case SSL_ERROR_WANT_ACCEPT:
+		BIO_set_retry_special(b);
+		retry_reason=BIO_RR_ACCEPT;
+		break;
 	case SSL_ERROR_WANT_CONNECT:
 		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_CONNECT;
@@ -482,7 +486,9 @@ static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
 		{
 	case BIO_CTRL_SET_CALLBACK:
 		{
-		SSL_set_info_callback(ssl,fp);
+		/* FIXME: setting this via a completely different prototype
+		   seems like a crap idea */
+		SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
 		}
 		break;
 	default:
diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c
new file mode 100644
index 0000000..327b92f
--- /dev/null
+++ b/crypto/openssl/ssl/kssl.c
@@ -0,0 +1,2157 @@
+/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/*  ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl
+**
+**  19990701	VRS 	Started.
+**  200011??	Jeffrey Altman, Richard Levitte
+**          		Generalized for Heimdal, Newer MIT, & Win32.
+**          		Integrated into main OpenSSL 0.9.7 snapshots.
+**  20010413	Simon Wilkinson, VRS
+**          		Real RFC2712 KerberosWrapper replaces AP_REQ.
+*/
+
+#include <openssl/opensslconf.h>
+
+#define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */
+#include <time.h>
+#include <string.h>
+
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/krb5_asn.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+/* 
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the Kerberos DLLs be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all Kerberos routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+/* 
+ * The purpose of the following pre-processor statements is to provide
+ * compatibility with different releases of MIT Kerberos for Windows.
+ * All versions up to 1.2 used macros.  But macros do not allow for
+ * a binary compatible interface for DLLs.  Therefore, all macros are
+ * being replaced by function calls.  The following code will allow
+ * an OpenSSL DLL built on Windows to work whether or not the macro
+ * or function form of the routines are utilized.
+ */
+#ifdef  krb5_cc_get_principal
+#define NO_DEF_KRB5_CCACHE
+#undef  krb5_cc_get_principal
+#endif
+#define krb5_cc_get_principal    kssl_krb5_cc_get_principal
+
+#define krb5_free_data_contents  kssl_krb5_free_data_contents   
+#define krb5_free_context        kssl_krb5_free_context         
+#define krb5_auth_con_free       kssl_krb5_auth_con_free        
+#define krb5_free_principal      kssl_krb5_free_principal       
+#define krb5_mk_req_extended     kssl_krb5_mk_req_extended      
+#define krb5_get_credentials     kssl_krb5_get_credentials      
+#define krb5_cc_default          kssl_krb5_cc_default           
+#define krb5_sname_to_principal  kssl_krb5_sname_to_principal   
+#define krb5_init_context        kssl_krb5_init_context         
+#define krb5_free_ticket         kssl_krb5_free_ticket          
+#define krb5_rd_req              kssl_krb5_rd_req               
+#define krb5_kt_default          kssl_krb5_kt_default           
+#define krb5_kt_resolve          kssl_krb5_kt_resolve           
+/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
+#ifndef krb5_kt_close
+#define krb5_kt_close            kssl_krb5_kt_close
+#endif /* krb5_kt_close */
+#ifndef krb5_kt_get_entry
+#define krb5_kt_get_entry        kssl_krb5_kt_get_entry
+#endif /* krb5_kt_get_entry */
+#define krb5_auth_con_init       kssl_krb5_auth_con_init        
+
+#define krb5_principal_compare   kssl_krb5_principal_compare
+#define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
+#define krb5_timeofday           kssl_krb5_timeofday
+#define krb5_rc_default           kssl_krb5_rc_default
+
+#ifdef krb5_rc_initialize
+#undef krb5_rc_initialize
+#endif
+#define krb5_rc_initialize   kssl_krb5_rc_initialize
+
+#ifdef krb5_rc_get_lifespan
+#undef krb5_rc_get_lifespan
+#endif
+#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
+
+#ifdef krb5_rc_destroy
+#undef krb5_rc_destroy
+#endif
+#define krb5_rc_destroy      kssl_krb5_rc_destroy
+
+#define valid_cksumtype      kssl_valid_cksumtype
+#define krb5_checksum_size   kssl_krb5_checksum_size
+#define krb5_kt_free_entry   kssl_krb5_kt_free_entry
+#define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache
+#define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache
+#define krb5_get_server_rcache   kssl_krb5_get_server_rcache
+
+/* Prototypes for built in stubs */
+void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
+void kssl_krb5_free_principal(krb5_context, krb5_principal );
+krb5_error_code kssl_krb5_kt_resolve(krb5_context,
+                                     krb5_const char *,
+                                     krb5_keytab *);
+krb5_error_code kssl_krb5_kt_default(krb5_context,
+                                     krb5_keytab *);
+krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
+krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, 
+                                 krb5_const krb5_data *,
+                                 krb5_const_principal, krb5_keytab, 
+                                 krb5_flags *,krb5_ticket **);
+
+krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
+                                         krb5_const_principal);
+krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
+                                          krb5_auth_context  *,
+                                          krb5_const krb5_flags,
+                                          krb5_data  *,
+                                          krb5_creds  *,
+                                          krb5_data  * );
+krb5_error_code kssl_krb5_init_context(krb5_context *);
+void kssl_krb5_free_context(krb5_context);
+krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache  *);
+krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
+                                             krb5_const char  *,
+                                             krb5_const char  *,
+                                             krb5_int32,
+                                             krb5_principal  *);
+krb5_error_code kssl_krb5_get_credentials(krb5_context,
+                                          krb5_const krb5_flags,
+                                          krb5_ccache,
+                                          krb5_creds  *,
+                                          krb5_creds  *  *);
+krb5_error_code kssl_krb5_auth_con_init(krb5_context,
+                                        krb5_auth_context  *);
+krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, 
+                                           krb5_ccache cache,
+                                           krb5_principal *principal);
+krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);
+size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);
+krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
+krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );
+krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, 
+                                             krb5_auth_context, 
+                                             krb5_rcache);
+krb5_error_code kssl_krb5_get_server_rcache(krb5_context, 
+                                            krb5_const krb5_data *,
+                                            krb5_rcache *);
+krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, 
+                                             krb5_auth_context,
+                                             krb5_rcache *);
+
+/* Function pointers (almost all Kerberos functions are _stdcall) */
+static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)
+	=NULL;
+static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )
+	=NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_resolve)
+			(krb5_context, krb5_const char *, krb5_keytab *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context,
+                                                     krb5_keytab *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, 
+                                                      krb5_ticket *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, 
+                                                 krb5_auth_context *, 
+                                                 krb5_const krb5_data *,
+                                                 krb5_const_principal, 
+                                                 krb5_keytab, krb5_flags *,
+                                                 krb5_ticket **)=NULL;
+static krb5_error_code (_stdcall *p_krb5_mk_req_extended)
+			(krb5_context, krb5_auth_context *,
+			 krb5_const krb5_flags, krb5_data *, krb5_creds *,
+			 krb5_data * )=NULL;
+static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL;
+static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL;
+static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context,
+                                                     krb5_ccache  *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_sname_to_principal)
+			(krb5_context, krb5_const char *, krb5_const char *,
+			 krb5_int32, krb5_principal *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_get_credentials)
+			(krb5_context, krb5_const krb5_flags, krb5_ccache,
+			 krb5_creds *, krb5_creds **)=NULL;
+static krb5_error_code (_stdcall *p_krb5_auth_con_init)
+			(krb5_context, krb5_auth_context *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_cc_get_principal)
+			(krb5_context context, krb5_ccache cache,
+			 krb5_principal *principal)=NULL;
+static krb5_error_code (_stdcall *p_krb5_auth_con_free)
+			(krb5_context, krb5_auth_context)=NULL;
+static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)
+                        (krb5_context, krb5_const krb5_keyblock *,
+                                           krb5_ticket *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_timeofday)
+                        (krb5_context context, krb5_int32 *timeret)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_default)
+                        (krb5_context context, krb5_rcache *rc)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_initialize)
+                        (krb5_context context, krb5_rcache rc,
+                                     krb5_deltat lifespan)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)
+                        (krb5_context context, krb5_rcache rc,
+                                       krb5_deltat *lifespan)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_destroy)
+                        (krb5_context context, krb5_rcache rc)=NULL;
+static krb5_boolean (_stdcall *p_krb5_principal_compare)
+                     (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;
+static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;
+static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;
+static krb5_error_code (_stdcall *p_krb5_kt_free_entry)
+                        (krb5_context,krb5_keytab_entry * )=NULL;
+static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context, 
+                                                               krb5_auth_context, 
+                                                               krb5_rcache)=NULL;
+static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context, 
+                                                              krb5_const krb5_data *, 
+                                                              krb5_rcache *)=NULL;
+static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context, 
+                                                      krb5_auth_context,
+                                                      krb5_rcache *)=NULL;
+static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context, 
+                                                    krb5_keytab keytab)=NULL;
+static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context, 
+                                                        krb5_keytab keytab,
+                       krb5_const_principal principal, krb5_kvno vno,
+                       krb5_enctype enctype, krb5_keytab_entry *entry)=NULL;
+static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */
+
+/* Function to Load the Kerberos 5 DLL and initialize function pointers */
+void
+load_krb5_dll(void)
+	{
+	HANDLE hKRB5_32;
+    
+	krb5_loaded++;
+	hKRB5_32 = LoadLibrary("KRB5_32");
+	if (!hKRB5_32)
+		return;
+
+	(FARPROC) p_krb5_free_data_contents =
+		GetProcAddress( hKRB5_32, "krb5_free_data_contents" );
+	(FARPROC) p_krb5_free_context =
+		GetProcAddress( hKRB5_32, "krb5_free_context" );
+	(FARPROC) p_krb5_auth_con_free =
+		GetProcAddress( hKRB5_32, "krb5_auth_con_free" );
+	(FARPROC) p_krb5_free_principal =
+		GetProcAddress( hKRB5_32, "krb5_free_principal" );
+	(FARPROC) p_krb5_mk_req_extended =
+		GetProcAddress( hKRB5_32, "krb5_mk_req_extended" );
+	(FARPROC) p_krb5_get_credentials =
+		GetProcAddress( hKRB5_32, "krb5_get_credentials" );
+	(FARPROC) p_krb5_cc_get_principal =
+		GetProcAddress( hKRB5_32, "krb5_cc_get_principal" );
+	(FARPROC) p_krb5_cc_default =
+		GetProcAddress( hKRB5_32, "krb5_cc_default" );
+	(FARPROC) p_krb5_sname_to_principal =
+		GetProcAddress( hKRB5_32, "krb5_sname_to_principal" );
+	(FARPROC) p_krb5_init_context =
+		GetProcAddress( hKRB5_32, "krb5_init_context" );
+	(FARPROC) p_krb5_free_ticket =
+		GetProcAddress( hKRB5_32, "krb5_free_ticket" );
+	(FARPROC) p_krb5_rd_req =
+		GetProcAddress( hKRB5_32, "krb5_rd_req" );
+	(FARPROC) p_krb5_principal_compare =
+		GetProcAddress( hKRB5_32, "krb5_principal_compare" );
+	(FARPROC) p_krb5_decrypt_tkt_part =
+		GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" );
+	(FARPROC) p_krb5_timeofday =
+		GetProcAddress( hKRB5_32, "krb5_timeofday" );
+	(FARPROC) p_krb5_rc_default =
+		GetProcAddress( hKRB5_32, "krb5_rc_default" );
+	(FARPROC) p_krb5_rc_initialize =
+		GetProcAddress( hKRB5_32, "krb5_rc_initialize" );
+	(FARPROC) p_krb5_rc_get_lifespan =
+		GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" );
+	(FARPROC) p_krb5_rc_destroy =
+		GetProcAddress( hKRB5_32, "krb5_rc_destroy" );
+	(FARPROC) p_krb5_kt_default =
+		GetProcAddress( hKRB5_32, "krb5_kt_default" );
+	(FARPROC) p_krb5_kt_resolve =
+		GetProcAddress( hKRB5_32, "krb5_kt_resolve" );
+	(FARPROC) p_krb5_auth_con_init =
+		GetProcAddress( hKRB5_32, "krb5_auth_con_init" );
+        (FARPROC) p_valid_cksumtype =
+                GetProcAddress( hKRB5_32, "valid_cksumtype" );
+        (FARPROC) p_krb5_checksum_size =
+                GetProcAddress( hKRB5_32, "krb5_checksum_size" );
+        (FARPROC) p_krb5_kt_free_entry =
+                GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );
+        (FARPROC) p_krb5_auth_con_setrcache =
+                GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" );
+        (FARPROC) p_krb5_get_server_rcache =
+                GetProcAddress( hKRB5_32, "krb5_get_server_rcache" );
+        (FARPROC) p_krb5_auth_con_getrcache =
+                GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" );
+        (FARPROC) p_krb5_kt_close =
+                GetProcAddress( hKRB5_32, "krb5_kt_close" );
+        (FARPROC) p_krb5_kt_get_entry =
+                GetProcAddress( hKRB5_32, "krb5_kt_get_entry" );
+	}
+
+/* Stubs for each function to be dynamicly loaded */
+void
+kssl_krb5_free_data_contents(krb5_context CO, krb5_data  * data)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_data_contents )
+		p_krb5_free_data_contents(CO,data);
+	}
+
+krb5_error_code
+kssl_krb5_mk_req_extended (krb5_context CO,
+                          krb5_auth_context  * pACO,
+                          krb5_const krb5_flags F,
+                          krb5_data  * pD1,
+                          krb5_creds  * pC,
+                          krb5_data  * pD2)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_mk_req_extended )
+		return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_auth_con_init(krb5_context CO,
+                       krb5_auth_context  * pACO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_auth_con_init )
+		return(p_krb5_auth_con_init(CO,pACO));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_auth_con_free (krb5_context CO,
+                        krb5_auth_context ACO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_auth_con_free )
+		return(p_krb5_auth_con_free(CO,ACO));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_get_credentials(krb5_context CO,
+                         krb5_const krb5_flags F,
+                         krb5_ccache CC,
+                         krb5_creds  * pCR,
+                         krb5_creds  ** ppCR)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_get_credentials )
+		return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_sname_to_principal(krb5_context CO,
+                            krb5_const char  * pC1,
+                            krb5_const char  * pC2,
+                            krb5_int32 I,
+                            krb5_principal  * pPR)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_sname_to_principal )
+		return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_cc_default(krb5_context CO,
+                    krb5_ccache  * pCC)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_cc_default )
+		return(p_krb5_cc_default(CO,pCC));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_init_context(krb5_context * pCO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_init_context )
+		return(p_krb5_init_context(pCO));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+void
+kssl_krb5_free_context(krb5_context CO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_context )
+		p_krb5_free_context(CO);
+	}
+
+void
+kssl_krb5_free_principal(krb5_context c, krb5_principal p)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_principal )
+		p_krb5_free_principal(c,p);
+	}
+
+krb5_error_code
+kssl_krb5_kt_resolve(krb5_context con,
+                    krb5_const char * sz,
+                    krb5_keytab * kt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_kt_resolve )
+		return(p_krb5_kt_resolve(con,sz,kt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_kt_default(krb5_context con,
+                    krb5_keytab * kt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_kt_default )
+		return(p_krb5_kt_default(con,kt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_free_ticket(krb5_context con,
+                     krb5_ticket * kt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_ticket )
+		return(p_krb5_free_ticket(con,kt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon,
+                krb5_const krb5_data * data,
+                krb5_const_principal princ, krb5_keytab keytab,
+                krb5_flags * flags, krb5_ticket ** pptkt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rd_req )
+		return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_boolean
+krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
+                krb5_const_principal princ2)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_principal_compare )
+		return(p_krb5_principal_compare(con,princ1,princ2));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
+                krb5_ticket *ticket)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_decrypt_tkt_part )
+		return(p_krb5_decrypt_tkt_part(con,keys,ticket));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_timeofday(krb5_context con, krb5_int32 *timeret)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_timeofday )
+		return(p_krb5_timeofday(con,timeret));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_default(krb5_context con, krb5_rcache *rc)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_default )
+		return(p_krb5_rc_default(con,rc));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_initialize )
+		return(p_krb5_rc_initialize(con, rc, lifespan));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_get_lifespan )
+		return(p_krb5_rc_get_lifespan(con, rc, lifespanp));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_destroy(krb5_context con, krb5_rcache rc)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_destroy )
+		return(p_krb5_rc_destroy(con, rc));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+size_t 
+krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)
+        {
+        if (!krb5_loaded)
+                load_krb5_dll();
+
+        if ( p_krb5_checksum_size )
+                return(p_krb5_checksum_size(context, ctype));
+        else
+                return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_boolean 
+valid_cksumtype(krb5_cksumtype ctype)
+        {
+        if (!krb5_loaded)
+                load_krb5_dll();
+
+        if ( p_valid_cksumtype )
+                return(p_valid_cksumtype(ctype));
+        else
+                return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_error_code 
+krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)
+        {
+        if (!krb5_loaded)
+                load_krb5_dll();
+
+        if ( p_krb5_kt_free_entry )
+                return(p_krb5_kt_free_entry(con,entry));
+        else
+                return KRB5KRB_ERR_GENERIC;
+        }
+                 
+/* Structure definitions  */
+#ifndef NO_DEF_KRB5_CCACHE
+#ifndef krb5_x
+#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
+#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
+#endif 
+
+typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */
+
+typedef struct _krb5_ccache
+	{
+	krb5_magic magic;
+	struct _krb5_cc_ops FAR *ops;
+	krb5_pointer data;
+	} *krb5_ccache;
+
+typedef struct _krb5_cc_ops
+	{
+	krb5_magic magic;
+	char  *prefix;
+	char  * (KRB5_CALLCONV *get_name)
+		(krb5_context, krb5_ccache);
+	krb5_error_code (KRB5_CALLCONV *resolve)
+		(krb5_context, krb5_ccache  *, const char  *);
+	krb5_error_code (KRB5_CALLCONV *gen_new)
+		(krb5_context, krb5_ccache  *);
+	krb5_error_code (KRB5_CALLCONV *init)
+		(krb5_context, krb5_ccache, krb5_principal);
+	krb5_error_code (KRB5_CALLCONV *destroy)
+		(krb5_context, krb5_ccache);
+	krb5_error_code (KRB5_CALLCONV *close)
+		(krb5_context, krb5_ccache);
+	krb5_error_code (KRB5_CALLCONV *store)
+		(krb5_context, krb5_ccache, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *retrieve)
+		(krb5_context, krb5_ccache,
+		krb5_flags, krb5_creds  *, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *get_princ)
+		(krb5_context, krb5_ccache, krb5_principal  *);
+	krb5_error_code (KRB5_CALLCONV *get_first)
+		(krb5_context, krb5_ccache, krb5_cc_cursor  *);
+	krb5_error_code (KRB5_CALLCONV *get_next)
+		(krb5_context, krb5_ccache,
+		krb5_cc_cursor  *, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *end_get)
+		(krb5_context, krb5_ccache, krb5_cc_cursor  *);
+	krb5_error_code (KRB5_CALLCONV *remove_cred)
+		(krb5_context, krb5_ccache,
+		krb5_flags, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *set_flags)
+		(krb5_context, krb5_ccache, krb5_flags);
+	} krb5_cc_ops;
+#endif /* NO_DEF_KRB5_CCACHE */
+
+krb5_error_code 
+kssl_krb5_cc_get_principal
+    (krb5_context context, krb5_ccache cache,
+      krb5_principal *principal)
+	{
+	if ( p_krb5_cc_get_principal )
+		return(p_krb5_cc_get_principal(context,cache,principal));
+	else
+		return(krb5_x
+			((cache)->ops->get_princ,(context, cache, principal)));
+	}
+
+krb5_error_code
+kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
+                             krb5_rcache rcache)
+        {
+        if ( p_krb5_auth_con_setrcache )
+                 return(p_krb5_auth_con_setrcache(con,acon,rcache));
+        else
+                 return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_error_code
+kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data,
+                            krb5_rcache * rcache) 
+        {
+	if ( p_krb5_get_server_rcache )
+		return(p_krb5_get_server_rcache(con,data,rcache));
+	else
+		return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_error_code
+kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
+                             krb5_rcache * prcache)
+        {
+	if ( p_krb5_auth_con_getrcache )
+		return(p_krb5_auth_con_getrcache(con,acon, prcache));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+ 
+krb5_error_code
+kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
+	{
+	if ( p_krb5_kt_close )
+		return(p_krb5_kt_close(context,keytab));
+	else 
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+                       krb5_const_principal principal, krb5_kvno vno,
+                       krb5_enctype enctype, krb5_keytab_entry *entry)
+	{
+	if ( p_krb5_kt_get_entry )
+		return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry));
+	else
+		return KRB5KRB_ERR_GENERIC;
+        }
+#endif  /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
+
+char
+*kstring(char *string)
+        {
+        static char	*null = "[NULL]";
+
+	return ((string == NULL)? null: string);
+        }
+
+/*	Given KRB5 enctype (basically DES or 3DES),
+**	return closest match openssl EVP_ encryption algorithm.
+**	Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
+**	Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
+*/
+const EVP_CIPHER *
+kssl_map_enc(krb5_enctype enctype)
+        {
+	switch (enctype)
+		{
+	case ENCTYPE_DES_HMAC_SHA1:		/*    EVP_des_cbc();       */
+	case ENCTYPE_DES_CBC_CRC:
+	case ENCTYPE_DES_CBC_MD4:
+	case ENCTYPE_DES_CBC_MD5:
+	case ENCTYPE_DES_CBC_RAW:
+				return EVP_des_cbc();
+				break;
+	case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */
+	case ENCTYPE_DES3_CBC_SHA:
+	case ENCTYPE_DES3_CBC_RAW:
+				return EVP_des_ede3_cbc();
+				break;
+	default:                return NULL;
+				break;
+		}
+	}
+
+
+/*	Return true:1 if p "looks like" the start of the real authenticator
+**	described in kssl_skip_confound() below.  The ASN.1 pattern is
+**	"62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
+**	xx and yy are possibly multi-byte length fields.
+*/
+int 	kssl_test_confound(unsigned char *p)
+	{
+	int 	len = 2;
+	int 	xx = 0, yy = 0;
+
+	if (*p++ != 0x62)  return 0;
+	if (*p > 0x82)  return 0;
+	switch(*p)  {
+		case 0x82:  p++;          xx = (*p++ << 8);  xx += *p++;  break;
+		case 0x81:  p++;          xx =  *p++;  break;
+		case 0x80:  return 0;
+		default:    xx = *p++;  break;
+		}
+	if (*p++ != 0x30)  return 0;
+	if (*p > 0x82)  return 0;
+	switch(*p)  {
+		case 0x82:  p++; len+=2;  yy = (*p++ << 8);  yy += *p++;  break;
+		case 0x81:  p++; len++;   yy =  *p++;  break;
+		case 0x80:  return 0;
+		default:    yy = *p++;  break;
+		}
+
+	return (xx - len == yy)? 1: 0;
+	}
+
+/*	Allocate, fill, and return cksumlens array of checksum lengths.
+**	This array holds just the unique elements from the krb5_cksumarray[].
+**	array[n] == 0 signals end of data.
+**
+**      The krb5_cksumarray[] was an internal variable that has since been
+**      replaced by a more general method for storing the data.  It should
+**      not be used.  Instead we use real API calls and make a guess for 
+**      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
+**      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
+*/
+size_t  *populate_cksumlens(void)
+	{
+	int 		i, j, n;
+	static size_t 	*cklens = NULL;
+
+#ifdef KRB5_MIT_OLD11
+	n = krb5_max_cksum;
+#else
+	n = 0x0010;
+#endif	/* KRB5_MIT_OLD11 */
+ 
+#ifdef KRB5CHECKAUTH
+	if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1)))  return NULL;
+
+	for (i=0; i < n; i++)  {
+		if (!valid_cksumtype(i))  continue;	/*  array has holes  */
+		for (j=0; j < n; j++)  {
+			if (cklens[j] == 0)  {
+				cklens[j] = krb5_checksum_size(NULL,i);
+				break;		/*  krb5 elem was new: add   */
+				}
+			if (cklens[j] == krb5_checksum_size(NULL,i))  {
+				break;		/*  ignore duplicate elements */
+				}
+			}
+		}
+#endif	/* KRB5CHECKAUTH */
+
+	return cklens;
+	}
+
+/*	Return pointer to start of real authenticator within authenticator, or
+**	return NULL on error.
+**	Decrypted authenticator looks like this:
+**		[0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
+**	This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
+**	krb5_auth_con_getcksumtype() function advertised in its krb5.h.
+*/
+unsigned char	*kssl_skip_confound(krb5_enctype etype, unsigned char *a)
+	{
+	int 		i, conlen;
+	size_t		cklen;
+	static size_t 	*cksumlens = NULL;
+	unsigned char	*test_auth;
+
+	conlen = (etype)? 8: 0;
+
+	if (!cksumlens  &&  !(cksumlens = populate_cksumlens()))  return NULL;
+	for (i=0; (cklen = cksumlens[i]) != 0; i++)
+		{
+		test_auth = a + conlen + cklen;
+		if (kssl_test_confound(test_auth))  return test_auth;
+		}
+
+	return NULL;
+	}
+
+
+/*	Set kssl_err error info when reason text is a simple string
+**		kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
+*/
+void
+kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
+        {
+	if (kssl_err == NULL)  return;
+
+	kssl_err->reason = reason;
+	BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, text);
+	return;
+        }
+
+
+/*	Display contents of krb5_data struct, for debugging
+*/
+void
+print_krb5_data(char *label, krb5_data *kdata)
+        {
+	int i;
+
+	printf("%s[%d] ", label, kdata->length);
+	for (i=0; i < kdata->length; i++)
+                {
+		if (0 &&  isprint((int) kdata->data[i]))
+                        printf(	"%c ",  kdata->data[i]);
+		else
+                        printf(	"%02x ", (unsigned char) kdata->data[i]);
+		}
+	printf("\n");
+        }
+
+
+/*	Display contents of krb5_authdata struct, for debugging
+*/
+void
+print_krb5_authdata(char *label, krb5_authdata **adata)
+        {
+	if (adata == NULL)
+                {
+		printf("%s, authdata==0\n", label);
+		return;
+		}
+	printf("%s [%p]\n", label, adata);
+#if 0
+	{
+        int 	i;
+	printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
+	for (i=0; i < adata->length; i++)
+                {
+                printf((isprint(adata->contents[i]))? "%c ": "%02x",
+                        adata->contents[i]);
+		}
+	printf("\n");
+	}
+#endif
+	}
+
+
+/*	Display contents of krb5_keyblock struct, for debugging
+*/
+void
+print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
+        {
+	int i;
+
+	if (keyblk == NULL)
+                {
+		printf("%s, keyblk==0\n", label);
+		return;
+		}
+#ifdef KRB5_HEIMDAL
+	printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+					   keyblk->keyvalue->length);
+	for (i=0; i < keyblk->keyvalue->length; i++)
+                {
+		printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
+		}
+	printf("\n");
+#else
+	printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+	for (i=0; i < keyblk->length; i++)
+                {
+		printf("%02x",keyblk->contents[i]);
+		}
+	printf("\n");
+#endif
+        }
+
+
+/*	Display contents of krb5_principal_data struct, for debugging
+**	(krb5_principal is typedef'd == krb5_principal_data *)
+*/
+void
+print_krb5_princ(char *label, krb5_principal_data *princ)
+        {
+	int i, ui, uj;
+
+	printf("%s principal Realm: ", label);
+	if (princ == NULL)  return;
+	for (ui=0; ui < princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
+	printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
+	for (i=0; i < princ->length; i++)
+                {
+		printf("\t%d [%d]: ", i, princ->data[i].length);
+		for (uj=0; uj < princ->data[i].length; uj++)  {
+			putchar(princ->data[i].data[uj]);
+			}
+		printf("\n");
+		}
+	return;
+        }
+
+
+/*	Given krb5 service (typically "kssl") and hostname in kssl_ctx,
+**	Return encrypted Kerberos ticket for service @ hostname.
+**	If authenp is non-NULL, also return encrypted authenticator,
+**	whose data should be freed by caller.
+**	(Originally was: Create Kerberos AP_REQ message for SSL Client.)
+**
+**	19990628	VRS 	Started; Returns Kerberos AP_REQ message.
+**	20010409	VRS 	Modified for RFC2712; Returns enc tkt.
+**	20010606	VRS 	May also return optional authenticator.
+*/
+krb5_error_code
+kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,
+                /* OUT    */	krb5_data **enc_ticketp,
+                /* UPDATE */	krb5_data *authenp,
+                /* OUT    */	KSSL_ERR *kssl_err)
+	{
+	krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;
+	krb5_context		krb5context = NULL;
+	krb5_auth_context	krb5auth_context = NULL;
+	krb5_ccache 		krb5ccdef = NULL;
+	krb5_creds		krb5creds, *krb5credsp = NULL;
+	krb5_data		krb5_app_req;
+
+	kssl_err_set(kssl_err, 0, "");
+	memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+	if (!kssl_ctx)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "No kssl_ctx defined.\n");
+		goto err;
+		}
+	else if (!kssl_ctx->service_host)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "kssl_ctx service_host undefined.\n");
+		goto err;
+		}
+
+	if ((krb5rc = krb5_init_context(&krb5context)) != 0)
+                {
+		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
+                        "krb5_init_context() fails: %d\n", krb5rc);
+		kssl_err->reason = SSL_R_KRB5_C_INIT;
+		goto err;
+		}
+
+	if ((krb5rc = krb5_sname_to_principal(krb5context,
+                kssl_ctx->service_host,
+                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
+                KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
+                {
+		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
+                        "krb5_sname_to_principal() fails for %s/%s\n",
+                        kssl_ctx->service_host,
+                        (kssl_ctx->service_name)? kssl_ctx->service_name:
+						  KRB5SVC);
+		kssl_err->reason = SSL_R_KRB5_C_INIT;
+		goto err;
+		}
+
+	if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+                        "krb5_cc_default fails.\n");
+		goto err;
+		}
+
+	if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+                &krb5creds.client)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+                        "krb5_cc_get_principal() fails.\n");
+		goto err;
+		}
+
+	if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+                &krb5creds, &krb5credsp)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
+                        "krb5_get_credentials() fails.\n");
+		goto err;
+		}
+
+	*enc_ticketp = &krb5credsp->ticket;
+#ifdef KRB5_HEIMDAL
+	kssl_ctx->enctype = krb5credsp->session.keytype;
+#else
+	kssl_ctx->enctype = krb5credsp->keyblock.enctype;
+#endif
+
+	krb5rc = KRB5KRB_ERR_GENERIC;
+	/*	caller should free data of krb5_app_req  */
+	/*  20010406 VRS deleted for real KerberosWrapper
+	**  20010605 VRS reinstated to offer Authenticator to KerberosWrapper
+	*/
+	krb5_app_req.length = 0;
+	if (authenp)
+                {
+		krb5_data	krb5in_data;
+		unsigned char	*p;
+		long		arlen;
+		KRB5_APREQBODY	*ap_req;
+
+		authenp->length = 0;
+		krb5in_data.data = NULL;
+		krb5in_data.length = 0;
+		if ((krb5rc = krb5_mk_req_extended(krb5context,
+			&krb5auth_context, 0, &krb5in_data, krb5credsp,
+			&krb5_app_req)) != 0)
+			{
+			kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
+				"krb5_mk_req_extended() fails.\n");
+			goto err;
+			}
+
+		arlen = krb5_app_req.length;
+		p = (unsigned char *)krb5_app_req.data;
+		ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen);
+		if (ap_req)
+			{
+			authenp->length = i2d_KRB5_ENCDATA(
+					ap_req->authenticator, NULL);
+			if (authenp->length  && 
+				(authenp->data = malloc(authenp->length)))
+				{
+				unsigned char	*adp = (unsigned char *)authenp->data;
+				authenp->length = i2d_KRB5_ENCDATA(
+						ap_req->authenticator, &adp);
+				}
+			}
+
+		if (ap_req)  KRB5_APREQ_free((KRB5_APREQ *) ap_req);
+		if (krb5_app_req.length)  
+                        kssl_krb5_free_data_contents(krb5context,&krb5_app_req);
+		}
+#ifdef KRB5_HEIMDAL
+	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+                        "kssl_ctx_setkey() fails.\n");
+		}
+#else
+	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+                        "kssl_ctx_setkey() fails.\n");
+		}
+#endif
+	else	krb5rc = 0;
+
+ err:
+#ifdef KSSL_DEBUG
+	kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+	if (krb5creds.client)	krb5_free_principal(krb5context,
+							krb5creds.client);
+	if (krb5creds.server)	krb5_free_principal(krb5context,
+							krb5creds.server);
+	if (krb5auth_context)	krb5_auth_con_free(krb5context,
+							krb5auth_context);
+	if (krb5context)	krb5_free_context(krb5context);
+	return (krb5rc);
+	}
+
+
+/*  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
+**  Return Kerberos error code and kssl_err struct on error.
+**  Allocates krb5_ticket and krb5_principal; caller should free these.
+**
+**	20010410	VRS	Implemented krb5_decode_ticket() as
+**				old_krb5_decode_ticket(). Missing from MIT1.0.6.
+**	20010615	VRS 	Re-cast as openssl/asn1 d2i_*() functions.
+**				Re-used some of the old krb5_decode_ticket()
+**				code here.  This tkt should alloc/free just
+**				like the real thing.
+*/
+krb5_error_code
+kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
+		/* IN     */	KRB5_TKTBODY	*asn1ticket,
+		/* OUT    */	krb5_ticket	**krb5ticket,
+		/* OUT    */	KSSL_ERR *kssl_err  )
+        {
+        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
+	krb5_ticket 			*new5ticket = NULL;
+	ASN1_GENERALSTRING		*gstr_svc, *gstr_host;
+
+	*krb5ticket = NULL;
+
+	if (asn1ticket == NULL  ||  asn1ticket->realm == NULL  ||
+		asn1ticket->sname == NULL  || 
+		sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Null field in asn1ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return KRB5KRB_ERR_GENERIC;
+		}
+
+	if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Unable to allocate new krb5_ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return ENOMEM;		/*  or  KRB5KRB_ERR_GENERIC;	*/
+		}
+
+	gstr_svc  = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
+	gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
+
+	if ((krb5rc = kssl_build_principal_2(krb5context,
+			&new5ticket->server,
+			asn1ticket->realm->length, (char *)asn1ticket->realm->data,
+			gstr_svc->length,  (char *)gstr_svc->data,
+			gstr_host->length, (char *)gstr_host->data)) != 0)
+		{
+		free(new5ticket);
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Error building ticket server principal.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return krb5rc;		/*  or  KRB5KRB_ERR_GENERIC;	*/
+		}
+
+	krb5_princ_type(krb5context, new5ticket->server) =
+			asn1ticket->sname->nametype->data[0];
+	new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
+	new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
+	new5ticket->enc_part.ciphertext.length =
+			asn1ticket->encdata->cipher->length;
+	if ((new5ticket->enc_part.ciphertext.data =
+		calloc(1, asn1ticket->encdata->cipher->length)) == NULL)
+		{
+		free(new5ticket);
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Error allocating cipher in krb5ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return KRB5KRB_ERR_GENERIC;
+		}
+	else
+		{
+		memcpy(new5ticket->enc_part.ciphertext.data,
+			asn1ticket->encdata->cipher->data,
+			asn1ticket->encdata->cipher->length);
+		}
+
+	*krb5ticket = new5ticket;
+	return 0;
+	}
+
+
+/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+**		and krb5 AP_REQ message & message length,
+**	Return Kerberos session key and client principle
+**		to SSL Server in KSSL_CTX *kssl_ctx.
+**
+**	19990702	VRS 	Started.
+*/
+krb5_error_code
+kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,
+		/* IN     */	krb5_data		*indata,
+		/* OUT    */	krb5_ticket_times	*ttimes,
+		/* OUT    */	KSSL_ERR		*kssl_err  )
+        {
+        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
+        static krb5_context		krb5context = NULL;
+	static krb5_auth_context	krb5auth_context = NULL;
+	krb5_ticket 			*krb5ticket = NULL;
+	KRB5_TKTBODY 			*asn1ticket = NULL;
+	unsigned char			*p;
+	krb5_keytab 			krb5keytab = NULL;
+	krb5_keytab_entry		kt_entry;
+	krb5_principal			krb5server;
+        krb5_rcache                     rcache = NULL;
+
+	kssl_err_set(kssl_err, 0, "");
+
+	if (!kssl_ctx)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"No kssl_ctx defined.\n");
+		goto err;
+		}
+
+#ifdef KSSL_DEBUG
+	printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
+#endif	/* KSSL_DEBUG */
+
+	if (!krb5context  &&  (krb5rc = krb5_init_context(&krb5context)))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_init_context() fails.\n");
+		goto err;
+		}
+	if (krb5auth_context  &&
+		(krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_auth_con_free() fails.\n");
+		goto err;
+		}
+	else  krb5auth_context = NULL;
+	if (!krb5auth_context  &&
+		(krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_auth_con_init() fails.\n");
+		goto err;
+		}
+
+ 
+	if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
+		&rcache)))
+		{
+ 		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"krb5_auth_con_getrcache() fails.\n");
+ 		goto err;
+		}
+ 
+	if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
+                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
+                KRB5_NT_SRV_HST, &krb5server)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_sname_to_principal() fails.\n");
+		goto err;
+		}
+
+	if (rcache == NULL) 
+                {
+                if ((krb5rc = krb5_get_server_rcache(krb5context,
+			krb5_princ_component(krb5context, krb5server, 0),
+			&rcache)))
+                        {
+		        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                                "krb5_get_server_rcache() fails.\n");
+                  	goto err;
+                        }
+                }
+
+        if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache)))
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"krb5_auth_con_setrcache() fails.\n");
+                goto err;
+                }
+
+
+	/*	kssl_ctx->keytab_file == NULL ==> use Kerberos default
+	*/
+	if (kssl_ctx->keytab_file)
+		{
+		krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+                        &krb5keytab);
+		if (krb5rc)
+			{
+			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+				"krb5_kt_resolve() fails.\n");
+			goto err;
+			}
+		}
+	else
+		{
+                krb5rc = krb5_kt_default(krb5context,&krb5keytab);
+                if (krb5rc)
+			{
+			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 
+				"krb5_kt_default() fails.\n");
+			goto err;
+			}
+		}
+
+	/*	Actual Kerberos5 krb5_recvauth() has initial conversation here
+	**	o	check KRB5_SENDAUTH_BADAUTHVERS
+	**		unless KRB5_RECVAUTH_SKIP_VERSION
+	**	o	check KRB5_SENDAUTH_BADAPPLVERS
+	**	o	send "0" msg if all OK
+	*/
+
+	/*  20010411 was using AP_REQ instead of true KerberosWrapper
+	**
+	**  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
+	**			&krb5in_data, krb5server, krb5keytab,
+	**			&ap_option, &krb5ticket)) != 0)  { Error }
+	*/
+
+	p = (unsigned char *)indata->data;
+	if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,
+						(long) indata->length)) == NULL)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"d2i_KRB5_TICKET() ASN.1 decode failure.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	
+	/* Was:  krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */
+	if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
+					kssl_err)) != 0)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Error converting ASN.1 ticket to krb5_ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+
+	if (! krb5_principal_compare(krb5context, krb5server,
+						  krb5ticket->server))  {
+		krb5rc = KRB5_PRINC_NOMATCH;
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"server principal != ticket principal\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
+			krb5ticket->server, krb5ticket->enc_part.kvno,
+			krb5ticket->enc_part.enctype, &kt_entry)) != 0)  {
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"krb5_kt_get_entry() fails with %x.\n", krb5rc);
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
+			krb5ticket)) != 0)  {
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"krb5_decrypt_tkt_part() failed.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	else  {
+		krb5_kt_free_entry(krb5context, &kt_entry);
+#ifdef KSSL_DEBUG
+		{
+		int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
+		printf("Decrypted ticket fields:\n");
+		printf("\tflags: %X, transit-type: %X",
+			krb5ticket->enc_part2->flags,
+			krb5ticket->enc_part2->transited.tr_type);
+		print_krb5_data("\ttransit-data: ",
+			&(krb5ticket->enc_part2->transited.tr_contents));
+		printf("\tcaddrs: %p, authdata: %p\n",
+			krb5ticket->enc_part2->caddrs,
+			krb5ticket->enc_part2->authorization_data);
+		if (paddr)
+			{
+			printf("\tcaddrs:\n");
+			for (i=0; paddr[i] != NULL; i++)
+				{
+				krb5_data d;
+				d.length=paddr[i]->length;
+				d.data=paddr[i]->contents;
+				print_krb5_data("\t\tIP: ", &d);
+				}
+			}
+		printf("\tstart/auth/end times: %d / %d / %d\n",
+			krb5ticket->enc_part2->times.starttime,
+			krb5ticket->enc_part2->times.authtime,
+			krb5ticket->enc_part2->times.endtime);
+		}
+#endif	/* KSSL_DEBUG */
+		}
+
+	krb5rc = KRB5_NO_TKT_SUPPLIED;
+	if (!krb5ticket  ||	!krb5ticket->enc_part2  ||
+                !krb5ticket->enc_part2->client  ||
+                !krb5ticket->enc_part2->client->data  ||
+                !krb5ticket->enc_part2->session)
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "bad ticket from krb5_rd_req.\n");
+		}
+	else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
+                &krb5ticket->enc_part2->client->realm,
+                krb5ticket->enc_part2->client->data))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "kssl_ctx_setprinc() fails.\n");
+		}
+	else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "kssl_ctx_setkey() fails.\n");
+		}
+	else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID)
+                {
+		krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "invalid ticket from krb5_rd_req.\n");
+		}
+	else	krb5rc = 0;
+
+	kssl_ctx->enctype	= krb5ticket->enc_part.enctype;
+	ttimes->authtime	= krb5ticket->enc_part2->times.authtime;
+	ttimes->starttime	= krb5ticket->enc_part2->times.starttime;
+	ttimes->endtime 	= krb5ticket->enc_part2->times.endtime;
+	ttimes->renew_till	= krb5ticket->enc_part2->times.renew_till;
+
+ err:
+#ifdef KSSL_DEBUG
+	kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+	if (asn1ticket) 	KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
+        if (krb5keytab)         krb5_kt_close(krb5context, krb5keytab);
+	if (krb5ticket) 	krb5_free_ticket(krb5context, krb5ticket);
+	if (krb5server) 	krb5_free_principal(krb5context, krb5server);
+	return (krb5rc);
+        }
+
+
+/*	Allocate & return a new kssl_ctx struct.
+*/
+KSSL_CTX	*
+kssl_ctx_new(void)
+        {
+	return ((KSSL_CTX *) calloc(1, sizeof(KSSL_CTX)));
+        }
+
+
+/*	Frees a kssl_ctx struct and any allocated memory it holds.
+**	Returns NULL.
+*/
+KSSL_CTX	*
+kssl_ctx_free(KSSL_CTX *kssl_ctx)
+        {
+	if (kssl_ctx == NULL)  return kssl_ctx;
+
+	if (kssl_ctx->key)  		OPENSSL_cleanse(kssl_ctx->key,
+							      kssl_ctx->length);
+	if (kssl_ctx->key)  		free(kssl_ctx->key);
+	if (kssl_ctx->client_princ) 	free(kssl_ctx->client_princ);
+	if (kssl_ctx->service_host) 	free(kssl_ctx->service_host);
+	if (kssl_ctx->service_name) 	free(kssl_ctx->service_name);
+	if (kssl_ctx->keytab_file) 	free(kssl_ctx->keytab_file);
+
+	free(kssl_ctx);
+	return (KSSL_CTX *) NULL;
+        }
+
+
+/*	Given a (krb5_data *) entity (and optional realm),
+**	set the plain (char *) client_princ or service_host member
+**	of the kssl_ctx struct.
+*/
+krb5_error_code
+kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+        krb5_data *realm, krb5_data *entity)
+        {
+	char	**princ;
+	int 	length;
+
+	if (kssl_ctx == NULL  ||  entity == NULL)  return KSSL_CTX_ERR;
+
+	switch (which)
+                {
+        case KSSL_CLIENT:	princ = &kssl_ctx->client_princ;	break;
+        case KSSL_SERVER:	princ = &kssl_ctx->service_host;	break;
+        default:		return KSSL_CTX_ERR;			break;
+		}
+	if (*princ)  free(*princ);
+
+	length = entity->length + ((realm)? realm->length + 2: 1);
+	if ((*princ = calloc(1, length)) == NULL)
+		return KSSL_CTX_ERR;
+	else
+                {
+		strncpy(*princ, entity->data, entity->length);
+		(*princ)[entity->length]='\0';
+		if (realm)
+                        {
+			strcat (*princ, "@");
+			(void) strncat(*princ, realm->data, realm->length);
+			(*princ)[entity->length+1+realm->length]='\0';
+			}
+		}
+
+	return KSSL_CTX_OK;
+        }
+
+
+/*	Set one of the plain (char *) string members of the kssl_ctx struct.
+**	Default values should be:
+**		which == KSSL_SERVICE	=>	"khost" (KRB5SVC)
+**		which == KSSL_KEYTAB	=>	"/etc/krb5.keytab" (KRB5KEYTAB)
+*/
+krb5_error_code
+kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
+        {
+	char	**string;
+
+	if (!kssl_ctx)  return KSSL_CTX_ERR;
+
+	switch (which)
+                {
+        case KSSL_SERVICE:	string = &kssl_ctx->service_name;	break;
+        case KSSL_SERVER:	string = &kssl_ctx->service_host;	break;
+        case KSSL_CLIENT:	string = &kssl_ctx->client_princ;	break;
+        case KSSL_KEYTAB:	string = &kssl_ctx->keytab_file;	break;
+        default:		return KSSL_CTX_ERR;			break;
+		}
+	if (*string)  free(*string);
+
+	if (!text)
+                {
+		*string = '\0';
+		return KSSL_CTX_OK;
+		}
+
+	if ((*string = calloc(1, strlen(text) + 1)) == NULL)
+		return KSSL_CTX_ERR;
+	else
+		strcpy(*string, text);
+
+	return KSSL_CTX_OK;
+        }
+
+
+/*	Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
+**	struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
+*/
+krb5_error_code
+kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
+        {
+	int 		length;
+	krb5_enctype	enctype;
+	krb5_octet FAR	*contents = NULL;
+
+	if (!kssl_ctx)  return KSSL_CTX_ERR;
+
+	if (kssl_ctx->key)
+                {
+		OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
+		free(kssl_ctx->key);
+		}
+
+	if (session)
+                {
+
+#ifdef KRB5_HEIMDAL
+		length = session->keyvalue->length;
+		enctype = session->keytype;
+		contents = session->keyvalue->contents;
+#else
+		length = session->length;
+		enctype = session->enctype;
+		contents = session->contents;
+#endif
+		kssl_ctx->enctype = enctype;
+		kssl_ctx->length  = length;
+		}
+	else
+                {
+		kssl_ctx->enctype = ENCTYPE_UNKNOWN;
+		kssl_ctx->length  = 0;
+		return KSSL_CTX_OK;
+		}
+
+	if ((kssl_ctx->key =
+                (krb5_octet FAR *) calloc(1, kssl_ctx->length)) == NULL)
+                {
+		kssl_ctx->length  = 0;
+		return KSSL_CTX_ERR;
+		}
+	else
+		memcpy(kssl_ctx->key, contents, length);
+
+	return KSSL_CTX_OK;
+        }
+
+
+/*	Display contents of kssl_ctx struct
+*/
+void
+kssl_ctx_show(KSSL_CTX *kssl_ctx)
+        {
+	int 	i;
+
+	printf("kssl_ctx: ");
+	if (kssl_ctx == NULL)
+                {
+		printf("NULL\n");
+		return;
+		}
+	else
+		printf("%p\n", kssl_ctx);
+
+	printf("\tservice:\t%s\n",
+                (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
+	printf("\tclient:\t%s\n",
+                (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL");
+	printf("\tserver:\t%s\n",
+                (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");
+	printf("\tkeytab:\t%s\n",
+                (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");
+	printf("\tkey [%d:%d]:\t",
+                kssl_ctx->enctype, kssl_ctx->length);
+
+	for (i=0; i < kssl_ctx->length  &&  kssl_ctx->key; i++)
+                {
+		printf("%02x", kssl_ctx->key[i]);
+		}
+	printf("\n");
+	return;
+        }
+
+    int 
+    kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
+{
+    krb5_context		krb5context = NULL;
+    krb5_keytab 		krb5keytab = NULL;
+    krb5_keytab_entry           entry;
+    krb5_principal              princ = NULL;
+    krb5_error_code  		krb5rc = KRB5KRB_ERR_GENERIC;
+    int rc = 0;
+
+    if ((krb5rc = krb5_init_context(&krb5context)))
+        return(0);
+
+    /*	kssl_ctx->keytab_file == NULL ==> use Kerberos default
+    */
+    if (kssl_ctx->keytab_file)
+    {
+        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+                                  &krb5keytab);
+        if (krb5rc)
+            goto exit;
+    }
+    else
+    {
+        krb5rc = krb5_kt_default(krb5context,&krb5keytab);
+        if (krb5rc)
+            goto exit;
+    }
+
+    /* the host key we are looking for */
+    krb5rc = krb5_sname_to_principal(krb5context, NULL, 
+                                     kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
+                                     KRB5_NT_SRV_HST, &princ);
+
+    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
+                                princ,
+                                0 /* IGNORE_VNO */,
+                                0 /* IGNORE_ENCTYPE */,
+                                &entry);
+    if ( krb5rc == KRB5_KT_NOTFOUND ) {
+        rc = 1;
+        goto exit;
+    } else if ( krb5rc )
+        goto exit;
+    
+    krb5_kt_free_entry(krb5context, &entry);
+    rc = 1;
+
+  exit:
+    if (krb5keytab)     krb5_kt_close(krb5context, krb5keytab);
+    if (princ)          krb5_free_principal(krb5context, princ);
+    if (krb5context)	krb5_free_context(krb5context);
+    return(rc);
+}
+
+int 
+kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
+        {
+        krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;
+        krb5_context		krb5context = NULL;
+        krb5_ccache 		krb5ccdef = NULL;
+        krb5_creds		krb5creds, *krb5credsp = NULL;
+        int                     rc = 0;
+
+        memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+        if (!kssl_ctx)
+            return(0);
+
+        if (!kssl_ctx->service_host)
+            return(0);
+
+        if ((krb5rc = krb5_init_context(&krb5context)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_sname_to_principal(krb5context,
+                                              kssl_ctx->service_host,
+                                              (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
+                                              KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+                                             &krb5creds.client)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+                                            &krb5creds, &krb5credsp)) != 0)
+            goto err;
+
+        rc = 1;
+
+      err:
+#ifdef KSSL_DEBUG
+	kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+	if (krb5creds.client)	krb5_free_principal(krb5context, krb5creds.client);
+	if (krb5creds.server)	krb5_free_principal(krb5context, krb5creds.server);
+	if (krb5context)	krb5_free_context(krb5context);
+        return(rc);
+	}
+
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
+	{
+#ifdef KRB5_HEIMDAL
+	data->length = 0;
+        if (data->data)
+            free(data->data);
+#elif defined(KRB5_MIT_OLD11)
+	if (data->data)  {
+		krb5_xfree(data->data);
+		data->data = 0;
+		}
+#else
+	krb5_free_data_contents(NULL, data);
+#endif
+	}
+#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
+
+
+/*  Given pointers to KerberosTime and struct tm structs, convert the
+**  KerberosTime string to struct tm.  Note that KerberosTime is a
+**  ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
+**  seconds as defined in RFC 1510.
+**  Return pointer to the (partially) filled in struct tm on success,
+**  return NULL on failure.
+*/
+struct tm	*k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+	{
+	char 		c, *p;
+
+	if (!k_tm)  return NULL;
+	if (gtime == NULL  ||  gtime->length < 14)  return NULL;
+	if (gtime->data == NULL)  return NULL;
+
+	p = (char *)&gtime->data[14];
+
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_sec  = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_min  = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_hour = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mday = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mon  = atoi(p)-1;    *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 4;  k_tm->tm_year = atoi(p)-1900; *(p+4) = c;
+
+	return k_tm;
+	}
+
+
+/*  Helper function for kssl_validate_times().
+**  We need context->clockskew, but krb5_context is an opaque struct.
+**  So we try to sneek the clockskew out through the replay cache.
+**	If that fails just return a likely default (300 seconds).
+*/
+krb5_deltat	get_rc_clockskew(krb5_context context)
+	{
+	krb5_rcache 	rc;
+	krb5_deltat 	clockskew;
+
+	if (krb5_rc_default(context, &rc))  return KSSL_CLOCKSKEW;
+	if (krb5_rc_initialize(context, rc, 0))  return KSSL_CLOCKSKEW;
+	if (krb5_rc_get_lifespan(context, rc, &clockskew))  {
+		clockskew = KSSL_CLOCKSKEW;
+		}
+	(void) krb5_rc_destroy(context, rc);
+	return clockskew;
+	}
+
+
+/*  kssl_validate_times() combines (and more importantly exposes)
+**  the MIT KRB5 internal function krb5_validate_times() and the
+**  in_clock_skew() macro.  The authenticator client time is checked
+**  to be within clockskew secs of the current time and the current
+**  time is checked to be within the ticket start and expire times.
+**  Either check may be omitted by supplying a NULL value.
+**  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
+**  See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
+**  20010420 VRS
+*/
+krb5_error_code  kssl_validate_times(	krb5_timestamp atime,
+					krb5_ticket_times *ttimes)
+	{
+	krb5_deltat 	skew;
+	krb5_timestamp	start, now;
+	krb5_error_code	rc;
+	krb5_context	context;
+
+	if ((rc = krb5_init_context(&context)))	 return SSL_R_KRB5_S_BAD_TICKET;
+	skew = get_rc_clockskew(context); 
+	if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET;
+	krb5_free_context(context);
+
+	if (atime  &&  labs(atime - now) >= skew)  return SSL_R_KRB5_S_TKT_SKEW;
+
+	if (! ttimes)  return 0;
+
+	start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime;
+	if (start - now > skew)  return SSL_R_KRB5_S_TKT_NYV;
+	if ((now - ttimes->endtime) > skew)  return SSL_R_KRB5_S_TKT_EXPIRED;
+
+#ifdef KSSL_DEBUG
+	printf("kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
+		start, atime, now, skew, ttimes->endtime);
+#endif	/* KSSL_DEBUG */
+
+	return 0;
+	}
+
+
+/*  Decode and decrypt given DER-encoded authenticator, then pass
+**  authenticator ctime back in *atimep (or 0 if time unavailable).
+**  Returns krb5_error_code and kssl_err on error.  A NULL 
+**  authenticator (authentp->length == 0) is not considered an error.
+**  Note that kssl_check_authent() makes use of the KRB5 session key;
+**  you must call kssl_sget_tkt() to get the key before calling this routine.
+*/
+krb5_error_code  kssl_check_authent(
+			/* IN     */	KSSL_CTX	*kssl_ctx,
+                        /* IN     */   	krb5_data	*authentp,
+			/* OUT    */	krb5_timestamp	*atimep,
+			/* OUT    */    KSSL_ERR	*kssl_err  )
+	{
+        krb5_error_code		krb5rc = 0;
+	KRB5_ENCDATA		*dec_authent = NULL;
+	KRB5_AUTHENTBODY	*auth = NULL;
+	krb5_enctype		enctype;
+	EVP_CIPHER_CTX		ciph_ctx;
+	const EVP_CIPHER	*enc = NULL;
+	unsigned char		iv[EVP_MAX_IV_LENGTH];
+	unsigned char		*p, *unenc_authent;
+	int 			outl, unencbufsize;
+	struct tm		tm_time, *tm_l, *tm_g;
+	time_t			now, tl, tg, tr, tz_offset;
+
+	EVP_CIPHER_CTX_init(&ciph_ctx);
+	*atimep = 0;
+	kssl_err_set(kssl_err, 0, "");
+
+#ifndef KRB5CHECKAUTH
+	authentp = NULL;
+#else
+#if	KRB5CHECKAUTH == 0
+	authentp = NULL;
+#endif
+#endif	/* KRB5CHECKAUTH */
+
+	if (authentp == NULL  ||  authentp->length == 0)  return 0;
+
+#ifdef KSSL_DEBUG
+        {
+        unsigned int ui;
+	printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
+	p = authentp->data; 
+	for (ui=0; ui < authentp->length; ui++)  printf("%02x ",p[ui]);
+	printf("\n");
+        }
+#endif	/* KSSL_DEBUG */
+
+	unencbufsize = 2 * authentp->length;
+	if ((unenc_authent = calloc(1, unencbufsize)) == NULL)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"Unable to allocate authenticator buffer.\n");
+		krb5rc = KRB5KRB_ERR_GENERIC;
+		goto err;
+		}
+
+	p = (unsigned char *)authentp->data;
+	if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
+					(long) authentp->length)) == NULL) 
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "Error decoding authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+
+	enctype = dec_authent->etype->data[0];	/* should = kssl_ctx->enctype */
+#if !defined(KRB5_MIT_OLD11)
+            switch ( enctype ) {
+            case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */
+            case ENCTYPE_DES3_CBC_SHA:
+            case ENCTYPE_DES3_CBC_RAW:
+                krb5rc = 0;                     /* Skip, can't handle derived keys */
+                goto err;
+            }
+#endif
+	enc = kssl_map_enc(enctype);
+	memset(iv, 0, sizeof iv);       /* per RFC 1510 */
+
+	if (enc == NULL)
+		{
+		/*  Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.
+		**  This enctype indicates the authenticator was encrypted
+		**  using key-usage derived keys which openssl cannot decrypt.
+		*/
+		goto err;
+		}
+
+        if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "EVP_CipherInit error decrypting authenticator.\n");
+                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+                goto err;
+                }
+        outl = dec_authent->cipher->length;
+        if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "EVP_Cipher error decrypting authenticator.\n");
+                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+                goto err;
+                }
+        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+#ifdef KSSL_DEBUG
+	printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+	for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
+	printf("\n");
+#endif	/* KSSL_DEBUG */
+
+	if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "confounded by authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	outl -= p - unenc_authent;
+
+	if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,
+							  (long) outl))==NULL)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "Error decoding authenticator body.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+
+	memset(&tm_time,0,sizeof(struct tm));
+	if (k_gmtime(auth->ctime, &tm_time)  &&
+		((tr = mktime(&tm_time)) != (time_t)(-1)))
+ 		{
+ 		now  = time(&now);
+ 		tm_l = localtime(&now); 	tl = mktime(tm_l);
+ 		tm_g = gmtime(&now);		tg = mktime(tm_g);
+ 		tz_offset = tg - tl;
+
+		*atimep = tr - tz_offset;
+ 		}
+
+#ifdef KSSL_DEBUG
+	printf("kssl_check_authent: returns %d for client time ", *atimep);
+	if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
+		printf("%.*s\n", auth->ctime->length, auth->ctime->data);
+	else	printf("NULL\n");
+#endif	/* KSSL_DEBUG */
+
+ err:
+	if (auth)		KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
+	if (dec_authent)	KRB5_ENCDATA_free(dec_authent);
+	if (unenc_authent)	free(unenc_authent);
+	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+	return krb5rc;
+	}
+
+
+/*  Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
+**  because I dont't know how to stub varargs.
+**  Returns krb5_error_code == ENOMEM on alloc error, otherwise
+**  passes back newly constructed principal, which should be freed by caller.
+*/
+krb5_error_code  kssl_build_principal_2(
+			/* UPDATE */	krb5_context	context,
+			/* OUT    */	krb5_principal	*princ,
+			/* IN     */	int rlen,  const char *realm,
+			/* IN	  */	int slen,  const char *svc,
+			/* IN	  */	int hlen,  const char *host)
+	{
+	krb5_data		*p_data = NULL;
+	krb5_principal		new_p = NULL;
+        char			*new_r = NULL;
+
+	if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL  ||
+	    (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data)))
+			== NULL)  goto err;
+	new_p->length = 2;
+	new_p->data = p_data;
+
+	if ((new_r = calloc(1, rlen + 1)) == NULL)  goto err;
+	memcpy(new_r, realm, rlen);
+	krb5_princ_set_realm_length(context, new_p, rlen);
+	krb5_princ_set_realm_data(context, new_p, new_r);
+
+	if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)  goto err;
+	memcpy(new_p->data[0].data, svc, slen);
+	new_p->data[0].length = slen;
+
+	if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)  goto err;
+	memcpy(new_p->data[1].data, host, hlen);
+	new_p->data[1].length = hlen;
+	
+	krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
+	*princ = new_p;
+	return 0;
+
+ err:
+	if (new_p  &&  new_p[0].data)	free(new_p[0].data);
+	if (new_p  &&  new_p[1].data)	free(new_p[1].data);
+	if (new_p)	free(new_p);
+	if (new_r)	free(new_r);
+	return ENOMEM;
+	}
+
+
+#else /* !OPENSSL_NO_KRB5 */
+
+#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
+static int dummy=(int)&dummy;
+#endif
+
+#endif	/* !OPENSSL_NO_KRB5	*/
+
diff --git a/crypto/openssl/ssl/kssl.h b/crypto/openssl/ssl/kssl.h
new file mode 100644
index 0000000..cf7ebdd
--- /dev/null
+++ b/crypto/openssl/ssl/kssl.h
@@ -0,0 +1,173 @@
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+**	19990701	VRS 	Started.
+*/
+
+#ifndef	KSSL_H
+#define	KSSL_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+#include <stdio.h>
+#include <ctype.h>
+#include <krb5.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+**	Depending on which KRB5 implementation used, some types from
+**	the other may be missing.  Resolve that here and now
+*/
+#ifdef KRB5_HEIMDAL
+typedef unsigned char krb5_octet;
+#define FAR
+#endif
+
+/*	Uncomment this to debug kssl problems or
+**	to trace usage of the Kerberos session key
+**
+**	#define		KSSL_DEBUG
+*/
+
+#ifndef	KRB5SVC
+#define KRB5SVC	"host"
+#endif
+
+#ifndef	KRB5KEYTAB
+#define KRB5KEYTAB	"/etc/krb5.keytab"
+#endif
+
+#ifndef KRB5SENDAUTH
+#define KRB5SENDAUTH	1
+#endif
+
+#ifndef KRB5CHECKAUTH
+#define KRB5CHECKAUTH	1
+#endif
+
+#ifndef KSSL_CLOCKSKEW
+#define	KSSL_CLOCKSKEW	300;
+#endif
+
+#define	KSSL_ERR_MAX	255
+typedef struct kssl_err_st  {
+	int  reason;
+	char text[KSSL_ERR_MAX+1];
+	} KSSL_ERR;
+
+
+/*	Context for passing
+**		(1) Kerberos session key to SSL, and
+**		(2)	Config data between application and SSL lib
+*/
+typedef struct kssl_ctx_st
+        {
+                                /*	used by:    disposition:            */
+	char *service_name;	/*	C,S	    default ok (kssl)       */
+	char *service_host;	/*	C	    input, REQUIRED         */
+	char *client_princ;	/*	S	    output from krb5 ticket */
+	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */
+	char *cred_cache;	/*	C	    NULL (default)          */
+	krb5_enctype enctype;
+	int length;
+	krb5_octet FAR *key;
+	} KSSL_CTX;
+
+#define	KSSL_CLIENT 	1
+#define KSSL_SERVER 	2
+#define	KSSL_SERVICE	3
+#define	KSSL_KEYTAB 	4
+
+#define KSSL_CTX_OK 	0
+#define KSSL_CTX_ERR	1
+#define KSSL_NOMEM	2
+
+/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
+KSSL_CTX *kssl_ctx_new(void);
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
+void kssl_ctx_show(KSSL_CTX *kssl_ctx);
+krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+        krb5_data *realm, krb5_data *entity);
+krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
+        krb5_data *authenp, KSSL_ERR *kssl_err);
+krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
+        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
+void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
+krb5_error_code  kssl_build_principal_2(krb5_context context,
+			krb5_principal *princ, int rlen, const char *realm,
+			int slen, const char *svc, int hlen, const char *host);
+krb5_error_code  kssl_validate_times(krb5_timestamp atime,
+					krb5_ticket_times *ttimes);
+krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
+unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif	/* OPENSSL_NO_KRB5	*/
+#endif	/* KSSL_H 	*/
diff --git a/crypto/openssl/ssl/kssl_lcl.h b/crypto/openssl/ssl/kssl_lcl.h
new file mode 100644
index 0000000..4cd8dd2
--- /dev/null
+++ b/crypto/openssl/ssl/kssl_lcl.h
@@ -0,0 +1,87 @@
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef	KSSL_LCL_H
+#define	KSSL_LCL_H
+
+#include <openssl/kssl.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Private (internal to OpenSSL) */
+void print_krb5_data(char *label, krb5_data *kdata);
+void print_krb5_authdata(char *label, krb5_authdata **adata);
+void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
+
+char *kstring(char *string);
+char *knumber(int len, krb5_octet *contents);
+
+EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+
+int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
+int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif	/* OPENSSL_NO_KRB5	*/
+#endif	/* KSSL_LCL_H 	*/
diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c
index 2d0eb4a..64ee426 100644
--- a/crypto/openssl/ssl/s23_clnt.c
+++ b/crypto/openssl/ssl/s23_clnt.c
@@ -57,18 +57,18 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
 static SSL_METHOD *ssl23_get_client_method(int ver)
 	{
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
 #endif
@@ -87,20 +87,27 @@ SSL_METHOD *SSLv23_client_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv23_client_data,
-			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
-		SSLv23_client_data.ssl_connect=ssl23_connect;
-		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv23_client_data,
+				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+			SSLv23_client_data.ssl_connect=ssl23_connect;
+			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_client_data);
 	}
 
 int ssl23_connect(SSL *s)
 	{
-	BUF_MEM *buf;
+	BUF_MEM *buf=NULL;
 	unsigned long Time=time(NULL);
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state;
 
@@ -152,6 +159,7 @@ int ssl23_connect(SSL *s)
 					goto end;
 					}
 				s->init_buf=buf;
+				buf=NULL;
 				}
 
 			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -200,6 +208,8 @@ int ssl23_connect(SSL *s)
 		}
 end:
 	s->in_handshake--;
+	if (buf != NULL)
+		BUF_MEM_free(buf);
 	if (cb != NULL)
 		cb(s,SSL_CB_CONNECT_EXIT,ret);
 	return(ret);
@@ -211,6 +221,7 @@ static int ssl23_client_hello(SSL *s)
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int i,ch_len;
+	int ret;
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -302,7 +313,11 @@ static int ssl23_client_hello(SSL *s)
 		}
 
 	/* SSL3_ST_CW_CLNT_HELLO_B */
-	return(ssl23_write_bytes(s));
+	ret = ssl23_write_bytes(s);
+	if (ret >= 2)
+		if (s->msg_callback)
+			s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+	return ret;
 	}
 
 static int ssl23_get_server_hello(SSL *s)
@@ -322,7 +337,7 @@ static int ssl23_get_server_hello(SSL *s)
 	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
 		(p[5] == 0x00) && (p[6] == 0x02))
 		{
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
 #else
@@ -358,7 +373,7 @@ static int ssl23_get_server_hello(SSL *s)
 
 		if (s->s3 != NULL) ssl3_free(s);
 
-		if (!BUF_MEM_grow(s->init_buf,
+		if (!BUF_MEM_grow_clean(s->init_buf,
 			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
 			{
 			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
@@ -435,7 +450,7 @@ static int ssl23_get_server_hello(SSL *s)
 		 (p[3] == 0) &&
 		 (p[4] == 2))
 		{
-		void (*cb)()=NULL;
+		void (*cb)(const SSL *ssl,int type,int val)=NULL;
 		int j;
 
 		/* An alert */
diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c
index ad2d8da..b70002a 100644
--- a/crypto/openssl/ssl/s23_lib.c
+++ b/crypto/openssl/ssl/s23_lib.c
@@ -111,7 +111,7 @@ SSL_METHOD *sslv23_base_method(void)
 static int ssl23_num_ciphers(void)
 	{
 	return(ssl3_num_ciphers()
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	       + ssl2_num_ciphers()
 #endif
 	    );
@@ -124,7 +124,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 	if (u < uu)
 		return(ssl3_get_cipher(u));
 	else
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		return(ssl2_get_cipher(u-uu));
 #else
 		return(NULL);
@@ -144,7 +144,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;
 	cp=ssl3_get_cipher_by_char(p);
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	if (cp == NULL)
 		cp=ssl2_get_cipher_by_char(p);
 #endif
diff --git a/crypto/openssl/ssl/s23_meth.c b/crypto/openssl/ssl/s23_meth.c
index 4068431..f207140 100644
--- a/crypto/openssl/ssl/s23_meth.c
+++ b/crypto/openssl/ssl/s23_meth.c
@@ -80,12 +80,19 @@ SSL_METHOD *SSLv23_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv23_data.ssl_connect=ssl23_connect;
-		SSLv23_data.ssl_accept=ssl23_accept;
-		SSLv23_data.get_ssl_method=ssl23_get_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv23_data.ssl_connect=ssl23_connect;
+			SSLv23_data.ssl_accept=ssl23_accept;
+			SSLv23_data.get_ssl_method=ssl23_get_method;
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_data);
 	}
diff --git a/crypto/openssl/ssl/s23_pkt.c b/crypto/openssl/ssl/s23_pkt.c
index a62599c..4ca6a1b 100644
--- a/crypto/openssl/ssl/s23_pkt.c
+++ b/crypto/openssl/ssl/s23_pkt.c
@@ -55,66 +55,13 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
+#include "ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
-#include "ssl_locl.h"
 
 int ssl23_write_bytes(SSL *s)
 	{
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
index b40bb01..c5404ca 100644
--- a/crypto/openssl/ssl/s23_srvr.c
+++ b/crypto/openssl/ssl/s23_srvr.c
@@ -110,17 +110,17 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
 static SSL_METHOD *ssl23_get_server_method(int ver)
 	{
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
 #endif
@@ -139,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv23_server_data,
-			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
-		SSLv23_server_data.ssl_accept=ssl23_accept;
-		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv23_server_data,
+				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+			SSLv23_server_data.ssl_accept=ssl23_accept;
+			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_server_data);
 	}
@@ -152,7 +159,7 @@ int ssl23_accept(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL);
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state;
 
@@ -255,13 +262,13 @@ int ssl23_get_client_hello(SSL *s)
 	                     *  9/10  client_version  /
 	                     */
 	char *buf= &(buf_space[0]);
-	unsigned char *p,*d,*dd;
+	unsigned char *p,*d,*d_len,*dd;
 	unsigned int i;
 	unsigned int csl,sil,cl;
 	int n=0,j;
 	int type=0;
 	int v[2];
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	int use_sslv2_strong=0;
 #endif
 
@@ -323,72 +330,6 @@ int ssl23_get_client_hello(SSL *s)
 				else if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;
 
-				if (s->options & SSL_OP_NON_EXPORT_FIRST)
-					/* Not only utterly confusing, but broken
-					 * ('fractured programming'?) -- the details
-					 * of this block nearly make it work
-					 * as intended in this environment, but on one
-					 * of the fine points (w.r.t. restarts) it fails.
-					 * The obvious fix would be even more devastating
-					 * to program structure; if you want the functionality,
-					 * throw this away and implement it in a way
-					 * that makes sense */
-					{
-#if 0
-					STACK_OF(SSL_CIPHER) *sk;
-					SSL_CIPHER *c;
-					int ne2,ne3;
-
-					j=((p[0]&0x7f)<<8)|p[1];
-					if (j > (1024*4))
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-						goto err;
-						}
-
-					n=ssl23_read_bytes(s,j+2);
-					if (n <= 0) return(n);
-					p=s->packet;
-
-					if ((buf=OPENSSL_malloc(n)) == NULL)
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
-						goto err;
-						}
-					memcpy(buf,p,n);
-
-					p+=5;
-					n2s(p,csl);
-					p+=4;
-
-					sk=ssl_bytes_to_cipher_list(
-						s,p,csl,NULL);
-					if (sk != NULL)
-						{
-						ne2=ne3=0;
-						for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
-							{
-							c=sk_SSL_CIPHER_value(sk,j);
-							if (!SSL_C_IS_EXPORT(c))
-								{
-								if ((c->id>>24L) == 2L)
-									ne2=1;
-								else
-									ne3=1;
-								}
-							}
-						if (ne2 && !ne3)
-							{
-							type=1;
-							use_sslv2_strong=1;
-							goto next_bit;
-							}
-						}
-#else
-					SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
-					goto err;
-#endif
-					}
 				}
 			}
 		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
@@ -486,7 +427,9 @@ int ssl23_get_client_hello(SSL *s)
 		j=ssl23_read_bytes(s,n+2);
 		if (j <= 0) return(j);
 
-		ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
+		ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
+		if (s->msg_callback)
+			s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
 
 		p=s->packet;
 		p+=5;
@@ -500,6 +443,13 @@ int ssl23_get_client_hello(SSL *s)
 			goto err;
 			}
 
+		/* record header: msg_type ... */
+		*(d++) = SSL3_MT_CLIENT_HELLO;
+		/* ... and length (actual value will be written later) */
+		d_len = d;
+		d += 3;
+
+		/* client_version */
 		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
 		*(d++) = v[1];
 
@@ -530,7 +480,8 @@ int ssl23_get_client_hello(SSL *s)
 		*(d++)=1;
 		*(d++)=0;
 		
-		i=(d-(unsigned char *)s->init_buf->data);
+		i = (d-(unsigned char *)s->init_buf->data) - 4;
+		l2n3((long)i, d_len);
 
 		/* get the data reused from the init_buf */
 		s->s3->tmp.reuse_message=1;
@@ -543,7 +494,7 @@ int ssl23_get_client_hello(SSL *s)
 
 	if (type == 1)
 		{
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
 #else
@@ -561,7 +512,7 @@ int ssl23_get_client_hello(SSL *s)
 
 		if (s->s3 != NULL) ssl3_free(s);
 
-		if (!BUF_MEM_grow(s->init_buf,
+		if (!BUF_MEM_grow_clean(s->init_buf,
 			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
 			{
 			goto err;
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 236b394..c6319bb 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -110,7 +110,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
@@ -145,11 +145,18 @@ SSL_METHOD *SSLv2_client_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv2_client_data.ssl_connect=ssl2_connect;
-		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv2_client_data.ssl_connect=ssl2_connect;
+			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_client_data);
 	}
@@ -159,7 +166,7 @@ int ssl2_connect(SSL *s)
 	unsigned long l=time(NULL);
 	BUF_MEM *buf=NULL;
 	int ret= -1;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int new_state,state;
 
 	RAND_add(&l,sizeof(l),0);
@@ -201,10 +208,13 @@ int ssl2_connect(SSL *s)
 			if (!BUF_MEM_grow(buf,
 				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
 				{
+				if (buf == s->init_buf)
+					buf=NULL;
 				ret= -1;
 				goto end;
 				}
 			s->init_buf=buf;
+			buf=NULL;
 			s->init_num=0;
 			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
 			s->ctx->stats.sess_connect++;
@@ -331,6 +341,8 @@ int ssl2_connect(SSL *s)
 		}
 end:
 	s->in_handshake--;
+	if (buf != NULL)
+		BUF_MEM_free(buf);
 	if (cb != NULL) 
 		cb(s,SSL_CB_CONNECT_EXIT,ret);
 	return(ret);
@@ -342,7 +354,7 @@ static int get_server_hello(SSL *s)
 	unsigned char *p;
 	int i,j;
 	unsigned long len;
-	STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
+	STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;
 
 	buf=(unsigned char *)s->init_buf->data;
 	p=buf;
@@ -392,6 +404,8 @@ static int get_server_hello(SSL *s)
 	j = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
 	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */
 
 	/* things are looking good */
 
@@ -474,33 +488,49 @@ static int get_server_hello(SSL *s)
 		sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
 
 		/* get the array of ciphers we will accept */
-		cl=ssl_get_ciphers_by_id(s);
-
+		cl=SSL_get_ciphers(s);
+		sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
+
+		/*
+		 * If server preference flag set, choose the first
+		 * (highest priority) cipher the server sends, otherwise
+		 * client preference has priority.
+		 */
+		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+		    {
+		    prio = sk;
+		    allow = cl;
+		    }
+		else
+		    {
+		    prio = cl;
+		    allow = sk;
+		    }
 		/* In theory we could have ciphers sent back that we
 		 * don't want to use but that does not matter since we
 		 * will check against the list we originally sent and
 		 * for performance reasons we should not bother to match
 		 * the two lists up just to check. */
-		for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
 			{
-			if (sk_SSL_CIPHER_find(sk,
-					       sk_SSL_CIPHER_value(cl,i)) >= 0)
+			if (sk_SSL_CIPHER_find(allow,
+					     sk_SSL_CIPHER_value(prio,i)) >= 0)
 				break;
 			}
 
-		if (i >= sk_SSL_CIPHER_num(cl))
+		if (i >= sk_SSL_CIPHER_num(prio))
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
 			return(-1);
 			}
-		s->session->cipher=sk_SSL_CIPHER_value(cl,i);
+		s->session->cipher=sk_SSL_CIPHER_value(prio,i);
 
 
 		if (s->session->peer != NULL) /* can't happen*/
 			{
 			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
 			return(-1);
 			}
 
@@ -513,7 +543,7 @@ static int get_server_hello(SSL *s)
 		/* can't happen */
 		{
 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
 		return(-1);
 		}
 		
@@ -628,7 +658,7 @@ static int client_master_key(SSL *s)
 		if (i > SSL_MAX_KEY_ARG_LENGTH)
 			{
 			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
@@ -641,7 +671,7 @@ static int client_master_key(SSL *s)
 			if (i > sizeof sess->master_key)
 				{
 				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+				SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 				return -1;
 				}
 			if (RAND_bytes(sess->master_key,i) <= 0)
@@ -690,7 +720,7 @@ static int client_master_key(SSL *s)
 		if (karg > sizeof sess->key_arg)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
 		memcpy(d,sess->key_arg,(unsigned int)karg);
@@ -715,7 +745,7 @@ static int client_finished(SSL *s)
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
 		if (s->s2->conn_id_length > sizeof s->s2->conn_id)
 			{
-			SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
@@ -745,10 +775,12 @@ static int client_certificate(SSL *s)
 	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
 		{
 		i=ssl2_read(s,(char *)&(buf[s->init_num]),
-			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
-		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
 			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
 		s->init_num += i;
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */
 
 		/* type=buf[0]; */
 		/* type eq x509 */
@@ -841,9 +873,10 @@ static int client_certificate(SSL *s)
 		/* ok, now we calculate the checksum
 		 * do it first so we can reuse buf :-) */
 		p=buf;
-		EVP_SignInit(&ctx,s->ctx->rsa_md5);
+		EVP_MD_CTX_init(&ctx);
+		EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
 		EVP_SignUpdate(&ctx,s->s2->key_material,
-			(unsigned int)s->s2->key_material_length);
+			       s->s2->key_material_length);
 		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
 		n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
 		EVP_SignUpdate(&ctx,buf,(unsigned int)n);
@@ -862,7 +895,7 @@ static int client_certificate(SSL *s)
 			 * We will continue with a 0 length signature
 			 */
 			}
-		memset(&ctx,0,sizeof(ctx));
+		EVP_MD_CTX_cleanup(&ctx);
 		s2n(n,p);
 		d+=n;
 
@@ -897,8 +930,12 @@ static int get_server_verify(SSL *s)
 					SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
-				SSLerr(SSL_F_GET_SERVER_VERIFY,
-					SSL_R_PEER_ERROR);
+				{
+				SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);
+				/* try to read the error message */
+				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
+				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
+				}
 			return(-1);
 			}
 		}
@@ -909,9 +946,11 @@ static int get_server_verify(SSL *s)
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
 	if (i < n)
 		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
 	p += 1;
 
-	if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
@@ -948,7 +987,12 @@ static int get_server_finished(SSL *s)
 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
+				{
 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+				/* try to read the error message */
+				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
+				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
+				}
 			return(-1);
 			}
 		s->state=SSL2_ST_GET_SERVER_FINISHED_B;
@@ -960,6 +1004,8 @@ static int get_server_finished(SSL *s)
 	if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
 		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
 	s->init_num += i;
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */
 
 	if (!s->hit) /* new session */
 		{
@@ -968,7 +1014,7 @@ static int get_server_finished(SSL *s)
 		 * or bad things can happen */
 		/* ZZZZZZZZZZZZZ */
 		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-		memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
+		memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
 		}
 	else
 		{
@@ -1083,7 +1129,7 @@ end:
 	EVP_PKEY_free(pkey);
 	return(i);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
index 8e5975c..d3b144f 100644
--- a/crypto/openssl/ssl/s2_enc.c
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -57,8 +57,9 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
+#include "cryptlib.h"
 
 int ssl2_enc_init(SSL *s, int client)
 	{
@@ -95,13 +96,15 @@ int ssl2_enc_init(SSL *s, int client)
 
 	num=c->key_len;
 	s->s2->key_material_length=num*2;
+	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
 
 	if (ssl2_generate_key_material(s) <= 0)
 		return 0;
 
-	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+	OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
+	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);
-	EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
 		s->session->key_arg);
 	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
 	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
@@ -170,16 +173,17 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
 	l2n(seq,p);
 
 	/* There has to be a MAC algorithm. */
-	EVP_DigestInit(&c,s->read_hash);
+	EVP_MD_CTX_init(&c);
+	EVP_DigestInit_ex(&c, s->read_hash, NULL);
 	EVP_DigestUpdate(&c,sec,
 		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
 	EVP_DigestUpdate(&c,act,len); 
 	/* the above line also does the pad data */
 	EVP_DigestUpdate(&c,sequence,4); 
-	EVP_DigestFinal(&c,md,NULL);
-	/* some would say I should zero the md context */
+	EVP_DigestFinal_ex(&c,md,NULL);
+	EVP_MD_CTX_cleanup(&c);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index 01d1e97..910b9fe 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -57,10 +57,11 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
+#include <openssl/evp.h>
 #include <openssl/md5.h>
 #include "cryptlib.h"
 
@@ -307,7 +308,7 @@ void ssl2_free(SSL *s)
 	s2=s->s2;
 	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
 	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
-	memset(s2,0,sizeof *s2);
+	OPENSSL_cleanse(s2,sizeof *s2);
 	OPENSSL_free(s2);
 	s->s2=NULL;
 	}
@@ -332,7 +333,7 @@ void ssl2_clear(SSL *s)
 	s->packet_length=0;
 	}
 
-long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
 	{
 	int ret=0;
 
@@ -352,7 +353,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	return(0);
 	}
 
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	{
 	return(0);
 	}
@@ -376,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
-		for (i=0; i<SSL2_NUM_CIPHERS; i++)
-			sorted[i]= &(ssl2_ciphers[i]);
+		if (init)
+			{
+			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+				sorted[i]= &(ssl2_ciphers[i]);
 
-		qsort(  (char *)sorted,
-			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-			FP_ICC ssl_cipher_ptr_id_cmp);
+			qsort((char *)sorted,
+				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+				FP_ICC ssl_cipher_ptr_id_cmp);
 
+			init=0;
+			}
+			
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-		init=0;
 		}
 
 	id=0x02000000L|((unsigned long)p[0]<<16L)|
@@ -418,43 +423,50 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 int ssl2_generate_key_material(SSL *s)
 	{
 	unsigned int i;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char *km;
 	unsigned char c='0';
+	const EVP_MD *md5;
+
+	md5 = EVP_md5();
 
 #ifdef CHARSET_EBCDIC
 	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
 				see SSLv2 docu */
 #endif
-
+	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
 
-	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
-		{
-		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
-		return 0;
-		}
+ 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ 		{
+ 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ 		return 0;
+ 		}
 
-	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
 		{
-		if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
+		if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
 			{
-			/* MD5_Final() below would write beyond buffer */
-			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+			/* EVP_DigestFinal_ex() below would write beyond buffer */
+			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
 			return 0;
 			}
 
-		MD5_Init(&ctx);
+		EVP_DigestInit_ex(&ctx, md5, NULL);
 
-		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
-		MD5_Update(&ctx,&c,1);
+		OPENSSL_assert(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
+		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
-		MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
-		MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-		MD5_Final(km,&ctx);
-		km+=MD5_DIGEST_LENGTH;
+		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
+		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+		EVP_DigestFinal_ex(&ctx,km,NULL);
+		km += EVP_MD_size(md5);
 		}
 
+	EVP_MD_CTX_cleanup(&ctx);
 	return 1;
 	}
 
@@ -483,17 +495,21 @@ void ssl2_write_error(SSL *s)
 
 	error=s->error; /* number of bytes left to write */
 	s->error=0;
-	if (error < 0 || error > sizeof buf) /* can't happen */
-		return;
-	
+	OPENSSL_assert(error >= 0 && error <= sizeof buf);
 	i=ssl2_write(s,&(buf[3-error]),error);
 
 /*	if (i == error) s->rwstate=state; */
 
 	if (i < 0)
 		s->error=error;
-	else if (i != s->error)
+	else
+		{
 		s->error=error-i;
+
+		if (s->error == 0)
+			if (s->msg_callback)
+				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
+		}
 	}
 
 int ssl2_shutdown(SSL *s)
@@ -501,7 +517,7 @@ int ssl2_shutdown(SSL *s)
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c
index deb9e1d..8b6cbd0 100644
--- a/crypto/openssl/ssl/s2_meth.c
+++ b/crypto/openssl/ssl/s2_meth.c
@@ -57,7 +57,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/objects.h>
 
@@ -77,16 +77,23 @@ SSL_METHOD *SSLv2_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv2_data.ssl_connect=ssl2_connect;
-		SSLv2_data.ssl_accept=ssl2_accept;
-		SSLv2_data.get_ssl_method=ssl2_get_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv2_data.ssl_connect=ssl2_connect;
+			SSLv2_data.ssl_accept=ssl2_accept;
+			SSLv2_data.get_ssl_method=ssl2_get_method;
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_data);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
index 3cd7597..d82f137 100644
--- a/crypto/openssl/ssl/s2_pkt.c
+++ b/crypto/openssl/ssl/s2_pkt.c
@@ -110,9 +110,10 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <errno.h>
+#include "cryptlib.h"
 #define USE_SOCKETS
 
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
@@ -247,6 +248,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
 		else
 			{
 			mac_size=EVP_MD_size(s->read_hash);
+			OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
 			s->s2->mac_data=p;
 			s->s2->ract_data= &p[mac_size];
 			if (s->s2->padding + mac_size > s->s2->rlength)
@@ -692,6 +694,8 @@ int ssl2_do_write(SSL *s)
 	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
 	if (ret == s->init_num)
 		{
+		if (s->msg_callback)
+			s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
 		return(1);
 		}
 	if (ret < 0)
@@ -725,7 +729,7 @@ static int ssl_mt_error(int n)
 		}
 	return(ret);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index d736f68..62859a2 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -110,7 +110,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/bio.h>
 #include <openssl/rand.h>
@@ -145,11 +145,18 @@ SSL_METHOD *SSLv2_server_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv2_server_data.ssl_accept=ssl2_accept;
-		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv2_server_data.ssl_accept=ssl2_accept;
+			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_server_data);
 	}
@@ -160,7 +167,7 @@ int ssl2_accept(SSL *s)
 	BUF_MEM *buf=NULL;
 	int ret= -1;
 	long num1;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int new_state,state;
 
 	RAND_add(&l,sizeof(l),0);
@@ -430,7 +437,7 @@ static int get_client_master_key(SSL *s)
 	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 	keya=s->session->key_arg_length;
@@ -444,6 +451,8 @@ static int get_client_master_key(SSL *s)
 	n = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
 	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
 	p += 10;
 
 	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
@@ -518,7 +527,7 @@ static int get_client_master_key(SSL *s)
 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 	s->session->master_key_length=i;
@@ -533,6 +542,7 @@ static int get_client_hello(SSL *s)
 	unsigned char *p;
 	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
 	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+	STACK_OF(SSL_CIPHER) *prio, *allow;
 	int z;
 
 	/* This is a bit of a hack to check for the correct packet
@@ -589,6 +599,8 @@ static int get_client_hello(SSL *s)
 	n = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
 	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
 	p += 9;
 
 	/* get session-id before cipher stuff so we can get out session
@@ -646,21 +658,37 @@ static int get_client_hello(SSL *s)
 			&s->session->ciphers);
 		if (cs == NULL) goto mem_err;
 
-		cl=ssl_get_ciphers_by_id(s);
+		cl=SSL_get_ciphers(s);
 
-		for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
+		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+		    {
+		    prio=sk_SSL_CIPHER_dup(cl);
+		    if (prio == NULL) goto mem_err;
+		    allow = cs;
+		    }
+		else
+		    {
+		    prio = cs;
+		    allow = cl;
+		    }
+		for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
 			{
-			if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
+			if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
 				{
-				sk_SSL_CIPHER_delete(cs,z);
+				sk_SSL_CIPHER_delete(prio,z);
 				z--;
 				}
 			}
-
+		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+		    {
+		    sk_SSL_CIPHER_free(s->session->ciphers);
+		    s->session->ciphers = prio;
+		    }
 		/* s->session->ciphers should now have a list of
 		 * ciphers that are on both the client and server.
 		 * This list is ordered by the order the client sent
-		 * the ciphers.
+		 * the ciphers or in the order of the server's preference
+		 * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
 		 */
 		}
 	p+=s->s2->tmp.cipher_spec_length;
@@ -673,7 +701,7 @@ static int get_client_hello(SSL *s)
 	if (s->s2->challenge_length > sizeof s->s2->challenge)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
@@ -820,7 +848,12 @@ static int get_client_finished(SSL *s)
 				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
+				{
 				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+				/* try to read the error message */
+				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
+				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
+				}
 			return(-1);
 			}
 		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
@@ -830,7 +863,7 @@ static int get_client_finished(SSL *s)
 	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 	len = 1 + (unsigned long)s->s2->conn_id_length;
@@ -840,8 +873,10 @@ static int get_client_finished(SSL *s)
 		{
 		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
 		}
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
 	p += 1;
-	if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+	if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
@@ -860,7 +895,7 @@ static int server_verify(SSL *s)
 		*(p++)=SSL2_MT_SERVER_VERIFY;
 		if (s->s2->challenge_length > sizeof s->s2->challenge)
 			{
-			SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
@@ -884,7 +919,7 @@ static int server_finish(SSL *s)
 
 		if (s->session->session_id_length > sizeof s->session->session_id)
 			{
-			SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
 		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
@@ -959,6 +994,9 @@ static int request_certificate(SSL *s)
 				goto end;
 				}
 
+			if (s->msg_callback)
+				s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
+
 			/* this is the one place where we can recover from an SSL 2.0 error */
 
 			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
@@ -978,7 +1016,7 @@ static int request_certificate(SSL *s)
 			}
 		if (s->init_num != 6)
 			{
-			SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
 			goto end;
 			}
 		
@@ -1001,7 +1039,7 @@ static int request_certificate(SSL *s)
 	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
 		{
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
 		goto end;
 		}
 	j = (int)len - s->init_num;
@@ -1011,6 +1049,8 @@ static int request_certificate(SSL *s)
 		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
 		goto end;
 		}
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
 	p += 6;
 
 	x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
@@ -1033,9 +1073,10 @@ static int request_certificate(SSL *s)
 		EVP_MD_CTX ctx;
 		EVP_PKEY *pkey=NULL;
 
-		EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
+		EVP_MD_CTX_init(&ctx);
+		EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
 		EVP_VerifyUpdate(&ctx,s->s2->key_material,
-			(unsigned int)s->s2->key_material_length);
+				 s->s2->key_material_length);
 		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
 		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
@@ -1054,7 +1095,7 @@ static int request_certificate(SSL *s)
 		if (pkey == NULL) goto end;
 		i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
 		EVP_PKEY_free(pkey);
-		memset(&ctx,0,sizeof(ctx));
+		EVP_MD_CTX_cleanup(&ctx);
 
 		if (i) 
 			{
@@ -1107,7 +1148,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
 	return(i);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c
index beb5628..38a7152 100644
--- a/crypto/openssl/ssl/s3_both.c
+++ b/crypto/openssl/ssl/s3_both.c
@@ -109,16 +109,17 @@
  *
  */
 
+#include <limits.h>
 #include <string.h>
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "ssl_locl.h"
 
-/* send s->init_buf in records of type 'type' */
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
 int ssl3_do_write(SSL *s, int type)
 	{
 	int ret;
@@ -132,7 +133,11 @@ int ssl3_do_write(SSL *s, int type)
 		ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
 	
 	if (ret == s->init_num)
+		{
+		if (s->msg_callback)
+			s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
 		return(1);
+		}
 	s->init_off+=ret;
 	s->init_num-=ret;
 	return(0);
@@ -158,7 +163,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		p+=i;
 		l=i;
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		/* MSVC 1.5 does not clear the top bytes of the word unless
 		 * I do this.
 		 */
@@ -205,7 +210,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 		}
 	s->s3->change_cipher_spec=0;
 
-	p = (unsigned char *)s->init_buf->data;
+	p = (unsigned char *)s->init_msg;
 	i = s->s3->tmp.peer_finish_md_len;
 
 	if (i != n)
@@ -265,19 +270,23 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
 
 	/* TLSv1 sends a chain with nothing in it, instead of an alert */
 	buf=s->init_buf;
-	if (!BUF_MEM_grow(buf,(int)(10)))
+	if (!BUF_MEM_grow_clean(buf,10))
 		{
 		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
 		return(0);
 		}
 	if (x != NULL)
 		{
-		X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+		if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+			{
+			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+			return(0);
+			}
 
 		for (;;)
 			{
 			n=i2d_X509(x,NULL);
-			if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+			if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
 				{
 				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
 				return(0);
@@ -307,7 +316,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
 		{
 		x=sk_X509_value(s->ctx->extra_certs,i);
 		n=i2d_X509(x,NULL);
-		if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+		if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
 			{
 			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
 			return(0);
@@ -351,7 +360,9 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 			goto f_err;
 			}
 		*ok=1;
-		return((int)s->s3->tmp.message_size);
+		s->init_msg = s->init_buf->data + 4;
+		s->init_num = (int)s->s3->tmp.message_size;
+		return s->init_num;
 		}
 
 	p=(unsigned char *)s->init_buf->data;
@@ -386,8 +397,10 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 						{
 						s->init_num = 0;
 						skip_message = 1;
+
+						if (s->msg_callback)
+							s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
 						}
-			
 			}
 		while (skip_message);
 
@@ -411,8 +424,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 			ssl3_init_finished_mac(s);
 			}
 
-		ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
-			
 		s->s3->tmp.message_type= *(p++);
 
 		n2l3(p,l);
@@ -422,7 +433,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
 			goto f_err;
 			}
-		if (l && !BUF_MEM_grow(s->init_buf,(int)l))
+		if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+			goto f_err;
+			}
+		if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
 			{
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
 			goto err;
@@ -430,13 +447,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 		s->s3->tmp.message_size=l;
 		s->state=stn;
 
-		s->init_num=0;
+		s->init_msg = s->init_buf->data + 4;
+		s->init_num = 0;
 		}
 
 	/* next state (stn) */
-	p=(unsigned char *)s->init_buf->data;
-	n=s->s3->tmp.message_size;
-	n -= s->init_num;
+	p = s->init_msg;
+	n = s->s3->tmp.message_size - s->init_num;
 	while (n > 0)
 		{
 		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
@@ -449,7 +466,9 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 		s->init_num += i;
 		n -= i;
 		}
-	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
+	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
 	*ok=1;
 	return s->init_num;
 f_err:
@@ -517,6 +536,7 @@ int ssl_verify_alarm_type(long type)
 		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
 	case X509_V_ERR_UNABLE_TO_GET_CRL:
+	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
 		al=SSL_AD_UNKNOWN_CA;
 		break;
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
@@ -584,7 +604,7 @@ int ssl3_setup_buffers(SSL *s)
 		if ((p=OPENSSL_malloc(len)) == NULL)
 			goto err;
 		s->s3->rbuf.buf = p;
-		s->s3->rbuf_len = len;
+		s->s3->rbuf.len = len;
 		}
 
 	if (s->s3->wbuf.buf == NULL)
@@ -594,7 +614,7 @@ int ssl3_setup_buffers(SSL *s)
 		if ((p=OPENSSL_malloc(len)) == NULL)
 			goto err;
 		s->s3->wbuf.buf = p;
-		s->s3->wbuf_len = len;
+		s->s3->wbuf.len = len;
 		}
 	s->packet= &(s->s3->rbuf.buf[0]);
 	return(1);
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index 32b9cea..fae8ead 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -110,13 +110,13 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
-#include "ssl_locl.h"
+#include <openssl/md5.h>
 #include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
@@ -146,21 +146,28 @@ SSL_METHOD *SSLv3_client_method(void)
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_client_data.ssl_connect=ssl3_connect;
-		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_client_data.ssl_connect=ssl3_connect;
+			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_client_data);
 	}
 
 int ssl3_connect(SSL *s)
 	{
-	BUF_MEM *buf;
+	BUF_MEM *buf=NULL;
 	unsigned long Time=time(NULL),l;
 	long num1;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state,skip=0;;
 
@@ -197,7 +204,7 @@ int ssl3_connect(SSL *s)
 
 			if ((s->version & 0xff00 ) != 0x0300)
 				{
-				SSLerr(SSL_F_SSL3_CONNECT, SSL_R_INTERNAL_ERROR);
+				SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
 				ret = -1;
 				goto end;
 				}
@@ -218,6 +225,7 @@ int ssl3_connect(SSL *s)
 					goto end;
 					}
 				s->init_buf=buf;
+				buf=NULL;
 				}
 
 			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -496,6 +504,8 @@ int ssl3_connect(SSL *s)
 		}
 end:
 	s->in_handshake--;
+	if (buf != NULL)
+		BUF_MEM_free(buf);
 	if (cb != NULL)
 		cb(s,SSL_CB_CONNECT_EXIT,ret);
 	return(ret);
@@ -548,7 +558,7 @@ static int ssl3_client_hello(SSL *s)
 			{
 			if (i > sizeof s->session->session_id)
 				{
-				SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
 			memcpy(p,s->session->session_id,i);
@@ -613,7 +623,7 @@ static int ssl3_get_server_hello(SSL *s)
 		&ok);
 
 	if (!ok) return((int)n);
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
 	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
 		{
@@ -632,30 +642,20 @@ static int ssl3_get_server_hello(SSL *s)
 	/* get the session-id */
 	j= *(p++);
 
-       if(j > sizeof s->session->session_id)
-               {
-               al=SSL_AD_ILLEGAL_PARAMETER;
-               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
-               goto f_err;
-               }
-
-	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
 		{
-		/* SSLref returns 16 :-( */
-		if (j < SSL2_SSL_SESSION_ID_LENGTH)
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
-			goto f_err;
-			}
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+		goto f_err;
 		}
+
 	if (j != 0 && j == s->session->session_id_length
 	    && memcmp(p,s->session->session_id,j) == 0)
 	    {
 	    if(s->sid_ctx_length != s->session->sid_ctx_length
 	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
 		{
+		/* actually a client application bug */
 		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
 		goto f_err;
@@ -699,7 +699,12 @@ static int ssl3_get_server_hello(SSL *s)
 		goto f_err;
 		}
 
-	if (s->hit && (s->session->cipher != c))
+	/* Depending on the session caching (internal/external), the cipher
+	   and/or cipher_id values may not be set. Make sure that
+	   cipher_id is set and use it for comparison. */
+	if (s->session->cipher)
+		s->session->cipher_id = s->session->cipher->id;
+	if (s->hit && (s->session->cipher_id != c->id))
 		{
 		if (!(s->options &
 			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
@@ -754,16 +759,13 @@ static int ssl3_get_server_certificate(SSL *s)
 	STACK_OF(X509) *sk=NULL;
 	SESS_CERT *sc;
 	EVP_PKEY *pkey=NULL;
+        int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_CERT_A,
 		SSL3_ST_CR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30, /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -780,7 +782,7 @@ static int ssl3_get_server_certificate(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
 		goto f_err;
 		}
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
 	if ((sk=sk_X509_new_null()) == NULL)
 		{
@@ -830,7 +832,12 @@ static int ssl3_get_server_certificate(SSL *s)
 		}
 
 	i=ssl_verify_cert_chain(s,sk);
-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+#ifndef OPENSSL_NO_KRB5
+                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                != (SSL_aKRB5|SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                )
 		{
 		al=ssl_verify_alarm_type(s->verify_result);
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -849,39 +856,66 @@ static int ssl3_get_server_certificate(SSL *s)
 	 * certificate, which we don't include in s3_srvr.c */
 	x=sk_X509_value(sk,0);
 	sk=NULL;
+ 	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
 
 	pkey=X509_get_pubkey(x);
 
-	if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))
+        /* VRS: allow null cert if auth == KRB5 */
+        need_cert =	((s->s3->tmp.new_cipher->algorithms
+			& (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
+
+#ifdef KSSL_DEBUG
+	printf("pkey,x = %p, %p\n", pkey,x);
+	printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
+	printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
+                s->s3->tmp.new_cipher->algorithms, need_cert);
+#endif    /* KSSL_DEBUG */
+
+	if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
 		{
 		x=NULL;
 		al=SSL3_AL_FATAL;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+			SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
 		goto f_err;
 		}
 
 	i=ssl_cert_type(x,pkey);
-	if (i < 0)
+	if (need_cert && i < 0)
 		{
 		x=NULL;
 		al=SSL3_AL_FATAL;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+			SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 		goto f_err;
 		}
 
-	sc->peer_cert_type=i;
-	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen?
-										 * We just created sc a couple of
-										 * lines ago. */
-		X509_free(sc->peer_pkeys[i].x509);
-	sc->peer_pkeys[i].x509=x;
-	sc->peer_key= &(sc->peer_pkeys[i]);
-
-	if (s->session->peer != NULL)
-		X509_free(s->session->peer);
-	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	s->session->peer=x;
+        if (need_cert)
+                {
+                sc->peer_cert_type=i;
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                /* Why would the following ever happen?
+                 * We just created sc a couple of lines ago. */
+                if (sc->peer_pkeys[i].x509 != NULL)
+                        X509_free(sc->peer_pkeys[i].x509);
+                sc->peer_pkeys[i].x509=x;
+                sc->peer_key= &(sc->peer_pkeys[i]);
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                s->session->peer=x;
+                }
+        else
+                {
+                sc->peer_cert_type=i;
+                sc->peer_key= NULL;
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                s->session->peer=NULL;
+                }
 	s->session->verify_result = s->verify_result;
 
 	x=NULL;
@@ -901,7 +935,7 @@ err:
 
 static int ssl3_get_key_exchange(SSL *s)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
 #endif
 	EVP_MD_CTX md_ctx;
@@ -909,10 +943,10 @@ static int ssl3_get_key_exchange(SSL *s)
 	int al,i,j,param_len,ok;
 	long n,alg;
 	EVP_PKEY *pkey=NULL;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh=NULL;
 #endif
 
@@ -922,11 +956,7 @@ static int ssl3_get_key_exchange(SSL *s)
 		SSL3_ST_CR_KEY_EXCH_A,
 		SSL3_ST_CR_KEY_EXCH_B,
 		-1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-		1024*30,  /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -937,18 +967,18 @@ static int ssl3_get_key_exchange(SSL *s)
 		return(1);
 		}
 
-	param=p=(unsigned char *)s->init_buf->data;
+	param=p=(unsigned char *)s->init_msg;
 
 	if (s->session->sess_cert != NULL)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (s->session->sess_cert->peer_rsa_tmp != NULL)
 			{
 			RSA_free(s->session->sess_cert->peer_rsa_tmp);
 			s->session->sess_cert->peer_rsa_tmp=NULL;
 			}
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (s->session->sess_cert->peer_dh_tmp)
 			{
 			DH_free(s->session->sess_cert->peer_dh_tmp);
@@ -963,8 +993,9 @@ static int ssl3_get_key_exchange(SSL *s)
 
 	param_len=0;
 	alg=s->s3->tmp.new_cipher->algorithms;
+	EVP_MD_CTX_init(&md_ctx);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (alg & SSL_kRSA)
 		{
 		if ((rsa=RSA_new()) == NULL)
@@ -1008,17 +1039,17 @@ static int ssl3_get_key_exchange(SSL *s)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 		else
 			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		s->session->sess_cert->peer_rsa_tmp=rsa;
 		rsa=NULL;
 		}
-#else /* NO_RSA */
+#else /* OPENSSL_NO_RSA */
 	if (0)
 		;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	else if (alg & SSL_kEDH)
 		{
 		if ((dh=DH_new()) == NULL)
@@ -1072,14 +1103,14 @@ static int ssl3_get_key_exchange(SSL *s)
 		p+=i;
 		n-=param_len;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (alg & SSL_aRSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #else
 		if (0)
 			;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		else if (alg & SSL_aDSS)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
@@ -1094,7 +1125,7 @@ static int ssl3_get_key_exchange(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
 		goto f_err;
 		}
-#endif /* !NO_DH */
+#endif /* !OPENSSL_NO_DH */
 	if (alg & SSL_aFZA)
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1121,7 +1152,7 @@ static int ssl3_get_key_exchange(SSL *s)
 			goto f_err;
 			}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			int num;
@@ -1130,12 +1161,12 @@ static int ssl3_get_key_exchange(SSL *s)
 			q=md_buf;
 			for (num=2; num > 0; num--)
 				{
-				EVP_DigestInit(&md_ctx,(num == 2)
-					?s->ctx->md5:s->ctx->sha1);
+				EVP_DigestInit_ex(&md_ctx,(num == 2)
+					?s->ctx->md5:s->ctx->sha1, NULL);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
-				EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
+				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
 				q+=i;
 				j+=i;
 				}
@@ -1157,11 +1188,11 @@ static int ssl3_get_key_exchange(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			/* lets do DSS */
-			EVP_VerifyInit(&md_ctx,EVP_dss1());
+			EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,param,param_len);
@@ -1176,7 +1207,7 @@ static int ssl3_get_key_exchange(SSL *s)
 		else
 #endif
 			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		}
@@ -1185,7 +1216,7 @@ static int ssl3_get_key_exchange(SSL *s)
 		/* still data left over */
 		if (!(alg & SSL_aNULL))
 			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		if (n != 0)
@@ -1196,19 +1227,21 @@ static int ssl3_get_key_exchange(SSL *s)
 			}
 		}
 	EVP_PKEY_free(pkey);
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
 	EVP_PKEY_free(pkey);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (rsa != NULL)
 		RSA_free(rsa);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (dh != NULL)
 		DH_free(dh);
 #endif
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(-1);
 	}
 
@@ -1225,11 +1258,7 @@ static int ssl3_get_certificate_request(SSL *s)
 		SSL3_ST_CR_CERT_REQ_A,
 		SSL3_ST_CR_CERT_REQ_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30,  /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -1261,7 +1290,7 @@ static int ssl3_get_certificate_request(SSL *s)
 			}
 		}
 
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
 	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
 		{
@@ -1392,10 +1421,13 @@ static int ssl3_send_client_key_exchange(SSL *s)
 	unsigned char *p,*d;
 	int n;
 	unsigned long l;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	EVP_PKEY *pkey=NULL;
 #endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
 
 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
 		{
@@ -1404,8 +1436,10 @@ static int ssl3_send_client_key_exchange(SSL *s)
 
 		l=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_RSA
-		if (l & SSL_kRSA)
+                /* Fool emacs indentation */
+                if (0) {}
+#ifndef OPENSSL_NO_RSA
+		else if (l & SSL_kRSA)
 			{
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1419,7 +1453,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
 					(pkey->type != EVP_PKEY_RSA) ||
 					(pkey->pkey.rsa == NULL))
 					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 					goto err;
 					}
 				rsa=pkey->pkey.rsa;
@@ -1428,16 +1462,16 @@ static int ssl3_send_client_key_exchange(SSL *s)
 				
 			tmp_buf[0]=s->client_version>>8;
 			tmp_buf[1]=s->client_version&0xff;
-			if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
+			if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
 					goto err;
 
-			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+			s->session->master_key_length=sizeof tmp_buf;
 
 			q=p;
 			/* Fix buf for TLS and beyond */
 			if (s->version > SSL3_VERSION)
 				p+=2;
-			n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+			n=RSA_public_encrypt(sizeof tmp_buf,
 				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
 #ifdef PKCS1_CHECK
 			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
@@ -1459,13 +1493,144 @@ static int ssl3_send_client_key_exchange(SSL *s)
 			s->session->master_key_length=
 				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,
-					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
-			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+					tmp_buf,sizeof tmp_buf);
+			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
 			}
-		else
 #endif
-#ifndef NO_DH
-		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+#ifndef OPENSSL_NO_KRB5
+		else if (l & SSL_kKRB5)
+                        {
+                        krb5_error_code	krb5rc;
+                        KSSL_CTX	*kssl_ctx = s->kssl_ctx;
+                        /*  krb5_data	krb5_ap_req;  */
+                        krb5_data	*enc_ticket;
+                        krb5_data	authenticator, *authp = NULL;
+			EVP_CIPHER_CTX	ciph_ctx;
+			EVP_CIPHER	*enc = NULL;
+			unsigned char	iv[EVP_MAX_IV_LENGTH];
+			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH 
+						+ EVP_MAX_IV_LENGTH];
+			int 		padl, outl = sizeof(epms);
+
+			EVP_CIPHER_CTX_init(&ciph_ctx);
+
+#ifdef KSSL_DEBUG
+                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                                l, SSL_kKRB5);
+#endif	/* KSSL_DEBUG */
+
+			authp = NULL;
+#ifdef KRB5SENDAUTH
+			if (KRB5SENDAUTH)  authp = &authenticator;
+#endif	/* KRB5SENDAUTH */
+
+                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+				&kssl_err);
+			enc = kssl_map_enc(kssl_ctx->enctype);
+                        if (enc == NULL)
+                            goto err;
+#ifdef KSSL_DEBUG
+                        {
+                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                        if (krb5rc && kssl_err.text)
+			  printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+                        }
+#endif	/* KSSL_DEBUG */
+
+                        if (krb5rc)
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,
+						SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+						kssl_err.reason);
+                                goto err;
+                                }
+
+			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
+			**  in place of RFC 2712 KerberosWrapper, as in:
+			**
+                        **  Send ticket (copy to *p, set n = length)
+                        **  n = krb5_ap_req.length;
+                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+                        **  if (krb5_ap_req.data)  
+                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+                        **
+			**  Now using real RFC 2712 KerberosWrapper
+			**  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
+			**  Note: 2712 "opaque" types are here replaced
+			**  with a 2-byte length followed by the value.
+			**  Example:
+			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+			**  Where "xx xx" = length bytes.  Shown here with
+			**  optional authenticator omitted.
+			*/
+
+			/*  KerberosWrapper.Ticket		*/
+			s2n(enc_ticket->length,p);
+			memcpy(p, enc_ticket->data, enc_ticket->length);
+			p+= enc_ticket->length;
+			n = enc_ticket->length + 2;
+
+			/*  KerberosWrapper.Authenticator	*/
+			if (authp  &&  authp->length)  
+				{
+				s2n(authp->length,p);
+				memcpy(p, authp->data, authp->length);
+				p+= authp->length;
+				n+= authp->length + 2;
+				
+				free(authp->data);
+				authp->data = NULL;
+				authp->length = 0;
+				}
+			else
+				{
+				s2n(0,p);/*  null authenticator length	*/
+				n+=2;
+				}
+ 
+			if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
+			    goto err;
+
+			/*  20010420 VRS.  Tried it this way; failed.
+			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+			**				kssl_ctx->length);
+			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+			*/
+
+			memset(iv, 0, sizeof iv);  /* per RFC 1510 */
+			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
+				kssl_ctx->key,iv);
+			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
+				sizeof tmp_buf);
+			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
+			outl += padl;
+			if (outl > sizeof epms)
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
+			s2n(outl,p);
+			memcpy(p, epms, outl);
+			p+=outl;
+			n+=outl + 2;
+
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+					s->session->master_key,
+					tmp_buf, sizeof tmp_buf);
+
+			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+			OPENSSL_cleanse(epms, outl);
+                        }
+#endif
+#ifndef OPENSSL_NO_DH
+		else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			{
 			DH *dh_srvr,*dh_clnt;
 
@@ -1519,11 +1684,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
 
 			/* perhaps clean things up a bit EAY EAY EAY EAY*/
 			}
-		else
 #endif
+		else
 			{
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		
@@ -1547,11 +1712,11 @@ static int ssl3_send_client_verify(SSL *s)
 	unsigned char *p,*d;
 	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	EVP_PKEY *pkey;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned u=0;
 #endif
 	unsigned long n;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	int j;
 #endif
 
@@ -1564,7 +1729,7 @@ static int ssl3_send_client_verify(SSL *s)
 		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
 			&(data[MD5_DIGEST_LENGTH]));
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			s->method->ssl3_enc->cert_verify_mac(s,
@@ -1581,7 +1746,7 @@ static int ssl3_send_client_verify(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			if (!DSA_sign(pkey->save_type,
@@ -1598,7 +1763,7 @@ static int ssl3_send_client_verify(SSL *s)
 		else
 #endif
 			{
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
@@ -1697,10 +1862,10 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 	long algs;
 	EVP_PKEY *pkey=NULL;
 	SESS_CERT *sc;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh;
 #endif
 
@@ -1708,20 +1873,20 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 
 	if (sc == NULL)
 		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
 		goto err;
 		}
 
 	algs=s->s3->tmp.new_cipher->algorithms;
 
 	/* we don't have a certificate */
-	if (algs & (SSL_aDH|SSL_aNULL))
+	if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
 		return(1);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	rsa=s->session->sess_cert->peer_rsa_tmp;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	dh=s->session->sess_cert->peer_dh_tmp;
 #endif
 
@@ -1739,14 +1904,14 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
 		goto f_err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
 		goto f_err;
 		}
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if ((algs & SSL_kRSA) &&
 		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
 		{
@@ -1754,7 +1919,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		goto f_err;
 		}
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if ((algs & SSL_kEDH) &&
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
 		{
@@ -1766,7 +1931,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
 		goto f_err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
@@ -1777,7 +1942,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 
 	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (algs & SSL_kRSA)
 			{
 			if (rsa == NULL
@@ -1789,7 +1954,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 79fa4f9..35fde29 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -110,10 +110,9 @@
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
 #include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/md5.h>
 
 static unsigned char ssl3_pad_1[48]={
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
@@ -134,11 +133,11 @@ static unsigned char ssl3_pad_2[48]={
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 	const char *sender, int len, unsigned char *p);
 
-static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	{
-	MD5_CTX m5;
-	SHA_CTX s1;
-	unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+	EVP_MD_CTX m5;
+	EVP_MD_CTX s1;
+	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
 	unsigned char c='A';
 	int i,j,k;
 
@@ -146,49 +145,62 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	c = os_toascii[c]; /*'A' in ASCII */
 #endif
 	k=0;
+	EVP_MD_CTX_init(&m5);
+	EVP_MD_CTX_init(&s1);
 	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
 		{
 		k++;
+		if (k > sizeof buf)
+			{
+			/* bug: 'buf' is too small for this ciphersuite */
+			SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+			return 0;
+			}
+		
 		for (j=0; j<k; j++)
 			buf[j]=c;
 		c++;
-		SHA1_Init(  &s1);
-		SHA1_Update(&s1,buf,k);
-		SHA1_Update(&s1,s->session->master_key,
+		EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);
+		EVP_DigestUpdate(&s1,buf,k);
+		EVP_DigestUpdate(&s1,s->session->master_key,
 			s->session->master_key_length);
-		SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
-		SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-		SHA1_Final( smd,&s1);
+		EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+		EVP_DigestFinal_ex(&s1,smd,NULL);
 
-		MD5_Init(  &m5);
-		MD5_Update(&m5,s->session->master_key,
+		EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
+		EVP_DigestUpdate(&m5,s->session->master_key,
 			s->session->master_key_length);
-		MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
 		if ((i+MD5_DIGEST_LENGTH) > num)
 			{
-			MD5_Final(smd,&m5);
+			EVP_DigestFinal_ex(&m5,smd,NULL);
 			memcpy(km,smd,(num-i));
 			}
 		else
-			MD5_Final(km,&m5);
+			EVP_DigestFinal_ex(&m5,km,NULL);
 
 		km+=MD5_DIGEST_LENGTH;
 		}
-	memset(smd,0,SHA_DIGEST_LENGTH);
+	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
+	EVP_MD_CTX_cleanup(&m5);
+	EVP_MD_CTX_cleanup(&s1);
+	return 1;
 	}
 
 int ssl3_change_cipher_state(SSL *s, int which)
 	{
 	unsigned char *p,*key_block,*mac_secret;
 	unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-	unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+	unsigned char exp_iv[EVP_MAX_IV_LENGTH];
 	unsigned char *ms,*key,*iv,*er1,*er2;
 	EVP_CIPHER_CTX *dd;
 	const EVP_CIPHER *c;
 	COMP_METHOD *comp;
 	const EVP_MD *m;
-	MD5_CTX md;
+	EVP_MD_CTX md;
 	int exp,n,i,j,k,cl;
+	int reuse_dd = 0;
 
 	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
@@ -201,9 +213,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	if (which & SSL3_CC_READ)
 		{
-		if ((s->enc_read_ctx == NULL) &&
-			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		if (s->enc_read_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
@@ -232,9 +244,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
 		}
 	else
 		{
-		if ((s->enc_write_ctx == NULL) &&
-			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		if (s->enc_write_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
@@ -257,6 +269,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
 
+	if (reuse_dd)
+		EVP_CIPHER_CTX_cleanup(dd);
 	EVP_CIPHER_CTX_init(dd);
 
 	p=s->s3->tmp.key_block;
@@ -287,39 +301,41 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	if (n > s->s3->tmp.key_block_length)
 		{
-		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
 		goto err2;
 		}
 
+	EVP_MD_CTX_init(&md);
 	memcpy(mac_secret,ms,i);
 	if (exp)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
 		 */
-		MD5_Init(&md);
-		MD5_Update(&md,key,j);
-		MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-		MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-		MD5_Final(&(exp_key[0]),&md);
+		EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+		EVP_DigestUpdate(&md,key,j);
+		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+		EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
 		key= &(exp_key[0]);
 
 		if (k > 0)
 			{
-			MD5_Init(&md);
-			MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-			MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-			MD5_Final(&(exp_iv[0]),&md);
+			EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+			EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
 			iv= &(exp_iv[0]);
 			}
 		}
 
 	s->session->key_arg_length=0;
 
-	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
-	memset(&(exp_key[0]),0,sizeof(exp_key));
-	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
+	EVP_MD_CTX_cleanup(&md);
 	return(1);
 err:
 	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -333,6 +349,7 @@ int ssl3_setup_key_block(SSL *s)
 	const EVP_CIPHER *c;
 	const EVP_MD *hash;
 	int num;
+	int ret = 0;
 	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
@@ -358,9 +375,9 @@ int ssl3_setup_key_block(SSL *s)
 
 	s->s3->tmp.key_block_length=num;
 	s->s3->tmp.key_block=p;
-	
-	ssl3_generate_key_block(s,p,num);
-	
+
+	ret = ssl3_generate_key_block(s,p,num);
+
 	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
 		{
 		/* enable vulnerability countermeasure for CBC ciphers with
@@ -368,19 +385,20 @@ int ssl3_setup_key_block(SSL *s)
 		 */
 		s->s3->need_empty_fragments = 1;
 
- 		if (s->session->cipher != NULL)
+		if (s->session->cipher != NULL)
 			{
 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- 				s->s3->need_empty_fragments = 0;
- 			
-#ifndef NO_RC4
- 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- 				s->s3->need_empty_fragments = 0;
+				s->s3->need_empty_fragments = 0;
+			
+#ifndef OPENSSL_NO_RC4
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+				s->s3->need_empty_fragments = 0;
 #endif
- 			}
- 		}
+			}
+		}
+
+	return ret;
 		
-	return(1);
 err:
 	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
 	return(0);
@@ -390,7 +408,7 @@ void ssl3_cleanup_key_block(SSL *s)
 	{
 	if (s->s3->tmp.key_block != NULL)
 		{
-		memset(s->s3->tmp.key_block,0,
+		OPENSSL_cleanse(s->s3->tmp.key_block,
 			s->s3->tmp.key_block_length);
 		OPENSSL_free(s->s3->tmp.key_block);
 		s->s3->tmp.key_block=NULL;
@@ -481,8 +499,8 @@ int ssl3_enc(SSL *s, int send)
 
 void ssl3_init_finished_mac(SSL *s)
 	{
-	EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
-	EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
+	EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
+	EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
 	}
 
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
@@ -516,7 +534,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
 	EVP_MD_CTX ctx;
 
-	EVP_MD_CTX_copy(&ctx,in_ctx);
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
 
 	n=EVP_MD_CTX_size(&ctx);
 	npad=(48/n)*n;
@@ -526,16 +545,16 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
-	EVP_DigestFinal(&ctx,md_buf,&i);
+	EVP_DigestFinal_ex(&ctx,md_buf,&i);
 
-	EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx));
+	EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
 	EVP_DigestUpdate(&ctx,md_buf,i);
-	EVP_DigestFinal(&ctx,p,&ret);
+	EVP_DigestFinal_ex(&ctx,p,&ret);
 
-	memset(&ctx,0,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_cleanup(&ctx);
 
 	return((int)ret);
 	}
@@ -569,8 +588,9 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 	npad=(48/md_size)*md_size;
 
 	/* Chop the digest off the end :-) */
+	EVP_MD_CTX_init(&md_ctx);
 
-	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
 	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
 	EVP_DigestUpdate(&md_ctx,seq,8);
@@ -580,13 +600,15 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 	s2n(rec->length,p);
 	EVP_DigestUpdate(&md_ctx,md,2);
 	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
-	EVP_DigestFinal( &md_ctx,md,NULL);
+	EVP_DigestFinal_ex( &md_ctx,md,NULL);
 
-	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
 	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
 	EVP_DigestUpdate(&md_ctx,md,md_size);
-	EVP_DigestFinal( &md_ctx,md,&md_size);
+	EVP_DigestFinal_ex( &md_ctx,md,&md_size);
+
+	EVP_MD_CTX_cleanup(&md_ctx);
 
 	for (i=7; i>=0; i--)
 		{
@@ -616,24 +638,26 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	int i,ret=0;
 	unsigned int n;
 
+	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<3; i++)
 		{
-		EVP_DigestInit(&ctx,s->ctx->sha1);
+		EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
 		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
 			SSL3_RANDOM_SIZE);
 		EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
 			SSL3_RANDOM_SIZE);
-		EVP_DigestFinal(&ctx,buf,&n);
+		EVP_DigestFinal_ex(&ctx,buf,&n);
 
-		EVP_DigestInit(&ctx,s->ctx->md5);
+		EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,buf,n);
-		EVP_DigestFinal(&ctx,out,&n);
+		EVP_DigestFinal_ex(&ctx,out,&n);
 		out+=n;
 		ret+=n;
 		}
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
 
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 9951ebb..896b12f 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -110,10 +110,10 @@
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
 
 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
@@ -512,6 +512,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_ALL_STRENGTHS,
 	},
 
+#if 0
 /* Cipher 1E */
 	{
 	0,
@@ -525,6 +526,210 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_ALL_CIPHERS,
 	SSL_ALL_STRENGTHS,
 	},
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+/* The Kerberos ciphers
+** 20000107 VRS: And the first shall be last,
+** in hopes of avoiding the lynx ssl renegotiation problem.
+*/
+/* Cipher 1E VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_64_CBC_SHA,
+	SSL3_CK_KRB5_DES_64_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
+	0,
+	56,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 1F VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+	SSL3_CK_KRB5_DES_192_CBC3_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
+	0,
+	112,
+	168,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 20 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_128_SHA,
+	SSL3_CK_KRB5_RC4_128_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 21 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 22 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_64_CBC_MD5,
+	SSL3_CK_KRB5_DES_64_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
+	0,
+	56,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 23 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+	SSL3_CK_KRB5_DES_192_CBC3_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
+	0,
+	112,
+	168,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 24 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_128_MD5,
+	SSL3_CK_KRB5_RC4_128_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 25 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 26 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_40_CBC_SHA,
+	SSL3_CK_KRB5_DES_40_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 27 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+	SSL3_CK_KRB5_RC2_40_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 28 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_40_SHA,
+	SSL3_CK_KRB5_RC4_40_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 29 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_40_CBC_MD5,
+	SSL3_CK_KRB5_DES_40_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 2A VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+	SSL3_CK_KRB5_RC2_40_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 2B VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_40_MD5,
+	SSL3_CK_KRB5_RC4_40_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+#endif	/* OPENSSL_NO_KRB5 */
+
 
 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
 	/* New TLS Export CipherSuites */
@@ -620,6 +825,165 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	    SSL_ALL_STRENGTHS
 	    },
 #endif
+	/* New AES ciphersuites */
+
+	/* Cipher 2F */
+	    {
+	    1,
+	    TLS1_TXT_RSA_WITH_AES_128_SHA,
+	    TLS1_CK_RSA_WITH_AES_128_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 30 */
+	    {
+	    0,
+	    TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+	    TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+	    SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 31 */
+	    {
+	    0,
+	    TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+	    TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+	    SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 32 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+	    TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 33 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+	    TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+	    SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 34 */
+	    {
+	    1,
+	    TLS1_TXT_ADH_WITH_AES_128_SHA,
+	    TLS1_CK_ADH_WITH_AES_128_SHA,
+	    SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+
+	/* Cipher 35 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_WITH_AES_256_SHA,
+	    TLS1_CK_RSA_WITH_AES_256_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 36 */
+	    {
+	    0,
+	    TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+	    TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+	    SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 37 */
+	    {
+	    0,
+	    TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+	    TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+	    SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 38 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+	    TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 39 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+	    TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+	    SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 3A */
+	    {
+	    1,
+	    TLS1_TXT_ADH_WITH_AES_256_SHA,
+	    TLS1_CK_ADH_WITH_AES_256_SHA,
+	    SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
 
 /* end of list */
 	};
@@ -705,6 +1069,8 @@ int ssl3_new(SSL *s)
 
 	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
 	memset(s3,0,sizeof *s3);
+	EVP_MD_CTX_init(&s3->finish_dgst1);
+	EVP_MD_CTX_init(&s3->finish_dgst2);
 
 	s->s3=s3;
 
@@ -726,13 +1092,15 @@ void ssl3_free(SSL *s)
 		OPENSSL_free(s->s3->wbuf.buf);
 	if (s->s3->rrec.comp != NULL)
 		OPENSSL_free(s->s3->rrec.comp);
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
 #endif
 	if (s->s3->tmp.ca_names != NULL)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-	memset(s->s3,0,sizeof *s->s3);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+	OPENSSL_cleanse(s->s3,sizeof *s->s3);
 	OPENSSL_free(s->s3);
 	s->s3=NULL;
 	}
@@ -751,21 +1119,24 @@ void ssl3_clear(SSL *s)
 		OPENSSL_free(s->s3->rrec.comp);
 		s->s3->rrec.comp=NULL;
 		}
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
 #endif
 
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
-	rlen = s->s3->rbuf_len;
-	wlen = s->s3->wbuf_len;
+	rlen = s->s3->rbuf.len;
+ 	wlen = s->s3->wbuf.len;
+
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
 
 	memset(s->s3,0,sizeof *s->s3);
 	s->s3->rbuf.buf = rp;
 	s->s3->wbuf.buf = wp;
-	s->s3->rbuf_len = rlen;
-	s->s3->wbuf_len = wlen;
+	s->s3->rbuf.len = rlen;
+ 	s->s3->wbuf.len = wlen;
 
 	ssl_free_wbio_buffer(s);
 
@@ -777,17 +1148,17 @@ void ssl3_clear(SSL *s)
 	s->version=SSL3_VERSION;
 	}
 
-long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 	{
 	int ret=0;
 
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
 	if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	    cmd == SSL_CTRL_SET_TMP_RSA ||
 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	    cmd == SSL_CTRL_SET_TMP_DH ||
 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
 #endif
@@ -821,7 +1192,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 	case SSL_CTRL_GET_FLAGS:
 		ret=(int)(s->s3->flags);
 		break;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
 		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -854,7 +1225,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
 			DH *dh = (DH *)parg;
@@ -900,12 +1271,12 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	{
 	int ret=0;
 
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
 	if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
 #endif
 		0)
@@ -920,14 +1291,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_SET_TMP_RSA_CB:
 		{
 		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH_CB:
 		{
 		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
@@ -940,7 +1311,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	return(ret);
 	}
 
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	{
 	CERT *cert;
 
@@ -948,7 +1319,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if (	(cert->rsa_tmp == NULL) &&
 			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -993,7 +1364,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
 		DH *new=NULL,*dh;
@@ -1050,14 +1421,14 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_SET_TMP_RSA_CB:
 		{
 		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH_CB:
 		{
 		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
@@ -1084,16 +1455,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
-		for (i=0; i<SSL3_NUM_CIPHERS; i++)
-			sorted[i]= &(ssl3_ciphers[i]);
+		if (init)
+			{
+			for (i=0; i<SSL3_NUM_CIPHERS; i++)
+				sorted[i]= &(ssl3_ciphers[i]);
 
-		qsort(	(char *)sorted,
-			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-			FP_ICC ssl_cipher_ptr_id_cmp);
+			qsort(sorted,
+				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+				FP_ICC ssl_cipher_ptr_id_cmp);
 
+			init=0;
+			}
+		
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
-		init=0;
 		}
 
 	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
@@ -1122,10 +1496,11 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	return(2);
 	}
 
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
-	     STACK_OF(SSL_CIPHER) *pref)
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+	     STACK_OF(SSL_CIPHER) *srvr)
 	{
 	SSL_CIPHER *c,*ret=NULL;
+	STACK_OF(SSL_CIPHER) *prio, *allow;
 	int i,j,ok;
 	CERT *cert;
 	unsigned long alg,mask,emask;
@@ -1133,26 +1508,62 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
 	/* Let's see which ciphers we can support */
 	cert=s->cert;
 
-	sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
+#if 0
+	/* Do not set the compare functions, because this may lead to a
+	 * reordering by "id". We want to keep the original ordering.
+	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
+	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
+	 */
+	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
+	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
+#endif
 
 #ifdef CIPHER_DEBUG
-	printf("Have:\n");
-	for(i=0 ; i < sk_num(pref) ; ++i)
+        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
+        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
+	    {
+	    c=sk_SSL_CIPHER_value(srvr,i);
+	    printf("%p:%s\n",c,c->name);
+	    }
+        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
+        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
 	    {
-	    c=(SSL_CIPHER *)sk_value(pref,i);
+	    c=sk_SSL_CIPHER_value(clnt,i);
 	    printf("%p:%s\n",c,c->name);
 	    }
 #endif
 
-	for (i=0; i<sk_SSL_CIPHER_num(have); i++)
+	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+	    {
+	    prio = srvr;
+	    allow = clnt;
+	    }
+	else
+	    {
+	    prio = clnt;
+	    allow = srvr;
+	    }
+
+	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
 		{
-		c=sk_SSL_CIPHER_value(have,i);
+		c=sk_SSL_CIPHER_value(prio,i);
 
 		ssl_set_cert_masks(cert,c);
 		mask=cert->mask;
 		emask=cert->export_mask;
 			
+#ifdef KSSL_DEBUG
+		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
+#endif    /* KSSL_DEBUG */
+
 		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+                if (alg & SSL_KRB5) 
+                        {
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                            continue;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
 		if (SSL_C_IS_EXPORT(c))
 			{
 			ok=((alg & emask) == alg)?1:0;
@@ -1172,10 +1583,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
 
 		if (!ok) continue;
 	
-		j=sk_SSL_CIPHER_find(pref,c);
+		j=sk_SSL_CIPHER_find(allow,c);
 		if (j >= 0)
 			{
-			ret=sk_SSL_CIPHER_value(pref,j);
+			ret=sk_SSL_CIPHER_value(allow,j);
 			break;
 			}
 		}
@@ -1189,31 +1600,31 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 	alg=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (alg & (SSL_kDHr|SSL_kEDH))
 		{
-#  ifndef NO_RSA
+#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_FIXED_DH;
 #  endif
-#  ifndef NO_DSA
+#  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
 #  endif
 		}
 	if ((s->version == SSL3_VERSION) &&
 		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 		{
-#  ifndef NO_RSA
+#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
 #  endif
-#  ifndef NO_DSA
+#  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
 #  endif
 		}
-#endif /* !NO_DH */
-#ifndef NO_RSA
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
 	p[ret++]=SSL3_CT_RSA_SIGN;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	p[ret++]=SSL3_CT_DSS_SIGN;
 #endif
 	return(ret);
diff --git a/crypto/openssl/ssl/s3_meth.c b/crypto/openssl/ssl/s3_meth.c
index 81bcad8..1fd7a96 100644
--- a/crypto/openssl/ssl/s3_meth.c
+++ b/crypto/openssl/ssl/s3_meth.c
@@ -76,12 +76,19 @@ SSL_METHOD *SSLv3_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_data.ssl_connect=ssl3_connect;
-		SSLv3_data.ssl_accept=ssl3_accept;
-		SSLv3_data.get_ssl_method=ssl3_get_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_data.ssl_connect=ssl3_connect;
+			SSLv3_data.ssl_accept=ssl3_accept;
+			SSLv3_data.get_ssl_method=ssl3_get_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_data);
 	}
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index f52303c..6ccea9a 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -112,9 +112,9 @@
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
+#include "ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
-#include "ssl_locl.h"
 
 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 			 unsigned int len, int create_empty_fragment);
@@ -162,13 +162,13 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
 
 	{
 		/* avoid buffer overflow */
-		int max_max = s->s3->rbuf_len - s->packet_length;
+		int max_max = s->s3->rbuf.len - s->packet_length;
 		if (max > max_max)
 			max = max_max;
 	}
 	if (n > max) /* does not happen */
 		{
-		SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 
@@ -246,11 +246,11 @@ static int ssl3_get_record(SSL *s)
 		extra=SSL3_RT_MAX_EXTRA;
 	else
 		extra=0;
-	if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
+	if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
 		{
 		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
 		 * set after ssl3_setup_buffers() was done */
-		SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 
@@ -259,7 +259,7 @@ again:
 	if (	(s->rstate != SSL_ST_READ_BODY) ||
 		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
 		{
-		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf_len, 0);
+		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
 		if (n <= 0) return(n); /* error or non-blocking */
 		s->rstate=SSL_ST_READ_BODY;
 
@@ -604,10 +604,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 			if (prefix_len <= 0)
 				goto err;
 
-			if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+			if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
 				{
 				/* insufficient space */
-				SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
+				SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
 			}
@@ -776,7 +776,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 	int al,i,j,ret;
 	unsigned int n;
 	SSL3_RECORD *rr;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type2,int val)=NULL;
 
 	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
 		if (!ssl3_setup_buffers(s))
@@ -785,7 +785,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
 	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
 		{
-		SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 
@@ -957,6 +957,9 @@ start:
 			goto err;
 			}
 
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
+
 		if (SSL_is_init_finished(s) &&
 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
 			!s->s3->renegotiate)
@@ -1002,6 +1005,9 @@ start:
 
 		s->s3->alert_fragment_len = 0;
 
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
+
 		if (s->info_callback != NULL)
 			cb=s->info_callback;
 		else if (s->ctx->info_callback != NULL)
@@ -1065,6 +1071,10 @@ start:
 			}
 
 		rr->length=0;
+
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
+
 		s->s3->change_cipher_spec=1;
 		if (!do_change_cipher_spec(s))
 			goto err;
@@ -1119,7 +1129,7 @@ start:
 	switch (rr->type)
 		{
 	default:
-#ifndef NO_TLS
+#ifndef OPENSSL_NO_TLS
 		/* TLS just ignores unknown message types */
 		if (s->version == TLS1_VERSION)
 			{
@@ -1137,7 +1147,7 @@ start:
 		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
 		 * should not happen when type != rr->type */
 		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
 		goto f_err;
 	case SSL3_RT_APPLICATION_DATA:
 		/* At this point, we were expecting handshake data,
@@ -1243,7 +1253,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
 int ssl3_dispatch_alert(SSL *s)
 	{
 	int i,j;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 
 	s->s3->alert_dispatch=0;
 	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
@@ -1259,6 +1269,9 @@ int ssl3_dispatch_alert(SSL *s)
 		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
 			(void)BIO_flush(s->wbio);
 
+		if (s->msg_callback)
+			s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
+
 		if (s->info_callback != NULL)
 			cb=s->info_callback;
 		else if (s->ctx->info_callback != NULL)
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index fe1e689..7643877 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -114,14 +114,15 @@
 
 
 #include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "ssl_locl.h"
+#include <openssl/krb5_asn.h>
+#include <openssl/md5.h>
 #include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
@@ -151,11 +152,18 @@ SSL_METHOD *SSLv3_server_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_server_data.ssl_accept=ssl3_accept;
-		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_server_data.ssl_accept=ssl3_accept;
+			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+			init=0;
+			}
+			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_server_data);
 	}
@@ -164,7 +172,7 @@ int ssl3_accept(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long l,Time=time(NULL);
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	long num1;
 	int ret= -1;
 	int new_state,state,skip=0;
@@ -208,7 +216,7 @@ int ssl3_accept(SSL *s)
 
 			if ((s->version>>8) != 3)
 				{
-				SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR);
+				SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
 				return -1;
 				}
 			s->type=SSL_ST_ACCEPT;
@@ -317,7 +325,15 @@ int ssl3_accept(SSL *s)
 
 			/* clear this, it may get reset by
 			 * send_server_key_exchange */
-			if (s->options & SSL_OP_EPHEMERAL_RSA)
+			if ((s->options & SSL_OP_EPHEMERAL_RSA)
+#ifndef OPENSSL_NO_KRB5
+				&& !(l & SSL_KRB5)
+#endif /* OPENSSL_NO_KRB5 */
+				)
+				/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
+				 * even when forbidden by protocol specs
+				 * (handshake may fail as clients are not required to
+				 * be able to handle this) */
 				s->s3->tmp.use_rsa_tmp=1;
 			else
 				s->s3->tmp.use_rsa_tmp=0;
@@ -359,7 +375,9 @@ int ssl3_accept(SSL *s)
 				((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
 				 /* ... except when the application insists on verification
 				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
+				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                                 /* never request cert in Kerberos ciphersuites */
+                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
 				{
 				/* no cert request */
 				skip=1;
@@ -515,7 +533,8 @@ int ssl3_accept(SSL *s)
 
 			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
 				{
-				/* actually not necessarily a 'new' session  */
+				/* actually not necessarily a 'new' session unless
+				 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
 				
 				s->new_session=0;
 				
@@ -600,11 +619,7 @@ static int ssl3_check_client_hello(SSL *s)
 		SSL3_ST_SR_CERT_A,
 		SSL3_ST_SR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30, /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 	if (!ok) return((int)n);
 	s->s3->tmp.reuse_message = 1;
@@ -614,7 +629,7 @@ static int ssl3_check_client_hello(SSL *s)
 		 * which will now be aborted. (A full SSL_clear would be too much.)
 		 * I hope that tmp.dh is the only thing that may need to be cleared
 		 * when a handshake is not completed ... */
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (s->s3->tmp.dh != NULL)
 			{
 			DH_free(s->s3->tmp.dh);
@@ -655,7 +670,7 @@ static int ssl3_get_client_hello(SSL *s)
 		&ok);
 
 	if (!ok) return((int)n);
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
 	/* use version from inside client hello, not from record header
 	 * (may differ: see RFC 2246, Appendix E, second paragraph) */
@@ -682,7 +697,15 @@ static int ssl3_get_client_hello(SSL *s)
 	j= *(p++);
 
 	s->hit=0;
-	if (j == 0)
+	/* Versions before 0.9.7 always allow session reuse during renegotiation
+	 * (i.e. when s->new_session is true), option
+	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
+	 * Maybe this optional behaviour should always have been the default,
+	 * but we cannot safely change the default behaviour (or new applications
+	 * might be written that become totally unsecure when compiled with
+	 * an earlier library version)
+	 */
+	if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
 		{
 		if (!ssl_get_new_session(s,1))
 			goto err;
@@ -833,7 +856,7 @@ static int ssl3_get_client_hello(SSL *s)
 			}
 		}
 
-	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
+	/* Given s->session->ciphers and SSL_get_ciphers, we must
 	 * pick a cipher */
 
 	if (!s->hit)
@@ -850,7 +873,7 @@ static int ssl3_get_client_hello(SSL *s)
 			}
 		ciphers=NULL;
 		c=ssl3_choose_cipher(s,s->session->ciphers,
-				     ssl_get_ciphers_by_id(s));
+				     SSL_get_ciphers(s));
 
 		if (c == NULL)
 			{
@@ -951,7 +974,7 @@ static int ssl3_send_server_hello(SSL *s)
 		sl=s->session->session_id_length;
 		if (sl > sizeof s->session->session_id)
 			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
 		*(p++)=sl;
@@ -1010,14 +1033,14 @@ static int ssl3_send_server_done(SSL *s)
 
 static int ssl3_send_server_key_exchange(SSL *s)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	int j,num;
 	RSA *rsa;
 	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	unsigned int u;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh=NULL,*dhp;
 #endif
 	EVP_PKEY *pkey;
@@ -1031,6 +1054,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 	BUF_MEM *buf;
 	EVP_MD_CTX md_ctx;
 
+	EVP_MD_CTX_init(&md_ctx);
 	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
 		{
 		type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
@@ -1040,7 +1064,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 
 		r[0]=r[1]=r[2]=r[3]=NULL;
 		n=0;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (type & SSL_kRSA)
 			{
 			rsa=cert->rsa_tmp;
@@ -1055,7 +1079,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
 					goto f_err;
 				}
-				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+				RSA_up_ref(rsa);
 				cert->rsa_tmp=rsa;
 				}
 			if (rsa == NULL)
@@ -1070,7 +1094,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 			if (type & SSL_kEDH)
 			{
 			dhp=cert->dh_tmp;
@@ -1088,7 +1112,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			if (s->s3->tmp.dh != NULL)
 				{
 				DH_free(dh);
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_INTERNAL_ERROR);
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
 
@@ -1154,7 +1178,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			kn=0;
 			}
 
-		if (!BUF_MEM_grow(buf,n+4+kn))
+		if (!BUF_MEM_grow_clean(buf,n+4+kn))
 			{
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
 			goto err;
@@ -1174,19 +1198,19 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			{
 			/* n is the length of the params, they start at &(d[4])
 			 * and p points to the space at the end. */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			if (pkey->type == EVP_PKEY_RSA)
 				{
 				q=md_buf;
 				j=0;
 				for (num=2; num > 0; num--)
 					{
-					EVP_DigestInit(&md_ctx,(num == 2)
-						?s->ctx->md5:s->ctx->sha1);
+					EVP_DigestInit_ex(&md_ctx,(num == 2)
+						?s->ctx->md5:s->ctx->sha1, NULL);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-					EVP_DigestFinal(&md_ctx,q,
+					EVP_DigestFinal_ex(&md_ctx,q,
 						(unsigned int *)&i);
 					q+=i;
 					j+=i;
@@ -1202,11 +1226,11 @@ static int ssl3_send_server_key_exchange(SSL *s)
 				}
 			else
 #endif
-#if !defined(NO_DSA)
+#if !defined(OPENSSL_NO_DSA)
 				if (pkey->type == EVP_PKEY_DSA)
 				{
 				/* lets do DSS */
-				EVP_SignInit(&md_ctx,EVP_dss1());
+				EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(d[4]),n);
@@ -1239,10 +1263,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
 		}
 
 	s->state = SSL3_ST_SW_KEY_EXCH_B;
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(-1);
 	}
 
@@ -1279,7 +1305,7 @@ static int ssl3_send_certificate_request(SSL *s)
 				{
 				name=sk_X509_NAME_value(sk,i);
 				j=i2d_X509_NAME(name,NULL);
-				if (!BUF_MEM_grow(buf,4+n+j+2))
+				if (!BUF_MEM_grow_clean(buf,4+n+j+2))
 					{
 					SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
 					goto err;
@@ -1340,28 +1366,31 @@ static int ssl3_get_client_key_exchange(SSL *s)
 	long n;
 	unsigned long l;
 	unsigned char *p;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
 	EVP_PKEY *pkey=NULL;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	BIGNUM *pub=NULL;
 	DH *dh_srvr;
 #endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
 
 	n=ssl3_get_message(s,
 		SSL3_ST_SR_KEY_EXCH_A,
 		SSL3_ST_SR_KEY_EXCH_B,
 		SSL3_MT_CLIENT_KEY_EXCHANGE,
-		2048, /* ???? */
+		2048, /* ??? */
 		&ok);
 
 	if (!ok) return((int)n);
-	p=(unsigned char *)s->init_buf->data;
+	p=(unsigned char *)s->init_msg;
 
 	l=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (l & SSL_kRSA)
 		{
 		/* FIX THIS UP EAY EAY EAY EAY */
@@ -1464,11 +1493,11 @@ static int ssl3_get_client_key_exchange(SSL *s)
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 		{
 		n2s(p,i);
@@ -1527,20 +1556,179 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
+#ifndef OPENSSL_NO_KRB5
+        if (l & SSL_kKRB5)
+                {
+                krb5_error_code		krb5rc;
+		krb5_data		enc_ticket;
+		krb5_data		authenticator;
+		krb5_data		enc_pms;
+                KSSL_CTX		*kssl_ctx = s->kssl_ctx;
+		EVP_CIPHER_CTX		ciph_ctx;
+		EVP_CIPHER		*enc = NULL;
+		unsigned char		iv[EVP_MAX_IV_LENGTH];
+		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH
+                                               + EVP_MAX_BLOCK_LENGTH];
+		int                     padl, outl;
+		krb5_timestamp		authtime = 0;
+		krb5_ticket_times	ttimes;
+
+		EVP_CIPHER_CTX_init(&ciph_ctx);
+
+                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
+
+		n2s(p,i);
+		enc_ticket.length = i;
+		enc_ticket.data = (char *)p;
+		p+=enc_ticket.length;
+
+		n2s(p,i);
+		authenticator.length = i;
+		authenticator.data = (char *)p;
+		p+=authenticator.length;
+
+		n2s(p,i);
+		enc_pms.length = i;
+		enc_pms.data = (char *)p;
+		p+=enc_pms.length;
+
+		/* Note that the length is checked again below,
+		** after decryption
+		*/
+		if(enc_pms.length > sizeof pms)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			       SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
+		if (n != enc_ticket.length + authenticator.length +
+						enc_pms.length + 6)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
+                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
+					&kssl_err)) != 0)
+                        {
+#ifdef KSSL_DEBUG
+                        printf("kssl_sget_tkt rtn %d [%d]\n",
+                                krb5rc, kssl_err.reason);
+                        if (kssl_err.text)
+                                printf("kssl_err text= %s\n", kssl_err.text);
+#endif	/* KSSL_DEBUG */
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                kssl_err.reason);
+                        goto err;
+                        }
+
+		/*  Note: no authenticator is not considered an error,
+		**  but will return authtime == 0.
+		*/
+		if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
+					&authtime, &kssl_err)) != 0)
+			{
+#ifdef KSSL_DEBUG
+                        printf("kssl_check_authent rtn %d [%d]\n",
+                                krb5rc, kssl_err.reason);
+                        if (kssl_err.text)
+                                printf("kssl_err text= %s\n", kssl_err.text);
+#endif	/* KSSL_DEBUG */
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                kssl_err.reason);
+                        goto err;
+			}
+
+		if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
+			{
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
+                        goto err;
+			}
+
+#ifdef KSSL_DEBUG
+                kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+		enc = kssl_map_enc(kssl_ctx->enctype);
+                if (enc == NULL)
+                    goto err;
+
+		memset(iv, 0, sizeof iv);	/* per RFC 1510 */
+
+		if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DECRYPTION_FAILED);
+			goto err;
+			}
+		if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
+					(unsigned char *)enc_pms.data, enc_pms.length))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DECRYPTION_FAILED);
+			goto err;
+			}
+		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DECRYPTION_FAILED);
+			goto err;
+			}
+		outl += padl;
+		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+		EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key, pms, outl);
+
+                if (kssl_ctx->client_princ)
+                        {
+                        int len = strlen(kssl_ctx->client_princ);
+                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
+                                {
+                                s->session->krb5_client_princ_len = len;
+                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+                                }
+                        }
+
+
+                /*  Was doing kssl_ctx_free() here,
+		**  but it caused problems for apache.
+                **  kssl_ctx = kssl_ctx_free(kssl_ctx);
+                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+                */
+                }
+	else
+#endif	/* OPENSSL_NO_KRB5 */
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
+		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_UNKNOWN_CIPHER_TYPE);
 		goto f_err;
 		}
 
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(NO_DH) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
 err:
 #endif
 	return(-1);
@@ -1559,7 +1747,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		512, /* 512? */
+		514, /* 514? */
 		&ok);
 
 	if (!ok) return((int)n);
@@ -1611,7 +1799,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		}
 
 	/* we now have a signature that we need to verify */
-	p=(unsigned char *)s->init_buf->data;
+	p=(unsigned char *)s->init_msg;
 	n2s(p,i);
 	n-=2;
 	if (i > n)
@@ -1629,7 +1817,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		goto f_err;
 		}
 
-#ifndef NO_RSA 
+#ifndef OPENSSL_NO_RSA 
 	if (pkey->type == EVP_PKEY_RSA)
 		{
 		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
@@ -1650,7 +1838,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		}
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		j=DSA_verify(pkey->save_type,
@@ -1667,7 +1855,7 @@ static int ssl3_get_cert_verify(SSL *s)
 	else
 #endif
 		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
 		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
 		goto f_err;
 		}
@@ -1696,11 +1884,7 @@ static int ssl3_get_client_certificate(SSL *s)
 		SSL3_ST_SR_CERT_A,
 		SSL3_ST_SR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30, /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -1731,7 +1915,7 @@ static int ssl3_get_client_certificate(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
 		goto f_err;
 		}
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
 	if ((sk=sk_X509_new_null()) == NULL)
 		{
@@ -1851,9 +2035,13 @@ int ssl3_send_server_certificate(SSL *s)
 	if (s->state == SSL3_ST_SW_CERT_A)
 		{
 		x=ssl_get_server_send_cert(s);
-		if (x == NULL)
+		if (x == NULL &&
+                        /* VRS: allow null cert if auth == KRB5 */
+                        (s->s3->tmp.new_cipher->algorithms
+                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        != (SSL_aKRB5|SSL_kKRB5))
 			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
 			return(0);
 			}
 
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index 3eecead..f8e400d 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -56,6 +56,59 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -112,16 +165,20 @@
 #ifndef HEADER_SSL_H 
 #define HEADER_SSL_H 
 
-#ifndef NO_COMP
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#ifndef NO_X509
+#ifndef OPENSSL_NO_X509
 #include <openssl/x509.h>
 #endif
+#include <openssl/kssl.h>
 #include <openssl/safestack.h>
+#include <openssl/symhacks.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -145,6 +202,32 @@ extern "C" {
 #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	
 
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
+#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
+#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
+#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
+
 #define SSL_MAX_SSL_SESSION_ID_LENGTH		32
 #define SSL_MAX_SID_CTX_LENGTH			32
 
@@ -165,6 +248,10 @@ extern "C" {
 #define	SSL_TXT_eNULL		"eNULL"
 #define	SSL_TXT_NULL		"NULL"
 
+#define SSL_TXT_kKRB5     	"kKRB5"
+#define SSL_TXT_aKRB5     	"aKRB5"
+#define SSL_TXT_KRB5      	"KRB5"
+
 #define SSL_TXT_kRSA		"kRSA"
 #define SSL_TXT_kDHr		"kDHr"
 #define SSL_TXT_kDHd		"kDHd"
@@ -182,6 +269,7 @@ extern "C" {
 #define SSL_TXT_RC4		"RC4"
 #define SSL_TXT_RC2		"RC2"
 #define SSL_TXT_IDEA		"IDEA"
+#define SSL_TXT_AES		"AES"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
@@ -194,9 +282,27 @@ extern "C" {
 #define SSL_TXT_TLSV1		"TLSv1"
 #define SSL_TXT_ALL		"ALL"
 
-/* 'DEFAULT' at the start of the cipher list insert the following string
- * in addition to this being the default cipher string */
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+/*
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"
+#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"
+
+/* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN	1
@@ -209,16 +315,14 @@ extern "C" {
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
 #include <openssl/buffer.h>
-#include <openssl/bio.h>
 #include <openssl/pem.h>
-#include <openssl/x509.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
-#define NO_SSL2
+#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
+#define OPENSSL_NO_SSL2
 #endif
 
 #define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
@@ -264,8 +368,8 @@ typedef struct ssl_method_st
 	int (*ssl_shutdown)(SSL *s);
 	int (*ssl_renegotiate)(SSL *s);
 	int (*ssl_renegotiate_check)(SSL *s);
-	long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg);
-	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg);
+	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
+	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
 	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
 	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
 	int (*ssl_pending)(SSL *s);
@@ -286,6 +390,7 @@ typedef struct ssl_method_st
  *	Cipher 			OCTET_STRING,	-- the 3 byte cipher ID
  *	Session_ID 		OCTET_STRING,	-- the Session ID
  *	Master_key 		OCTET_STRING,	-- the master key
+ *	KRB5_principal		OCTET_STRING	-- optional Kerberos principal
  *	Key_Arg [ 0 ] IMPLICIT	OCTET_STRING,	-- the optional Key argument
  *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
  *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
@@ -316,6 +421,11 @@ typedef struct ssl_session_st
 	unsigned int sid_ctx_length;
 	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
+#ifndef OPENSSL_NO_KRB5
+        unsigned int krb5_client_princ_len;
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+#endif /* OPENSSL_NO_KRB5 */
+
 	int not_resumable;
 
 	/* The cert is the certificate used to establish this connection */
@@ -360,7 +470,6 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-#define SSL_OP_TLS_ROLLBACK_BUG				0x00000400L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -369,13 +478,25 @@ typedef struct ssl_session_st
  * it in SSL_OP_ALL. */
 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
 
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless */
-#define SSL_OP_ALL					0x000FFFFFL
+/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ *             This used to be 0x000FFFFFL before 0.9.7. */
+#define SSL_OP_ALL					0x00000FFFL
 
+/* As server, disallow session resumption on renegotiation */
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
 /* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE				0x00100000L
-/* Set to also use the tmp_rsa key when doing RSA operations. */
+/* Set to always use the tmp_rsa key when doing RSA operations,
+ * even when this violates protocol specs */
 #define SSL_OP_EPHEMERAL_RSA				0x00200000L
+/* Set on servers to choose the cipher according to the server's
+ * preferences */
+#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
+/* If set, a server will allow a client to issue a SSLv3.0 version number
+ * as latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks. */
+#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
 
 #define SSL_OP_NO_SSLv2					0x01000000L
 #define SSL_OP_NO_SSLv3					0x02000000L
@@ -386,9 +507,7 @@ typedef struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_1				0x08000000L
 #define SSL_OP_PKCS1_CHECK_2				0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
-/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
-#define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
 
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
@@ -408,30 +527,60 @@ typedef struct ssl_session_st
  * they cannot be used to clear bits. */
 
 #define SSL_CTX_set_options(ctx,op) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
+	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
+	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
-	SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL)
+	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL)
+        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 
 #define SSL_CTX_set_mode(ctx,op) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL)
+	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL)
+	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
 #define SSL_set_mode(ssl,op) \
-	SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL)
+	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL)
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
+#else
+#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
+#endif
 
 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
 
+/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
+ * them. It is used to override the generation of SSL/TLS session IDs in a
+ * server. Return value should be zero on an error, non-zero to proceed. Also,
+ * callbacks should themselves check if the id they generate is unique otherwise
+ * the SSL handshake will fail with an error - callbacks can do this using the
+ * 'ssl' value they're passed by;
+ *      SSL_has_matching_session_id(ssl, id, *id_len)
+ * The length value passed in is set at the maximum size the session ID can be.
+ * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
+ * can alter this length to be less if desired, but under SSLv2 session IDs are
+ * supposed to be fixed at 16 bytes so the id will be padded after the callback
+ * returns in this case. It is also an error for the callback to set the size to
+ * zero. */
+typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len);
+
 typedef struct ssl_comp_st
 	{
 	int id;
 	char *name;
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 	COMP_METHOD *method;
 #else
 	char *method;
@@ -443,8 +592,6 @@ DECLARE_STACK_OF(SSL_COMP)
 struct ssl_ctx_st
 	{
 	SSL_METHOD *method;
-	unsigned long options;
-	unsigned long mode;
 
 	STACK_OF(SSL_CIPHER) *cipher_list;
 	/* same as above but sorted for lookup */
@@ -482,6 +629,7 @@ struct ssl_ctx_st
 	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
 	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
 		unsigned char *data,int len,int *copy);
+
 	struct
 		{
 		int sess_connect;	/* SSL new conn - started */
@@ -504,37 +652,20 @@ struct ssl_ctx_st
 
 	int references;
 
-/**/	void (*info_callback)();
-
 	/* if defined, these override the X509_verify_cert() calls */
-/**/	int (*app_verify_callback)();
-/**/	char *app_verify_arg; /* never used; should be void * */
-
-	/* default values to use in SSL structures */
-/**/	struct cert_st /* CERT */ *cert;
-/**/	int read_ahead;
-/**/	int verify_mode;
-/**/	int verify_depth;
-/**/	unsigned int sid_ctx_length;
-/**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-/**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
-
-	int purpose;		/* Purpose setting */
-	int trust;		/* Trust setting */
+	int (*app_verify_callback)(X509_STORE_CTX *, void *);
+	void *app_verify_arg;
+	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+	 * ('app_verify_callback' was called with just one argument) */
 
 	/* Default password callback. */
-/**/	pem_password_cb *default_passwd_callback;
+	pem_password_cb *default_passwd_callback;
 
 	/* Default password callback user data. */
-/**/	void *default_passwd_callback_userdata;
+	void *default_passwd_callback_userdata;
 
 	/* get client cert callback */
-/**/	int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
-
-	/* what we put in client cert requests */
-	STACK_OF(X509_NAME) *client_CA;
-
-/**/	int quiet_shutdown;
+	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 
 	CRYPTO_EX_DATA ex_data;
 
@@ -543,7 +674,43 @@ struct ssl_ctx_st
 	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
 
 	STACK_OF(X509) *extra_certs;
-        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+
+	/* Default values used when no per-SSL value is defined follow */
+
+	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
+
+	/* what we put in client cert requests */
+	STACK_OF(X509_NAME) *client_CA;
+
+
+	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
+
+	unsigned long options;
+	unsigned long mode;
+	long max_cert_list;
+
+	struct cert_st /* CERT */ *cert;
+	int read_ahead;
+
+	/* callback that allows applications to peek at protocol messages */
+	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+	void *msg_callback_arg;
+
+	int verify_mode;
+	int verify_depth;
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
+
+	/* Default generate session ID callback. */
+	GEN_SESSION_CB generate_session_id;
+
+	int purpose;		/* Purpose setting */
+	int trust;		/* Trust setting */
+
+	int quiet_shutdown;
 	};
 
 #define SSL_SESS_CACHE_OFF			0x0000
@@ -551,10 +718,11 @@ struct ssl_ctx_st
 #define SSL_SESS_CACHE_SERVER			0x0002
 #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
 #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
-/* This one, when set, makes the server session-id lookup not look
- * in the cache.  If there is an application get_session callback
- * defined, this will still get called. */
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
 
   struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_number(ctx) \
@@ -618,7 +786,7 @@ struct ssl_st
 	 * same.  This is so data can be read and written to different
 	 * handlers */
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 	BIO *rbio; /* used by SSL_read */
 	BIO *wbio; /* used by SSL_write */
 	BIO *bbio; /* used during session-id reuse to concatenate
@@ -652,7 +820,8 @@ struct ssl_st
 	                 * 2 if we are a server and are inside a handshake
 	                 *   (i.e. not just sending a HelloRequest)
 	                 * NB: For servers, the 'new' session may actually be a previously
-	                 * cached session or even the previous session */
+	                 * cached session or even the previous session unless
+	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
 	int quiet_shutdown;/* don't send shutdown packets */
 	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
 			 * for received */
@@ -660,6 +829,7 @@ struct ssl_st
 	int rstate;	/* where we are when reading */
 
 	BUF_MEM *init_buf;	/* buffer used during init */
+	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
 	int init_num;		/* amount read/written */
 	int init_off;		/* amount read/written */
 
@@ -672,6 +842,11 @@ struct ssl_st
 
 	int read_ahead;		/* Read as many input bytes as possible
 	               	 	 * (for non-blocking reads) */
+
+	/* callback that allows applications to peek at protocol messages */
+	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+	void *msg_callback_arg;
+
 	int hit;		/* reusing a previous session */
 
 	int purpose;		/* Purpose setting */
@@ -686,7 +861,7 @@ struct ssl_st
 
 	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
 	const EVP_MD *read_hash;		/* used for mac generation */
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 	COMP_CTX *expand;			/* uncompress */
 #else
 	char *expand;
@@ -694,7 +869,7 @@ struct ssl_st
 
 	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
 	const EVP_MD *write_hash;		/* used for mac generation */
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 	COMP_CTX *compress;			/* compression */
 #else
 	char *compress;	
@@ -714,16 +889,24 @@ struct ssl_st
 	/* This can also be in the session once a session is established */
 	SSL_SESSION *session;
 
+	/* Default generate session ID callback. */
+	GEN_SESSION_CB generate_session_id;
+
 	/* Used in SSL2 and SSL3 */
 	int verify_mode;	/* 0 don't care about verify failure.
 				 * 1 fail if verify fails */
 	int verify_depth;
 	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-	void (*info_callback)(); /* optional informational callback */
+
+	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
 
 	int error;		/* error bytes to be written */
 	int error_code;		/* actual code */
 
+#ifndef OPENSSL_NO_KRB5
+	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+#endif	/* OPENSSL_NO_KRB5 */
+
 	SSL_CTX *ctx;
 	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
 	 * and SSL_write() calls, good for nbio debuging :-) */
@@ -739,6 +922,7 @@ struct ssl_st
 	int references;
 	unsigned long options; /* protocol behaviour */
 	unsigned long mode; /* API behaviour */
+	long max_cert_list;
 	int first_packet;
 	int client_version;	/* what was passed, used for
 				 * SSLv3/TLS rollback check */
@@ -900,13 +1084,14 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
 #define SSL_ERROR_ZERO_RETURN		6
 #define SSL_ERROR_WANT_CONNECT		7
+#define SSL_ERROR_WANT_ACCEPT		8
 
 #define SSL_CTRL_NEED_TMP_RSA			1
 #define SSL_CTRL_SET_TMP_RSA			2
 #define SSL_CTRL_SET_TMP_DH			3
 #define SSL_CTRL_SET_TMP_RSA_CB			4
 #define SSL_CTRL_SET_TMP_DH_CB			5
-/* Add these ones */
+
 #define SSL_CTRL_GET_SESSION_REUSED		6
 #define SSL_CTRL_GET_CLIENT_CERT_REQUEST	7
 #define SSL_CTRL_GET_NUM_RENEGOTIATIONS		8
@@ -915,6 +1100,9 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_CTRL_GET_FLAGS			11
 #define SSL_CTRL_EXTRA_CHAIN_CERT		12
 
+#define SSL_CTRL_SET_MSG_CALLBACK               13
+#define SSL_CTRL_SET_MSG_CALLBACK_ARG           14
+
 /* Stats */
 #define SSL_CTRL_SESS_NUMBER			20
 #define SSL_CTRL_SESS_CONNECT			21
@@ -929,7 +1117,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_CTRL_SESS_TIMEOUTS			30
 #define SSL_CTRL_SESS_CACHE_FULL		31
 #define SSL_CTRL_OPTIONS			32
-#define SSL_CTRL_MODE			33
+#define SSL_CTRL_MODE				33
 
 #define SSL_CTRL_GET_READ_AHEAD			40
 #define SSL_CTRL_SET_READ_AHEAD			41
@@ -938,6 +1126,9 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_CTRL_SET_SESS_CACHE_MODE		44
 #define SSL_CTRL_GET_SESS_CACHE_MODE		45
 
+#define SSL_CTRL_GET_MAX_CERT_LIST		50
+#define SSL_CTRL_SET_MAX_CERT_LIST		51
+
 #define SSL_session_reused(ssl) \
 	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
 #define SSL_num_renegotiations(ssl) \
@@ -964,23 +1155,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 
-/* VMS uses only 31 characters for symbols. */
-#ifdef VMS
-#undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
-#undef SSL_CTX_use_certificate_chain_file
-#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
-#undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
-#undef SSL_get_ex_data_X509_STORE_CTX_idx
-#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i
-#undef SSL_add_file_cert_subjects_to_stack
-#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack
-#undef SSL_add_dir_cert_subjects_to_stack
-#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
-#endif
-
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
@@ -1014,12 +1189,12 @@ const char  * SSL_get_cipher_list(SSL *s,int n);
 char *	SSL_get_shared_ciphers(SSL *s, char *buf, int len);
 int	SSL_get_read_ahead(SSL * s);
 int	SSL_pending(SSL *s);
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 int	SSL_set_fd(SSL *s, int fd);
 int	SSL_set_rfd(SSL *s, int fd);
 int	SSL_set_wfd(SSL *s, int fd);
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
 BIO *	SSL_get_rbio(SSL *s);
 BIO *	SSL_get_wbio(SSL *s);
@@ -1032,7 +1207,7 @@ int	(*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
 void	SSL_set_verify(SSL *s, int mode,
 		       int (*callback)(int ok,X509_STORE_CTX *ctx));
 void	SSL_set_verify_depth(SSL *s, int depth);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
 int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
@@ -1041,7 +1216,7 @@ int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
 int	SSL_use_certificate(SSL *ssl, X509 *x);
 int	SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
 int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
 int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
@@ -1052,15 +1227,22 @@ int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
 					    const char *file);
+#ifndef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_SYS_VMS
+#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
 int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
 					   const char *dir);
 #endif
+#endif
+#endif
+
+#endif
 
 void	SSL_load_error_strings(void );
-char * 	SSL_state_string(SSL *s);
-char * 	SSL_rstate_string(SSL *s);
-char * 	SSL_state_string_long(SSL *s);
-char * 	SSL_rstate_string_long(SSL *s);
+const char *SSL_state_string(const SSL *s);
+const char *SSL_rstate_string(const SSL *s);
+const char *SSL_state_string_long(const SSL *s);
+const char *SSL_rstate_string_long(const SSL *s);
 long	SSL_SESSION_get_time(SSL_SESSION *s);
 long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long	SSL_SESSION_get_timeout(SSL_SESSION *s);
@@ -1070,10 +1252,10 @@ void	SSL_copy_session_id(SSL *to,SSL *from);
 SSL_SESSION *SSL_SESSION_new(void);
 unsigned long SSL_SESSION_hash(SSL_SESSION *a);
 int	SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int	SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int	SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
 #endif
 void	SSL_SESSION_free(SSL_SESSION *ses);
@@ -1081,6 +1263,10 @@ int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
 int	SSL_set_session(SSL *to, SSL_SESSION *session);
 int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
 int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+					unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
 
 #ifdef HEADER_X509_H
@@ -1089,18 +1275,14 @@ X509 *	SSL_get_peer_certificate(SSL *s);
 
 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
 
-#ifdef VMS
-#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
-#endif
-
 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
 int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
 			int (*callback)(int, X509_STORE_CTX *));
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
-#ifndef NO_RSA
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
@@ -1134,9 +1316,9 @@ int 	SSL_connect(SSL *ssl);
 int 	SSL_read(SSL *ssl,void *buf,int num);
 int 	SSL_peek(SSL *ssl,void *buf,int num);
 int 	SSL_write(SSL *ssl,const void *buf,int num);
-long	SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
+long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
 long	SSL_callback_ctrl(SSL *, int, void (*)());
-long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
+long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
 long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
 
 int	SSL_get_error(SSL *s,int ret_code);
@@ -1165,14 +1347,15 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
 SSL_METHOD *SSL_get_ssl_method(SSL *s);
 int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
-char *SSL_alert_type_string_long(int value);
-char *SSL_alert_type_string(int value);
-char *SSL_alert_desc_string_long(int value);
-char *SSL_alert_desc_string(int value);
+const char *SSL_alert_type_string_long(int value);
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+const char *SSL_alert_desc_string(int value);
 
 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
@@ -1210,8 +1393,9 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
 SSL_SESSION *SSL_get_session(SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
-void SSL_set_info_callback(SSL *ssl,void (*cb)());
-void (*SSL_get_info_callback(SSL *ssl))();
+void SSL_set_info_callback(SSL *ssl,
+			   void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val);
 int SSL_state(SSL *ssl);
 
 void SSL_set_verify_result(SSL *ssl,long v);
@@ -1249,9 +1433,17 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
 #define SSL_CTX_set_read_ahead(ctx,m) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+#define SSL_CTX_get_max_cert_list(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+#define SSL_CTX_set_max_cert_list(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+#define SSL_get_max_cert_list(ssl) \
+	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+#define SSL_set_max_cert_list(ssl,m) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
 
      /* NB: the keylength is only applicable when is_export is true */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
 				  RSA *(*cb)(SSL *ssl,int is_export,
 					     int keylength));
@@ -1260,7 +1452,7 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,
 				  RSA *(*cb)(SSL *ssl,int is_export,
 					     int keylength));
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
 				 DH *(*dh)(SSL *ssl,int is_export,
 					   int keylength));
@@ -1269,7 +1461,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
 					   int keylength));
 #endif
 
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
 int SSL_COMP_add_compression_method(int id,char *cm);
@@ -1328,6 +1520,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CTRL					 213
 #define SSL_F_SSL3_CTX_CTRL				 133
 #define SSL_F_SSL3_ENC					 134
+#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
 #define SSL_F_SSL3_GET_CERT_VERIFY			 136
 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
@@ -1490,16 +1683,27 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156
 #define SSL_R_ILLEGAL_PADDING				 1110
-#define SSL_R_INTERNAL_ERROR				 157
 #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
 #define SSL_R_INVALID_COMMAND				 280
 #define SSL_R_INVALID_PURPOSE				 278
 #define SSL_R_INVALID_TRUST				 279
 #define SSL_R_KEY_ARG_TOO_LONG				 1112
+#define SSL_R_KRB5					 1104
+#define SSL_R_KRB5_C_CC_PRINC				 1094
+#define SSL_R_KRB5_C_GET_CRED				 1095
+#define SSL_R_KRB5_C_INIT				 1096
+#define SSL_R_KRB5_C_MK_REQ				 1097
+#define SSL_R_KRB5_S_BAD_TICKET				 1098
+#define SSL_R_KRB5_S_INIT				 1099
+#define SSL_R_KRB5_S_RD_REQ				 1108
+#define SSL_R_KRB5_S_TKT_EXPIRED			 1105
+#define SSL_R_KRB5_S_TKT_NYV				 1106
+#define SSL_R_KRB5_S_TKT_SKEW				 1107
 #define SSL_R_LENGTH_MISMATCH				 159
 #define SSL_R_LENGTH_TOO_SHORT				 160
 #define SSL_R_LIBRARY_BUG				 274
 #define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
+#define SSL_R_MASTER_KEY_TOO_LONG			 1112
 #define SSL_R_MESSAGE_TOO_LONG				 1111
 #define SSL_R_MISSING_DH_DSA_CERT			 162
 #define SSL_R_MISSING_DH_KEY				 163
@@ -1586,7 +1790,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
 #define SSL_R_SSL_HANDSHAKE_FAILURE			 229
 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 1102
+#define SSL_R_SSL_SESSION_ID_CONFLICT			 1103
 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 1101
 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
 #define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
diff --git a/crypto/openssl/ssl/ssl2.h b/crypto/openssl/ssl/ssl2.h
index 70aae1e..99a52ea 100644
--- a/crypto/openssl/ssl/ssl2.h
+++ b/crypto/openssl/ssl/ssl2.h
@@ -133,7 +133,7 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
-#ifdef MPE
+#ifdef OPENSSL_SYS_MPE
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u
 #else
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
@@ -189,7 +189,6 @@ typedef struct ssl2_state_st
 	unsigned char *ract_data;
 	unsigned char *wact_data;
 	unsigned char *mac_data;
-	unsigned char *pad_data_UNUSED; /* only for binary compatibility with 0.9.6b */
 
 	unsigned char *read_key;
 	unsigned char *write_key;
diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h
index b45effe..1153aed 100644
--- a/crypto/openssl/ssl/ssl3.h
+++ b/crypto/openssl/ssl/ssl3.h
@@ -112,7 +112,7 @@
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
 #endif
 #include <openssl/buffer.h>
@@ -156,7 +156,29 @@ extern "C" {
 
 #define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
 #define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+	 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+	 of the ietf-tls list */
 #define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
+#endif
+
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
+#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
+#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
+#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
+#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
+#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
+
+#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
+#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
+#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
+#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
+#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
+#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
 
 #define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
 #define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
@@ -193,6 +215,22 @@ extern "C" {
 #define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
 #define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
 
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
+#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
+
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
+#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
+#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
+
 #define SSL3_SSL_SESSION_ID_LENGTH		32
 #define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
 
@@ -202,7 +240,8 @@ extern "C" {
 #define SSL3_RT_HEADER_LENGTH			5
 
 /* Due to MS stuffing up, this can change.... */
-#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#if defined(OPENSSL_SYS_WIN16) || \
+	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
 #define SSL3_RT_MAX_EXTRA			(14000)
 #else
 #define SSL3_RT_MAX_EXTRA			(16384)
@@ -256,9 +295,7 @@ typedef struct ssl3_buffer_st
 	{
 	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
 	                         * see ssl3_setup_buffers() */
-#if 0 /* put directly into SSL3_STATE for best possible binary compatibility within 0.9.6 series */
 	size_t len;             /* buffer size */
-#endif
 	int offset;             /* where to 'copy from' */
 	int left;               /* how many bytes left */
 	} SSL3_BUFFER;
@@ -290,6 +327,10 @@ typedef struct ssl3_state_st
 	unsigned char server_random[SSL3_RANDOM_SIZE];
 	unsigned char client_random[SSL3_RANDOM_SIZE];
 
+	/* flags for countermeasure against known-IV weakness */
+	int need_empty_fragments;
+	int empty_fragment_done;
+
 	SSL3_BUFFER rbuf;	/* read IO goes into here */
 	SSL3_BUFFER wbuf;	/* write IO goes into here */
 
@@ -348,7 +389,7 @@ typedef struct ssl3_state_st
 
 		/* used to hold the new cipher we are going to use */
 		SSL_CIPHER *new_cipher;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		DH *dh;
 #endif
 		/* used when SSL_ST_FLUSH_DATA is entered */
@@ -369,7 +410,7 @@ typedef struct ssl3_state_st
 
 		const EVP_CIPHER *new_sym_enc;
 		const EVP_MD *new_hash;
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 		const SSL_COMP *new_compression;
 #else
 		char *new_compression;
@@ -377,13 +418,6 @@ typedef struct ssl3_state_st
 		int cert_request;
 		} tmp;
 
-	/* flags for countermeasure against known-IV weakness */
-	int need_empty_fragments;
-	int empty_fragment_done;
-
-	size_t rbuf_len;	/* substitute for rbuf.len */
-	size_t wbuf_len;	/* substitute for wbuf.len */
-
 	} SSL3_STATE;
 
 /* SSLv3 */
diff --git a/crypto/openssl/ssl/ssl_algs.c b/crypto/openssl/ssl/ssl_algs.c
index dde8918..3d1299e 100644
--- a/crypto/openssl/ssl/ssl_algs.c
+++ b/crypto/openssl/ssl/ssl_algs.c
@@ -63,40 +63,44 @@
 
 int SSL_library_init(void)
 	{
-#ifndef NO_DES
+
+#ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cbc());
 	EVP_add_cipher(EVP_des_ede3_cbc());
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	EVP_add_cipher(EVP_idea_cbc());
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	EVP_add_cipher(EVP_rc4());
 #endif  
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	EVP_add_cipher(EVP_rc2_cbc());
-#endif  
-
-#ifndef NO_MD2
+#endif
+#ifndef OPENSSL_NO_AES
+	EVP_add_cipher(EVP_aes_128_cbc());
+	EVP_add_cipher(EVP_aes_192_cbc());
+	EVP_add_cipher(EVP_aes_256_cbc());
+#endif
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
 	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
 	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #endif
-#if !defined(NO_SHA) && !defined(NO_DSA)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
 	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
 	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
 	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
-
 	/* If you want support for phased out ciphers, add the following */
 #if 0
 	EVP_add_digest(EVP_sha());
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
index 00f9fda..16bc11b 100644
--- a/crypto/openssl/ssl/ssl_asn1.c
+++ b/crypto/openssl/ssl/ssl_asn1.c
@@ -58,10 +58,10 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include "ssl_locl.h"
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "ssl_locl.h"
 #include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
@@ -73,6 +73,9 @@ typedef struct ssl_session_asn1_st
 	ASN1_OCTET_STRING session_id;
 	ASN1_OCTET_STRING session_id_context;
 	ASN1_OCTET_STRING key_arg;
+#ifndef OPENSSL_NO_KRB5
+        ASN1_OCTET_STRING krb5_princ;
+#endif /* OPENSSL_NO_KRB5 */
 	ASN1_INTEGER time;
 	ASN1_INTEGER timeout;
 	ASN1_INTEGER verify_result;
@@ -143,6 +146,15 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	a.key_arg.type=V_ASN1_OCTET_STRING;
 	a.key_arg.data=in->key_arg;
 
+#ifndef OPENSSL_NO_KRB5
+	if (in->krb5_client_princ_len)
+		{
+		a.krb5_princ.length=in->krb5_client_princ_len;
+		a.krb5_princ.type=V_ASN1_OCTET_STRING;
+		a.krb5_princ.data=in->krb5_client_princ;
+		}
+#endif /* OPENSSL_NO_KRB5 */
+ 
 	if (in->time != 0L)
 		{
 		a.time.length=LSIZE2;
@@ -167,11 +179,16 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		ASN1_INTEGER_set(&a.verify_result,in->verify_result);
 		}
 
+
 	M_ASN1_I2D_len(&(a.version),		i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(&(a.ssl_version),	i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(&(a.cipher),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_len(&(a.session_id),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_len(&(a.master_key),		i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+	if (in->krb5_client_princ_len)
+        	M_ASN1_I2D_len(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
 	if (in->key_arg_length > 0)
 		M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
 	if (in->time != 0L)
@@ -191,6 +208,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	M_ASN1_I2D_put(&(a.cipher),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_put(&(a.session_id),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_put(&(a.master_key),		i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+	if (in->krb5_client_princ_len)
+        	M_ASN1_I2D_put(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
 	if (in->key_arg_length > 0)
 		M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
 	if (in->time != 0L)
@@ -278,6 +299,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
 		os.length = sizeof ret->session_id;
 
 	ret->session_id_length=os.length;
+	OPENSSL_assert(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -288,6 +310,25 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
 	memcpy(ret->master_key,os.data,ret->master_key_length);
 
 	os.length=0;
+
+#ifndef OPENSSL_NO_KRB5
+	os.length=0;
+	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
+	if (os.data)
+		{
+        	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
+            		ret->krb5_client_princ_len=0;
+		else
+			ret->krb5_client_princ_len=os.length;
+		memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
+		OPENSSL_free(os.data);
+		os.data = NULL;
+		os.length = 0;
+		}
+	else
+		ret->krb5_client_princ_len=0;
+#endif /* OPENSSL_NO_KRB5 */
+
 	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
 	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
 		ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
@@ -330,9 +371,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
 	if(os.data != NULL)
 	    {
 	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		ret->sid_ctx_length=os.length;
 		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
-	    ret->sid_ctx_length=os.length;
-	    memcpy(ret->sid_ctx,os.data,os.length);
+		}
+	    else
+		{
+		ret->sid_ctx_length=os.length;
+		memcpy(ret->sid_ctx,os.data,os.length);
+		}
 	    OPENSSL_free(os.data); os.data=NULL; os.length=0;
 	    }
 	else
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index bb4cb2f..1f12255 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -106,16 +106,19 @@
 
 #include <stdio.h>
 
-#include "openssl/e_os.h"
-
+#include "e_os.h"
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
 
-#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
+#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
 #include <dirent.h>
 #endif
 
+#if defined(WIN32)
+#include <windows.h>
+#endif
+
 #ifdef NeXT
 #include <sys/dir.h>
 #define dirent direct
@@ -129,14 +132,23 @@
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 	{
-	static int ssl_x509_store_ctx_idx= -1;
+	static volatile int ssl_x509_store_ctx_idx= -1;
 
 	if (ssl_x509_store_ctx_idx < 0)
 		{
-		ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
-			0,"SSL for verify callback",NULL,NULL,NULL);
+		/* any write lock will do; usually this branch
+		 * will only be taken once anyway */
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+		
+		if (ssl_x509_store_ctx_idx < 0)
+			{
+			ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+				0,"SSL for verify callback",NULL,NULL,NULL);
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 		}
-	return(ssl_x509_store_ctx_idx);
+	return ssl_x509_store_ctx_idx;
 	}
 
 CERT *ssl_cert_new(void)
@@ -179,16 +191,16 @@ CERT *ssl_cert_dup(CERT *cert)
 	ret->mask = cert->mask;
 	ret->export_mask = cert->export_mask;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (cert->rsa_tmp != NULL)
 		{
+		RSA_up_ref(cert->rsa_tmp);
 		ret->rsa_tmp = cert->rsa_tmp;
-		CRYPTO_add(&ret->rsa_tmp->references, 1, CRYPTO_LOCK_RSA);
 		}
 	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (cert->dh_tmp != NULL)
 		{
 		/* DH parameters don't have a reference count */
@@ -271,14 +283,14 @@ CERT *ssl_cert_dup(CERT *cert)
 
 	return(ret);
 	
-#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
+#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
 err:
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (ret->rsa_tmp != NULL)
 		RSA_free(ret->rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (ret->dh_tmp != NULL)
 		DH_free(ret->dh_tmp);
 #endif
@@ -315,10 +327,10 @@ void ssl_cert_free(CERT *c)
 		}
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (c->dh_tmp) DH_free(c->dh_tmp);
 #endif
 
@@ -419,11 +431,11 @@ void ssl_sess_cert_free(SESS_CERT *sc)
 #endif
 		}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (sc->peer_rsa_tmp != NULL)
 		RSA_free(sc->peer_rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (sc->peer_dh_tmp != NULL)
 		DH_free(sc->peer_dh_tmp);
 #endif
@@ -447,17 +459,23 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		return(0);
 
 	x=sk_X509_value(sk,0);
-	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+	if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+		{
+		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+		return(0);
+		}
 	if (SSL_get_verify_depth(s) >= 0)
 		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
 	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
+
 	/* We need to set the verify purpose. The purpose can be determined by
 	 * the context: if its a server it will verify SSL client certificates
 	 * or vice versa.
-         */
-
-	if(s->server) i = X509_PURPOSE_SSL_CLIENT;
-	else i = X509_PURPOSE_SSL_SERVER;
+	 */
+	if (s->server)
+		i = X509_PURPOSE_SSL_CLIENT;
+	else
+		i = X509_PURPOSE_SSL_SERVER;
 
 	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
 
@@ -465,10 +483,14 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
 
 	if (s->ctx->app_verify_callback != NULL)
+#if 1 /* new with OpenSSL 0.9.7 */
+		i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 
+#else
 		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+#endif
 	else
 		{
-#ifndef NO_X509_VERIFY
+#ifndef OPENSSL_NO_X509_VERIFY
 		i=X509_verify_cert(&ctx);
 #else
 		i=0;
@@ -578,7 +600,7 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
 	return(X509_NAME_cmp(*a,*b));
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 /*!
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
@@ -708,9 +730,9 @@ err:
  * certs may have been added to \c stack.
  */
 
-#ifndef WIN32
-#ifndef VMS			/* XXXX This may be fixed in the future */
-#ifndef MAC_OS_pre_X
+#ifndef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_SYS_VMS		/* XXXX This may be fixed in the future */
+#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */
 
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 				       const char *dir)
@@ -758,4 +780,81 @@ err:
 
 #endif
 #endif
+
+#else
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+				       const char *dir)
+	{
+	WIN32_FIND_DATA FindFileData;
+	HANDLE hFind;
+	int ret = 0;
+#ifdef OPENSSL_SYS_WINCE
+	WCHAR* wdir = NULL;
+#endif
+
+	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+	
+#ifdef OPENSSL_SYS_WINCE
+	/* convert strings to UNICODE */
+	{
+		BOOL result = FALSE;
+		int i;
+		wdir = malloc((strlen(dir)+1)*2);
+		if (wdir == NULL)
+			goto err_noclose;
+		for (i=0; i<(int)strlen(dir)+1; i++)
+			wdir[i] = (short)dir[i];
+	}
+#endif
+
+#ifdef OPENSSL_SYS_WINCE
+	hFind = FindFirstFile(wdir, &FindFileData);
+#else
+	hFind = FindFirstFile(dir, &FindFileData);
+#endif
+	/* Note that a side effect is that the CAs will be sorted by name */
+	if(hFind == INVALID_HANDLE_VALUE)
+		{
+		SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+		ERR_add_error_data(3, "opendir('", dir, "')");
+		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+		goto err_noclose;
+		}
+	
+	do 
+		{
+		char buf[1024];
+		int r;
+		
+#ifdef OPENSSL_SYS_WINCE
+		if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
+#else
+		if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
+#endif
+			{
+			SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+			goto err;
+			}
+		
+		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);
+		if (r <= 0 || r >= sizeof buf)
+			goto err;
+		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+			goto err;
+		}
+	while (FindNextFile(hFind, &FindFileData) != FALSE);
+	ret = 1;
+
+err:	
+	FindClose(hFind);
+err_noclose:
+#ifdef OPENSSL_SYS_WINCE
+	if (wdir != NULL)
+		free(wdir);
+#endif
+	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+	return ret;
+	}
+
 #endif
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
index f63163f..c72be89 100644
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ b/crypto/openssl/ssl/ssl_ciph.c
@@ -68,7 +68,9 @@
 #define SSL_ENC_IDEA_IDX	4
 #define SSL_ENC_eFZA_IDX	5
 #define SSL_ENC_NULL_IDX	6
-#define SSL_ENC_NUM_IDX		7
+#define SSL_ENC_AES128_IDX	7
+#define SSL_ENC_AES256_IDX	8
+#define SSL_ENC_NUM_IDX		9
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
 	NULL,NULL,NULL,NULL,NULL,NULL,
@@ -98,8 +100,11 @@ typedef struct cipher_order_st
 	} CIPHER_ORDER;
 
 static const SSL_CIPHER cipher_aliases[]={
-	/* Don't include eNULL unless specifically enabled */
+	/* Don't include eNULL unless specifically enabled. */
 	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+        {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
+	{0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
@@ -108,6 +113,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_DH,	0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
 
+	{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
 	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
 	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
 	{0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
@@ -122,12 +128,14 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
 	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
 	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_AES,	0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
 
 	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
 	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
 	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
 
 	{0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
 	{0,SSL_TXT_RSA,	0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
 	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
 	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
@@ -160,6 +168,10 @@ static void load_ciphers(void)
 		EVP_get_cipherbyname(SN_rc2_cbc);
 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
 		EVP_get_cipherbyname(SN_idea_cbc);
+	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
+	  EVP_get_cipherbyname(SN_aes_128_cbc);
+	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
+	  EVP_get_cipherbyname(SN_aes_256_cbc);
 
 	ssl_digest_methods[SSL_MD_MD5_IDX]=
 		EVP_get_digestbyname(SN_md5);
@@ -220,6 +232,14 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
 	case SSL_eNULL:
 		i=SSL_ENC_NULL_IDX;
 		break;
+	case SSL_AES:
+		switch(c->alg_bits)
+			{
+		case 128: i=SSL_ENC_AES128_IDX; break;
+		case 256: i=SSL_ENC_AES256_IDX; break;
+		default: i=-1; break;
+			}
+		break;
 	default:
 		i= -1;
 		break;
@@ -282,15 +302,18 @@ static unsigned long ssl_cipher_get_disabled(void)
 	unsigned long mask;
 
 	mask = SSL_kFZA;
-#ifdef NO_RSA
+#ifdef OPENSSL_NO_RSA
 	mask |= SSL_aRSA|SSL_kRSA;
 #endif
-#ifdef NO_DSA
+#ifdef OPENSSL_NO_DSA
 	mask |= SSL_aDSS;
 #endif
-#ifdef NO_DH
+#ifdef OPENSSL_NO_DH
 	mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
 #endif
+#ifdef OPENSSL_NO_KRB5
+	mask |= SSL_kKRB5|SSL_aKRB5;
+#endif
 
 #ifdef SSL_FORBID_ENULL
 	mask |= SSL_eNULL;
@@ -302,6 +325,7 @@ static unsigned long ssl_cipher_get_disabled(void)
 	mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
 	mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
 	mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+	mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
 
 	mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
 	mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
@@ -336,6 +360,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 			list[list_num].prev = NULL;
 			list[list_num].active = 0;
 			list_num++;
+#ifdef KSSL_DEBUG
+			printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
+#endif	/* KSSL_DEBUG */
 			/*
 			if (!sk_push(ca_list,(char *)c)) goto err;
 			*/
@@ -724,7 +751,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 */
 	if (rule_str == NULL) return(NULL);
 
-	if (init_ciphers) load_ciphers();
+	if (init_ciphers)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+		if (init_ciphers) load_ciphers();
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+		}
 
 	/*
 	 * To reduce the work to do we only want to process the compiled
@@ -738,6 +770,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 * it is used for allocation.
 	 */
 	num_of_ciphers = ssl_method->num_ciphers();
+#ifdef KSSL_DEBUG
+	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+#endif    /* KSSL_DEBUG */
 	list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
 	if (list == NULL)
 		{
@@ -872,8 +907,12 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	char *ver,*exp;
 	char *kx,*au,*enc,*mac;
 	unsigned long alg,alg2,alg_s;
+#ifdef KSSL_DEBUG
+	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+#else
 	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-	
+#endif /* KSSL_DEBUG */
+
 	alg=cipher->algorithms;
 	alg_s=cipher->algo_strength;
 	alg2=cipher->algorithm2;
@@ -901,6 +940,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_kDHd:
 		kx="DH/DSS";
 		break;
+        case SSL_kKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            kx="KRB5";
+            break;
 	case SSL_kFZA:
 		kx="Fortezza";
 		break;
@@ -922,6 +965,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_aDH:
 		au="DH";
 		break;
+        case SSL_aKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            au="KRB5";
+            break;
 	case SSL_aFZA:
 	case SSL_aNULL:
 		au="None";
@@ -955,6 +1002,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_eNULL:
 		enc="None";
 		break;
+	case SSL_AES:
+		switch(cipher->strength_bits)
+			{
+		case 128: enc="AES(128)"; break;
+		case 192: enc="AES(192)"; break;
+		case 256: enc="AES(256)"; break;
+		default: enc="AES(?""?""?)"; break;
+			}
+		break;
 	default:
 		enc="unknown";
 		break;
@@ -982,7 +1038,11 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	else if (len < 128)
 		return("Buffer too small");
 
+#ifdef KSSL_DEBUG
+	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
+#else
 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+#endif /* KSSL_DEBUG */
 	return(buf);
 	}
 
@@ -1053,6 +1113,10 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 	SSL_COMP *comp;
 	STACK_OF(SSL_COMP) *sk;
 
+        if (cm == NULL || cm->type == NID_undef)
+                return 1;
+
+	MemCheck_off();
 	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
 	comp->id=id;
 	comp->method=cm;
@@ -1062,10 +1126,13 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 		sk=ssl_comp_methods;
 	if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
 		{
+		MemCheck_on();
 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
 		return(0);
 		}
 	else
+		{
+		MemCheck_on();
 		return(1);
+		}
 	}
-
diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c
index b77b35f..d2cb181 100644
--- a/crypto/openssl/ssl/ssl_err.c
+++ b/crypto/openssl/ssl/ssl_err.c
@@ -63,7 +63,7 @@
 #include <openssl/ssl.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA SSL_str_functs[]=
 	{
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
@@ -110,6 +110,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_CTRL,0),	"SSL3_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),	"SSL3_CTX_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_ENC,0),	"SSL3_ENC"},
+{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0),	"SSL3_GENERATE_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),	"SSL3_GET_CERTIFICATE_REQUEST"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0),	"SSL3_GET_CERT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0),	"SSL3_GET_CLIENT_CERTIFICATE"},
@@ -275,16 +276,27 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
 {SSL_R_HTTP_REQUEST                      ,"http request"},
 {SSL_R_ILLEGAL_PADDING                   ,"illegal padding"},
-{SSL_R_INTERNAL_ERROR                    ,"internal error"},
 {SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
 {SSL_R_INVALID_COMMAND                   ,"invalid command"},
 {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
 {SSL_R_INVALID_TRUST                     ,"invalid trust"},
 {SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
+{SSL_R_KRB5                              ,"krb5"},
+{SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"},
+{SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"},
+{SSL_R_KRB5_C_INIT                       ,"krb5 client init"},
+{SSL_R_KRB5_C_MK_REQ                     ,"krb5 client mk_req (expired tkt?)"},
+{SSL_R_KRB5_S_BAD_TICKET                 ,"krb5 server bad ticket"},
+{SSL_R_KRB5_S_INIT                       ,"krb5 server init"},
+{SSL_R_KRB5_S_RD_REQ                     ,"krb5 server rd_req (keytab perms?)"},
+{SSL_R_KRB5_S_TKT_EXPIRED                ,"krb5 server tkt expired"},
+{SSL_R_KRB5_S_TKT_NYV                    ,"krb5 server tkt not yet valid"},
+{SSL_R_KRB5_S_TKT_SKEW                   ,"krb5 server tkt skew"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
 {SSL_R_LIBRARY_BUG                       ,"library bug"},
 {SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
+{SSL_R_MASTER_KEY_TOO_LONG               ,"master key too long"},
 {SSL_R_MESSAGE_TOO_LONG                  ,"message too long"},
 {SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
 {SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
@@ -371,7 +383,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
 {SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
 {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
+{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED    ,"ssl session id callback failed"},
+{SSL_R_SSL_SESSION_ID_CONFLICT           ,"ssl session id conflict"},
 {SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG   ,"ssl session id context too long"},
+{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH     ,"ssl session id has bad length"},
 {SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
 {SSL_R_TLSV1_ALERT_ACCESS_DENIED         ,"tlsv1 alert access denied"},
 {SSL_R_TLSV1_ALERT_DECODE_ERROR          ,"tlsv1 alert decode error"},
@@ -437,7 +452,7 @@ void ERR_load_SSL_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
 #endif
diff --git a/crypto/openssl/ssl/ssl_err2.c b/crypto/openssl/ssl/ssl_err2.c
index cc089a6..ea95a5f 100644
--- a/crypto/openssl/ssl/ssl_err2.c
+++ b/crypto/openssl/ssl/ssl_err2.c
@@ -62,7 +62,7 @@
 
 void SSL_load_error_strings(void)
 	{
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 	ERR_load_crypto_strings();
 	ERR_load_SSL_strings();
 #endif
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 4f84a34..091326f 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -57,22 +57,74 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 
-#include <assert.h>
+#ifdef REF_CHECK
+#  include <assert.h>
+#endif
 #include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
-#include "ssl_locl.h"
+#include "cryptlib.h"
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
 OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
 	/* evil casts, but these functions are only called if there's a library bug */
 	(int (*)(SSL *,int))ssl_undefined_function,
@@ -110,7 +162,7 @@ int SSL_clear(SSL *s)
 #else
 	if (s->new_session)
 		{
-		SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
 		return 0;
 		}
 #endif
@@ -189,6 +241,14 @@ SSL *SSL_new(SSL_CTX *ctx)
 	if (s == NULL) goto err;
 	memset(s,0,sizeof(SSL));
 
+#ifndef	OPENSSL_NO_KRB5
+	s->kssl_ctx = kssl_ctx_new();
+#endif	/* OPENSSL_NO_KRB5 */
+
+	s->options=ctx->options;
+	s->mode=ctx->mode;
+	s->max_cert_list=ctx->max_cert_list;
+
 	if (ctx->cert != NULL)
 		{
 		/* Earlier library versions used to copy the pointer to
@@ -207,13 +267,21 @@ SSL *SSL_new(SSL_CTX *ctx)
 		}
 	else
 		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
-	s->sid_ctx_length=ctx->sid_ctx_length;
-	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
+
+	s->read_ahead=ctx->read_ahead;
+	s->msg_callback=ctx->msg_callback;
+	s->msg_callback_arg=ctx->msg_callback_arg;
 	s->verify_mode=ctx->verify_mode;
 	s->verify_depth=ctx->verify_depth;
+	s->sid_ctx_length=ctx->sid_ctx_length;
+	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
 	s->verify_callback=ctx->default_verify_callback;
+	s->generate_session_id=ctx->generate_session_id;
 	s->purpose = ctx->purpose;
 	s->trust = ctx->trust;
+	s->quiet_shutdown=ctx->quiet_shutdown;
+
 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
 	s->ctx=ctx;
 
@@ -224,15 +292,12 @@ SSL *SSL_new(SSL_CTX *ctx)
 	if (!s->method->ssl_new(s))
 		goto err;
 
-	s->quiet_shutdown=ctx->quiet_shutdown;
 	s->references=1;
 	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
-	s->options=ctx->options;
-	s->mode=ctx->mode;
-	s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
+
 	SSL_clear(s);
 
-	CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
 	return(s);
 err:
@@ -251,7 +316,7 @@ err:
 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
 				   unsigned int sid_ctx_len)
     {
-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+    if(sid_ctx_len > sizeof ctx->sid_ctx)
 	{
 	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
 	return 0;
@@ -276,45 +341,75 @@ int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
     return 1;
     }
 
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
-{
-	if(X509_PURPOSE_get_by_id(purpose) == -1) {
-		SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
-		return 0;
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+	ctx->generate_session_id = cb;
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+	return 1;
 	}
-	s->purpose = purpose;
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+	ssl->generate_session_id = cb;
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 	return 1;
-}
+	}
 
-int SSL_set_purpose(SSL *s, int purpose)
-{
-	if(X509_PURPOSE_get_by_id(purpose) == -1) {
-		SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+				unsigned int id_len)
+	{
+	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+	 * we can "construct" a session to give us the desired check - ie. to
+	 * find if there's a session in the hash table that would conflict with
+	 * any new session built out of this id/id_len and the ssl_version in
+	 * use by this SSL. */
+	SSL_SESSION r, *p;
+
+	if(id_len > sizeof r.session_id)
 		return 0;
+
+	r.ssl_version = ssl->version;
+	r.session_id_length = id_len;
+	memcpy(r.session_id, id, id_len);
+	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
+	 * callback is calling us to check the uniqueness of a shorter ID, it
+	 * must be compared as a padded-out ID because that is what it will be
+	 * converted to when the callback has finished choosing it. */
+	if((r.ssl_version == SSL2_VERSION) &&
+			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
+		{
+		memset(r.session_id + id_len, 0,
+			SSL2_SSL_SESSION_ID_LENGTH - id_len);
+		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+		}
+
+	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+	p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
+	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+	return (p != NULL);
 	}
-	s->purpose = purpose;
-	return 1;
-}
-	
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+	{
+	return X509_PURPOSE_set(&s->purpose, purpose);
+	}
+
+int SSL_set_purpose(SSL *s, int purpose)
+	{
+	return X509_PURPOSE_set(&s->purpose, purpose);
+	}
+
 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
-{
-	if(X509_TRUST_get_by_id(trust) == -1) {
-		SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
-		return 0;
+	{
+	return X509_TRUST_set(&s->trust, trust);
 	}
-	s->trust = trust;
-	return 1;
-}
 
 int SSL_set_trust(SSL *s, int trust)
-{
-	if(X509_TRUST_get_by_id(trust) == -1) {
-		SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
-		return 0;
+	{
+	return X509_TRUST_set(&s->trust, trust);
 	}
-	s->trust = trust;
-	return 1;
-}
 
 void SSL_free(SSL *s)
 	{
@@ -336,7 +431,7 @@ void SSL_free(SSL *s)
 		}
 #endif
 
-	CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
 	if (s->bbio != NULL)
 		{
@@ -436,7 +531,7 @@ int SSL_get_wfd(SSL *s)
 	return(ret);
 	}
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 int SSL_set_fd(SSL *s,int fd)
 	{
 	int ret=0;
@@ -591,6 +686,13 @@ int SSL_get_read_ahead(SSL *s)
 
 int SSL_pending(SSL *s)
 	{
+	/* SSL_pending cannot work properly if read-ahead is enabled
+	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
+	 * and it is impossible to fix since SSL_pending cannot report
+	 * errors that may be observed while scanning the new data.
+	 * (Note that SSL_pending() is often used as a boolean value,
+	 * so we'd better not return -1.)
+	 */
 	return(s->method->ssl_pending(s));
 	}
 
@@ -800,7 +902,14 @@ int SSL_renegotiate(SSL *s)
 	return(s->method->ssl_renegotiate(s));
 	}
 
-long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
+int SSL_renegotiate_pending(SSL *s)
+	{
+	/* becomes true when negotiation is requested;
+	 * false again once a handshake has finished */
+	return (s->new_session != 0);
+	}
+
+long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 	{
 	long l;
 
@@ -812,10 +921,21 @@ long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
 		l=s->read_ahead;
 		s->read_ahead=larg;
 		return(l);
+
+	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+		s->msg_callback_arg = parg;
+		return 1;
+
 	case SSL_CTRL_OPTIONS:
 		return(s->options|=larg);
 	case SSL_CTRL_MODE:
 		return(s->mode|=larg);
+	case SSL_CTRL_GET_MAX_CERT_LIST:
+		return(s->max_cert_list);
+	case SSL_CTRL_SET_MAX_CERT_LIST:
+		l=s->max_cert_list;
+		s->max_cert_list=larg;
+		return(l);
 	default:
 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
 		}
@@ -825,6 +945,10 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	{
 	switch(cmd)
 		{
+	case SSL_CTRL_SET_MSG_CALLBACK:
+		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
+		return 1;
+		
 	default:
 		return(s->method->ssl_callback_ctrl(s,cmd,fp));
 		}
@@ -835,7 +959,7 @@ struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
 	return ctx->sessions;
 	}
 
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
+long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
 	{
 	long l;
 
@@ -847,6 +971,17 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
 		l=ctx->read_ahead;
 		ctx->read_ahead=larg;
 		return(l);
+		
+	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+		ctx->msg_callback_arg = parg;
+		return 1;
+
+	case SSL_CTRL_GET_MAX_CERT_LIST:
+		return(ctx->max_cert_list);
+	case SSL_CTRL_SET_MAX_CERT_LIST:
+		l=ctx->max_cert_list;
+		ctx->max_cert_list=larg;
+		return(l);
 
 	case SSL_CTRL_SET_SESS_CACHE_SIZE:
 		l=ctx->session_cache_size;
@@ -898,6 +1033,10 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
 	{
 	switch(cmd)
 		{
+	case SSL_CTRL_SET_MSG_CALLBACK:
+		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
+		return 1;
+
 	default:
 		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
 		}
@@ -1036,6 +1175,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
 	int i,j=0;
 	SSL_CIPHER *c;
 	unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
 
 	if (sk == NULL) return(0);
 	q=p;
@@ -1043,6 +1185,10 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
 		c=sk_SSL_CIPHER_value(sk,i);
+#ifndef OPENSSL_NO_KRB5
+                if ((c->algorithms & SSL_KRB5) && nokrb5)
+                    continue;
+#endif /* OPENSSL_NO_KRB5 */                    
 		j=ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
@@ -1105,6 +1251,11 @@ unsigned long SSL_SESSION_hash(SSL_SESSION *a)
 	return(l);
 	}
 
+/* NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
+ * able to construct an SSL_SESSION that will collide with any existing session
+ * with a matching session ID. */
 int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
 	{
 	if (a->ssl_version != b->ssl_version)
@@ -1114,6 +1265,13 @@ int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
 	return(memcmp(a->session_id,b->session_id,a->session_id_length));
 	}
 
+/* These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed via
+ * ssl.h. */
+static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
+static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
+
 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	{
 	SSL_CTX *ret=NULL;
@@ -1146,9 +1304,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	/* We take the system default */
 	ret->session_timeout=meth->get_timeout();
 
-	ret->new_session_cb=NULL;
-	ret->remove_session_cb=NULL;
-	ret->get_session_cb=NULL;
+	ret->new_session_cb=0;
+	ret->remove_session_cb=0;
+	ret->get_session_cb=0;
+	ret->generate_session_id=0;
 
 	memset((char *)&ret->stats,0,sizeof(ret->stats));
 
@@ -1163,21 +1322,26 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 
 	ret->info_callback=NULL;
 
-	ret->app_verify_callback=NULL;
+	ret->app_verify_callback=0;
 	ret->app_verify_arg=NULL;
 
+	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
 	ret->read_ahead=0;
+	ret->msg_callback=0;
+	ret->msg_callback_arg=NULL;
 	ret->verify_mode=SSL_VERIFY_NONE;
 	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
+	ret->sid_ctx_length=0;
 	ret->default_verify_callback=NULL;
 	if ((ret->cert=ssl_cert_new()) == NULL)
 		goto err;
 
-	ret->default_passwd_callback=NULL;
+	ret->default_passwd_callback=0;
 	ret->default_passwd_callback_userdata=NULL;
-	ret->client_cert_cb=NULL;
+	ret->client_cert_cb=0;
 
-	ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
+	ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
+			LHASH_COMP_FN(SSL_SESSION_cmp));
 	if (ret->sessions == NULL) goto err;
 	ret->cert_store=X509_STORE_new();
 	if (ret->cert_store == NULL) goto err;
@@ -1211,7 +1375,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
 		goto err;
 
-	CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
 	ret->extra_certs=NULL;
 	ret->comp_methods=SSL_COMP_get_compression_methods();
@@ -1224,8 +1388,10 @@ err2:
 	return(NULL);
 	}
 
+#if 0
 static void SSL_COMP_free(SSL_COMP *comp)
     { OPENSSL_free(comp); }
+#endif
 
 void SSL_CTX_free(SSL_CTX *a)
 	{
@@ -1245,13 +1411,24 @@ void SSL_CTX_free(SSL_CTX *a)
 		abort(); /* ok */
 		}
 #endif
-	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
 
+	/*
+	 * Free internal session cache. However: the remove_cb() may reference
+	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+	 * after the sessions were flushed.
+	 * As the ex_data handling routines might also touch the session cache,
+	 * the most secure solution seems to be: empty (flush) the cache, then
+	 * free ex_data, then finally free the cache.
+	 * (See ticket [openssl.org #212].)
+	 */
 	if (a->sessions != NULL)
-		{
 		SSL_CTX_flush_sessions(a,0);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+	if (a->sessions != NULL)
 		lh_free(a->sessions);
-		}
+
 	if (a->cert_store != NULL)
 		X509_STORE_free(a->cert_store);
 	if (a->cipher_list != NULL)
@@ -1264,8 +1441,12 @@ void SSL_CTX_free(SSL_CTX *a)
 		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
 	if (a->extra_certs != NULL)
 		sk_X509_pop_free(a->extra_certs,X509_free);
+#if 0 /* This should never be done, since it removes a global database */
 	if (a->comp_methods != NULL)
 		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
+#else
+	a->comp_methods = NULL;
+#endif
 	OPENSSL_free(a);
 	}
 
@@ -1279,15 +1460,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 	ctx->default_passwd_callback_userdata=u;
 	}
 
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
 	{
-	/* now
-	 *     int (*cb)(X509_STORE_CTX *),
-	 * but should be
-	 *     int (*cb)(X509_STORE_CTX *, void *arg)
-	 */
 	ctx->app_verify_callback=cb;
-	ctx->app_verify_arg=arg; /* never used */
+	ctx->app_verify_arg=arg;
 	}
 
 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
@@ -1313,14 +1489,14 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 
 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
 	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
 		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
 #else
 	rsa_tmp=rsa_tmp_export=0;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
 	dh_tmp_export=(c->dh_tmp_cb != NULL ||
 		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
@@ -1394,6 +1570,11 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 	mask|=SSL_aNULL;
 	emask|=SSL_aNULL;
 
+#ifndef OPENSSL_NO_KRB5
+	mask|=SSL_kKRB5|SSL_aKRB5;
+	emask|=SSL_kKRB5|SSL_aKRB5;
+#endif
+
 	c->mask=mask;
 	c->export_mask=emask;
 	c->valid=1;
@@ -1426,9 +1607,14 @@ X509 *ssl_get_server_send_cert(SSL *s)
 		else
 			i=SSL_PKEY_RSA_ENC;
 		}
+	else if (kalg & SSL_aKRB5)
+		{
+		/* VRS something else here? */
+		return(NULL);
+		}
 	else /* if (kalg & SSL_aNULL) */
 		{
-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
 		return(NULL);
 		}
 	if (c->pkeys[i].x509 == NULL) return(NULL);
@@ -1457,7 +1643,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
 		}
 	else /* if (alg & SSL_aNULL) */
 		{
-		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
 		return(NULL);
 		}
 	}
@@ -1472,7 +1658,7 @@ void ssl_update_cache(SSL *s,int mode)
 
 	i=s->ctx->session_cache_mode;
 	if ((i & mode) && (!s->hit)
-		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
 		    || SSL_CTX_add_session(s->ctx,s->session))
 		&& (s->ctx->new_session_cb != NULL))
 		{
@@ -1565,6 +1751,8 @@ int SSL_get_error(SSL *s,int i)
 			reason=BIO_get_retry_reason(bio);
 			if (reason == BIO_RR_CONNECT)
 				return(SSL_ERROR_WANT_CONNECT);
+			else if (reason == BIO_RR_ACCEPT)
+				return(SSL_ERROR_WANT_ACCEPT);
 			else
 				return(SSL_ERROR_SYSCALL); /* unknown */
 			}
@@ -1583,6 +1771,8 @@ int SSL_get_error(SSL *s,int i)
 			reason=BIO_get_retry_reason(bio);
 			if (reason == BIO_RR_CONNECT)
 				return(SSL_ERROR_WANT_CONNECT);
+			else if (reason == BIO_RR_ACCEPT)
+				return(SSL_ERROR_WANT_ACCEPT);
 			else
 				return(SSL_ERROR_SYSCALL);
 			}
@@ -1683,7 +1873,11 @@ SSL *SSL_dup(SSL *s)
 		 
 	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
 	    return(NULL);
-			  
+
+	ret->version = s->version;
+	ret->type = s->type;
+	ret->method = s->method;
+
 	if (s->session != NULL)
 		{
 		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
@@ -1714,18 +1908,23 @@ SSL *SSL_dup(SSL *s)
 			s->sid_ctx, s->sid_ctx_length);
 		}
 
+	ret->options=s->options;
+	ret->mode=s->mode;
+	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
+	ret->msg_callback = s->msg_callback;
+	ret->msg_callback_arg = s->msg_callback_arg;
 	SSL_set_verify(ret,SSL_get_verify_mode(s),
 		SSL_get_verify_callback(s));
 	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
+	ret->generate_session_id = s->generate_session_id;
 
 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
 	
 	ret->debug=s->debug;
-	ret->options=s->options;
 
 	/* copy app data, a little dangerous perhaps */
-	if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
 		goto err;
 
 	/* setup rbio, and wbio */
@@ -1744,6 +1943,19 @@ SSL *SSL_dup(SSL *s)
 		else
 			ret->wbio=ret->rbio;
 		}
+	ret->rwstate = s->rwstate;
+	ret->in_handshake = s->in_handshake;
+	ret->handshake_func = s->handshake_func;
+	ret->server = s->server;
+	ret->new_session = s->new_session;
+	ret->quiet_shutdown = s->quiet_shutdown;
+	ret->shutdown=s->shutdown;
+	ret->state=s->state; /* SSL_dup does not really work at any state, though */
+	ret->rstate=s->rstate;
+	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
+	ret->hit=s->hit;
+	ret->purpose=s->purpose;
+	ret->trust=s->trust;
 
 	/* dup the cipher_list and cipher_list_by_id stacks */
 	if (s->cipher_list != NULL)
@@ -1772,11 +1984,6 @@ SSL *SSL_dup(SSL *s)
 			}
 		}
 
-	ret->shutdown=s->shutdown;
-	ret->state=s->state;
-	ret->handshake_func=s->handshake_func;
-	ret->server=s->server;
-
 	if (0)
 		{
 err:
@@ -1929,7 +2136,7 @@ SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
 	return(ssl->ctx);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 	{
 	return(X509_STORE_set_default_paths(ctx->cert_store));
@@ -1942,14 +2149,15 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
 	}
 #endif
 
-void SSL_set_info_callback(SSL *ssl,void (*cb)())
+void SSL_set_info_callback(SSL *ssl,
+			   void (*cb)(const SSL *ssl,int type,int val))
 	{
 	ssl->info_callback=cb;
 	}
 
-void (*SSL_get_info_callback(SSL *ssl))(void)
+void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val)
 	{
-	return((void (*)())ssl->info_callback);
+	return ssl->info_callback;
 	}
 
 int SSL_state(SSL *ssl)
@@ -1970,9 +2178,8 @@ long SSL_get_verify_result(SSL *ssl)
 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
 			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
 	{
-	ssl_meth_num++;
-	return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
-		&ssl_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+				new_func, dup_func, free_func);
 	}
 
 int SSL_set_ex_data(SSL *s,int idx,void *arg)
@@ -1988,9 +2195,8 @@ void *SSL_get_ex_data(SSL *s,int idx)
 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
 			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
 	{
-	ssl_ctx_meth_num++;
-	return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
-		&ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+				new_func, dup_func, free_func);
 	}
 
 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
@@ -2031,7 +2237,7 @@ int SSL_want(SSL *s)
  * \param cb the callback
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
 							  int is_export,
 							  int keylength))
@@ -2068,21 +2274,33 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
  * \param dh the callback
  */
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
 							int keylength))
-    {
-    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
-    }
+	{
+	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+	}
 
 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
 						int keylength))
-    {
-    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
-    }
+	{
+	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+	}
 #endif
 
-#if defined(_WINDLL) && defined(WIN16)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
+	{
+	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+	}
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
+	{
+	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+	}
+
+
+
+#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif
 
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
index d15b330..dd6c7a7 100644
--- a/crypto/openssl/ssl/ssl_locl.h
+++ b/crypto/openssl/ssl/ssl_locl.h
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -116,7 +116,7 @@
 #include <string.h>
 #include <errno.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/buffer.h>
 #include <openssl/comp.h>
@@ -127,6 +127,12 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include <openssl/symhacks.h>
+
+#ifdef OPENSSL_BUILD_SHLIBSSL
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
 
 #define PKCS1_CHECK
 
@@ -221,48 +227,52 @@
  * that the different entities within are mutually exclusive:
  * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
  */
-#define SSL_MKEY_MASK		0x0000001FL
+#define SSL_MKEY_MASK		0x0000003FL
 #define SSL_kRSA		0x00000001L /* RSA key exchange */
 #define SSL_kDHr		0x00000002L /* DH cert RSA CA cert */
 #define SSL_kDHd		0x00000004L /* DH cert DSA CA cert */
 #define SSL_kFZA		0x00000008L
 #define SSL_kEDH		0x00000010L /* tmp DH key no DH cert */
+#define SSL_kKRB5		0x00000020L /* Kerberos5 key exchange */
 #define SSL_EDH			(SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
 
-#define SSL_AUTH_MASK		0x000003e0L
-#define SSL_aRSA		0x00000020L /* Authenticate with RSA */
-#define SSL_aDSS 		0x00000040L /* Authenticate with DSS */
+#define SSL_AUTH_MASK		0x00000FC0L
+#define SSL_aRSA		0x00000040L /* Authenticate with RSA */
+#define SSL_aDSS 		0x00000080L /* Authenticate with DSS */
 #define SSL_DSS 		SSL_aDSS
-#define SSL_aFZA 		0x00000080L
-#define SSL_aNULL 		0x00000100L /* no Authenticate, ADH */
-#define SSL_aDH 		0x00000200L /* no Authenticate, ADH */
+#define SSL_aFZA 		0x00000100L
+#define SSL_aNULL 		0x00000200L /* no Authenticate, ADH */
+#define SSL_aDH 		0x00000400L /* no Authenticate, ADH */
+#define SSL_aKRB5               0x00000800L /* Authenticate with KRB5 */
 
 #define SSL_NULL		(SSL_eNULL)
 #define SSL_ADH			(SSL_kEDH|SSL_aNULL)
 #define SSL_RSA			(SSL_kRSA|SSL_aRSA)
 #define SSL_DH			(SSL_kDHr|SSL_kDHd|SSL_kEDH)
 #define SSL_FZA			(SSL_aFZA|SSL_kFZA|SSL_eFZA)
-
-#define SSL_ENC_MASK		0x0001Fc00L
-#define SSL_DES			0x00000400L
-#define SSL_3DES		0x00000800L
-#define SSL_RC4			0x00001000L
-#define SSL_RC2			0x00002000L
-#define SSL_IDEA		0x00004000L
-#define SSL_eFZA		0x00008000L
-#define SSL_eNULL		0x00010000L
-
-#define SSL_MAC_MASK		0x00060000L
-#define SSL_MD5			0x00020000L
-#define SSL_SHA1		0x00040000L
+#define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
+
+#define SSL_ENC_MASK		0x0087F000L
+#define SSL_DES			0x00001000L
+#define SSL_3DES		0x00002000L
+#define SSL_RC4			0x00004000L
+#define SSL_RC2			0x00008000L
+#define SSL_IDEA		0x00010000L
+#define SSL_eFZA		0x00020000L
+#define SSL_eNULL		0x00040000L
+#define SSL_AES			0x00800000L
+
+#define SSL_MAC_MASK		0x00180000L
+#define SSL_MD5			0x00080000L
+#define SSL_SHA1		0x00100000L
 #define SSL_SHA			(SSL_SHA1)
 
-#define SSL_SSL_MASK		0x00180000L
-#define SSL_SSLV2		0x00080000L
-#define SSL_SSLV3		0x00100000L
+#define SSL_SSL_MASK		0x00600000L
+#define SSL_SSLV2		0x00200000L
+#define SSL_SSLV3		0x00400000L
 #define SSL_TLSV1		SSL_SSLV3	/* for now */
 
-/* we have used 001fffff - 11 bits left to go */
+/* we have used 007fffff - 9 bits left to go */
 
 /*
  * Export and cipher strength information. For each cipher we have to decide
@@ -368,11 +378,11 @@ typedef struct cert_st
 	int valid;
 	unsigned long mask;
 	unsigned long export_mask;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa_tmp;
 	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh_tmp;
 	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
 #endif
@@ -395,10 +405,10 @@ typedef struct sess_cert_st
 	/* Obviously we don't have the private keys of these,
 	 * so maybe we shouldn't even use the CERT_PKEY type here. */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *peer_rsa_tmp; /* not used for SSL 2 */
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *peer_dh_tmp; /* not used for SSL 2 */
 #endif
 
@@ -455,9 +465,9 @@ OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
 OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
+#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods
 #endif
 
 
@@ -521,8 +531,8 @@ int	ssl2_peek(SSL *s, void *buf, int len);
 int	ssl2_write(SSL *s, const void *buf, int len);
 int	ssl2_shutdown(SSL *s);
 void	ssl2_clear(SSL *s);
-long	ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
-long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+long	ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
+long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
 long	ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
 long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
 int	ssl2_pending(SSL *s);
@@ -557,8 +567,8 @@ void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *have,
-			       STACK_OF(SSL_CIPHER) *pref);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+			       STACK_OF(SSL_CIPHER) *srvr);
 int	ssl3_setup_buffers(SSL *s);
 int	ssl3_new(SSL *s);
 void	ssl3_free(SSL *s);
@@ -569,8 +579,8 @@ int	ssl3_peek(SSL *s, void *buf, int len);
 int	ssl3_write(SSL *s, const void *buf, int len);
 int	ssl3_shutdown(SSL *s);
 void	ssl3_clear(SSL *s);
-long	ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
-long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+long	ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
+long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
 long	ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
 long	ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
 int	ssl3_pending(SSL *s);
@@ -583,7 +593,7 @@ int ssl23_write_bytes(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
+long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
 SSL_METHOD *tlsv1_base_method(void );
 
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
index 6ec7a5c..03828b6 100644
--- a/crypto/openssl/ssl/ssl_rsa.c
+++ b/crypto/openssl/ssl/ssl_rsa.c
@@ -57,12 +57,12 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/bio.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include "ssl_locl.h"
 
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
@@ -81,7 +81,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x)
 	return(ssl_set_cert(ssl->cert,x));
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 	{
 	int j;
@@ -148,7 +148,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
 	return(ret);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 	{
 	EVP_PKEY *pkey;
@@ -170,7 +170,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 		return(0);
 		}
 
-	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+	RSA_up_ref(rsa);
 	EVP_PKEY_assign_RSA(pkey,rsa);
 
 	ret=ssl_set_pkey(ssl->cert,pkey);
@@ -198,7 +198,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 		EVP_PKEY_free(pktmp);
 		ERR_clear_error();
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((pkey->type == EVP_PKEY_RSA) &&
@@ -251,8 +251,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 	return(1);
 	}
 
-#ifndef NO_RSA
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_STDIO
 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
@@ -303,7 +303,7 @@ end:
 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 	{
 	int ret;
-	unsigned char *p;
+	const unsigned char *p;
 	RSA *rsa;
 
 	p=d;
@@ -317,7 +317,7 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 
 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	{
@@ -337,7 +337,7 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	return(ret);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
@@ -438,7 +438,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
 		ERR_clear_error();
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@@ -471,7 +471,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 			}
 		else
 			ok=1;
-		} /* NO_RSA */
+		} /* OPENSSL_NO_RSA */
 		}
 	else
 		ok=1;
@@ -493,7 +493,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 	return(1);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j;
@@ -560,7 +560,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
 	return(ret);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	{
 	int ret;
@@ -582,7 +582,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 		return(0);
 		}
 
-	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+	RSA_up_ref(rsa);
 	EVP_PKEY_assign_RSA(pkey,rsa);
 
 	ret=ssl_set_pkey(ctx->cert, pkey);
@@ -590,7 +590,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	return(ret);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
@@ -641,7 +641,7 @@ end:
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
 	{
 	int ret;
-	unsigned char *p;
+	const unsigned char *p;
 	RSA *rsa;
 
 	p=d;
@@ -655,7 +655,7 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	{
@@ -672,7 +672,7 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	return(ssl_set_pkey(ctx->cert,pkey));
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
@@ -735,7 +735,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
 	}
 
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 /* Read a file that contains our certificate in "PEM" format,
  * possibly followed by a sequence of CA certificates that should be
  * sent to the peer in the Certificate message.
@@ -800,9 +800,9 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 			 * by SSL_CTX_use_certificate). */
 			}
 		/* When the while loop ends, it's usually just EOF. */
-		err = ERR_peek_error();
+		err = ERR_peek_last_error();
 		if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
-			(void) ERR_get_error();
+			(void)ERR_get_error();
 		else 
 			ret = 0; /* some real error */
 		}
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index 2f2d5bc..fbc30b9 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -65,8 +65,6 @@
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
 
 SSL_SESSION *SSL_get_session(SSL *ssl)
 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
@@ -92,10 +90,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
 int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 	{
-	ssl_session_num++;
-	return(CRYPTO_get_ex_new_index(ssl_session_num-1,
-		&ssl_session_meth,
-		argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+			new_func, dup_func, free_func);
 	}
 
 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
@@ -127,15 +123,49 @@ SSL_SESSION *SSL_SESSION_new(void)
 	ss->prev=NULL;
 	ss->next=NULL;
 	ss->compress_meth=0;
-	CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 	return(ss);
 	}
 
+/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
+ * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
+ * until we have no conflict is going to complete in one iteration pretty much
+ * "most" of the time (btw: understatement). So, if it takes us 10 iterations
+ * and we still can't avoid a conflict - well that's a reasonable point to call
+ * it quits. Either the RAND code is broken or someone is trying to open roughly
+ * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
+ * store that many sessions is perhaps a more interesting question ... */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len)
+{
+	unsigned int retry = 0;
+	do
+		RAND_pseudo_bytes(id, *id_len);
+	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+		(++retry < MAX_SESS_ID_ATTEMPTS));
+	if(retry < MAX_SESS_ID_ATTEMPTS)
+		return 1;
+	/* else - woops a session_id match */
+	/* XXX We should also check the external cache --
+	 * but the probability of a collision is negligible, and
+	 * we could not prevent the concurrent creation of sessions
+	 * with identical IDs since we currently don't have means
+	 * to atomically check whether a session ID already exists
+	 * and make a reservation for it if it does not
+	 * (this problem applies to the internal cache as well).
+	 */
+	return 0;
+}
+
 int ssl_get_new_session(SSL *s, int session)
 	{
 	/* This gets used by clients and servers. */
 
+	unsigned int tmp;
 	SSL_SESSION *ss=NULL;
+	GEN_SESSION_CB cb = def_generate_session_id;
 
 	if ((ss=SSL_SESSION_new()) == NULL) return(0);
 
@@ -174,25 +204,46 @@ int ssl_get_new_session(SSL *s, int session)
 			SSL_SESSION_free(ss);
 			return(0);
 			}
-
-		for (;;)
+		/* Choose which callback will set the session ID */
+		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+		if(s->generate_session_id)
+			cb = s->generate_session_id;
+		else if(s->ctx->generate_session_id)
+			cb = s->ctx->generate_session_id;
+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+		/* Choose a session ID */
+		tmp = ss->session_id_length;
+		if(!cb(s, ss->session_id, &tmp))
 			{
-			SSL_SESSION *r;
-
-			RAND_pseudo_bytes(ss->session_id,ss->session_id_length);
-			CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-			r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions, ss);
-			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-			if (r == NULL) break;
-			/* else - woops a session_id match */
-			/* XXX We should also check the external cache --
-			 * but the probability of a collision is negligible, and
-			 * we could not prevent the concurrent creation of sessions
-			 * with identical IDs since we currently don't have means
-			 * to atomically check whether a session ID already exists
-			 * and make a reservation for it if it does not
-			 * (this problem applies to the internal cache as well).
-			 */
+			/* The callback failed */
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+				SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+			SSL_SESSION_free(ss);
+			return(0);
+			}
+		/* Don't allow the callback to set the session length to zero.
+		 * nor set it higher than it was. */
+		if(!tmp || (tmp > ss->session_id_length))
+			{
+			/* The callback set an illegal length */
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+				SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+			SSL_SESSION_free(ss);
+			return(0);
+			}
+		/* If the session length was shrunk and we're SSLv2, pad it */
+		if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
+			memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
+		else
+			ss->session_id_length = tmp;
+		/* Finally, check for a conflict */
+		if(SSL_has_matching_session_id(s, ss->session_id,
+						ss->session_id_length))
+			{
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+				SSL_R_SSL_SESSION_ID_CONFLICT);
+			SSL_SESSION_free(ss);
+			return(0);
 			}
 		}
 	else
@@ -202,7 +253,7 @@ int ssl_get_new_session(SSL *s, int session)
 
 	if (s->sid_ctx_length > sizeof ss->sid_ctx)
 		{
-		SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
 		SSL_SESSION_free(ss);
 		return 0;
 		}
@@ -258,9 +309,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 			if (copy)
 				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 
-			/* The following should not return 1, otherwise,
-			 * things are very strange */
-			SSL_CTX_add_session(s->ctx,ret);
+			/* Add the externally cached session to the internal
+			 * cache as well if and only if we are supposed to. */
+			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+				/* The following should not return 1, otherwise,
+				 * things are very strange */
+				SSL_CTX_add_session(s->ctx,ret);
 			}
 		if (ret == NULL)
 			goto err;
@@ -472,15 +526,15 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 		}
 #endif
 
-	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
-	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
-	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+	OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+	OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+	OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
 	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
 	if (ss->peer != NULL) X509_free(ss->peer);
 	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-	memset(ss,0,sizeof(*ss));
+	OPENSSL_cleanse(ss,sizeof(*ss));
 	OPENSSL_free(ss);
 	}
 
@@ -510,6 +564,17 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
 				session->timeout=s->ctx->session_timeout;
 			}
 
+#ifndef OPENSSL_NO_KRB5
+                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
+                    session->krb5_client_princ_len > 0)
+                {
+                    s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
+                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
+                            session->krb5_client_princ_len);
+                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
+                }
+#endif /* OPENSSL_NO_KRB5 */
+
 		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
 		CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
 		if (s->session != NULL)
@@ -601,6 +666,8 @@ static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
 		}
 	}
 
+static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
+
 void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 	{
 	unsigned long i;
@@ -613,7 +680,7 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
 	i=tp.cache->down_load;
 	tp.cache->down_load=0;
-	lh_doall_arg(tp.cache,(void (*)())timeout,&tp);
+	lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
 	tp.cache->down_load=i;
 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 	}
diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c
index 893c98e..b16d253 100644
--- a/crypto/openssl/ssl/ssl_stat.c
+++ b/crypto/openssl/ssl/ssl_stat.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 
-char *SSL_state_string_long(SSL *s)
+const char *SSL_state_string_long(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->state)
 		{
@@ -74,7 +74,7 @@ case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
 case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
 case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
 case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
 case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
@@ -115,7 +115,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificat
 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
 #endif
 
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
 case SSL3_ST_CW_CLNT_HELLO_A:	str="SSLv3 write client hello A"; break;
 case SSL3_ST_CW_CLNT_HELLO_B:	str="SSLv3 write client hello B"; break;
@@ -182,7 +182,7 @@ case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 /* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;
@@ -199,9 +199,9 @@ default:	str="unknown state"; break;
 	return(str);
 	}
 
-char *SSL_rstate_string_long(SSL *s)
+const char *SSL_rstate_string_long(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->rstate)
 		{
@@ -213,9 +213,9 @@ char *SSL_rstate_string_long(SSL *s)
 	return(str);
 	}
 
-char *SSL_state_string(SSL *s)
+const char *SSL_state_string(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->state)
 		{
@@ -223,7 +223,7 @@ case SSL_ST_BEFORE:				str="PINIT "; break;
 case SSL_ST_ACCEPT:				str="AINIT "; break;
 case SSL_ST_CONNECT:				str="CINIT "; break;
 case SSL_ST_OK:			 		str="SSLOK "; break;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION:		str="2CSENC"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION:		str="2SSENC"; break;
 case SSL2_ST_SEND_CLIENT_HELLO_A:		str="2SCH_A"; break;
@@ -264,7 +264,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE:	str="2X9GSC"; break;
 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:	str="2X9GCC"; break;
 #endif
 
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
 case SSL3_ST_SW_FLUSH:
 case SSL3_ST_CW_FLUSH:				str="3FLUSH"; break;
@@ -330,7 +330,7 @@ case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 /* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;
@@ -347,7 +347,7 @@ default:					str="UNKWN "; break;
 	return(str);
 	}
 
-char *SSL_alert_type_string_long(int value)
+const char *SSL_alert_type_string_long(int value)
 	{
 	value>>=8;
 	if (value == SSL3_AL_WARNING)
@@ -358,7 +358,7 @@ char *SSL_alert_type_string_long(int value)
 		return("unknown");
 	}
 
-char *SSL_alert_type_string(int value)
+const char *SSL_alert_type_string(int value)
 	{
 	value>>=8;
 	if (value == SSL3_AL_WARNING)
@@ -369,9 +369,9 @@ char *SSL_alert_type_string(int value)
 		return("U");
 	}
 
-char *SSL_alert_desc_string(int value)
+const char *SSL_alert_desc_string(int value)
 	{
-	char *str;
+	const char *str;
 
 	switch (value & 0xff)
 		{
@@ -404,9 +404,9 @@ char *SSL_alert_desc_string(int value)
 	return(str);
 	}
 
-char *SSL_alert_desc_string_long(int value)
+const char *SSL_alert_desc_string_long(int value)
 	{
-	char *str;
+	const char *str;
 
 	switch (value & 0xff)
 		{
@@ -487,9 +487,9 @@ char *SSL_alert_desc_string_long(int value)
 	return(str);
 	}
 
-char *SSL_rstate_string(SSL *s)
+const char *SSL_rstate_string(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->rstate)
 		{
diff --git a/crypto/openssl/ssl/ssl_task.c b/crypto/openssl/ssl/ssl_task.c
index cac701a..b5ce44b 100644
--- a/crypto/openssl/ssl/ssl_task.c
+++ b/crypto/openssl/ssl/ssl_task.c
@@ -124,7 +124,7 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
 #include <string.h>		/* from ssltest.c */
 #include <errno.h>
 
-#include "openssl/e_os.h"
+#include "e_os.h"
 
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
@@ -258,7 +258,7 @@ int doit(io_channel chan, SSL_CTX *s_ctx )
 {
     int status, length, link_state;
      struct rpc_msg msg;
-	static char cbuf[200],sbuf[200];
+
 	SSL *s_ssl=NULL;
 	BIO *c_to_s=NULL;
 	BIO *s_to_c=NULL;
diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c
index 6e33eec..40b76b1 100644
--- a/crypto/openssl/ssl/ssl_txt.c
+++ b/crypto/openssl/ssl/ssl_txt.c
@@ -60,7 +60,7 @@
 #include <openssl/buffer.h>
 #include "ssl_locl.h"
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
 	{
 	BIO *b;
@@ -139,6 +139,18 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 			{
 			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
 			}
+#ifndef OPENSSL_NO_KRB5
+       if (BIO_puts(bp,"\n    Krb5 Principal: ") <= 0) goto err;
+            if (x->krb5_client_princ_len == 0)
+            {
+		if (BIO_puts(bp,"None") <= 0) goto err;
+		}
+	else
+		for (i=0; i<x->krb5_client_princ_len; i++)
+			{
+			if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
+			}
+#endif /* OPENSSL_NO_KRB5 */
 	if (x->compress_meth != 0)
 		{
 		SSL_COMP *comp;
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index 5f91ed1..4fa9d41 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -55,6 +55,62 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
+				   on Linux and GNU platforms. */
 
 #include <assert.h>
 #include <errno.h>
@@ -64,33 +120,57 @@
 #include <string.h>
 #include <time.h>
 
-#include "openssl/e_os.h"
+#define USE_SOCKETS
+#include "e_os.h"
 
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifdef WINDOWS
+
+#define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly
+				     on Compaq platforms (at least with DEC C).
+				     Do not try to put it earlier, or IPv6 includes
+				     get screwed...
+				  */
+
+#ifdef OPENSSL_SYS_WINDOWS
+#include <winsock.h>
 #include "../crypto/bio/bss_file.c"
+#else
+#include OPENSSL_UNISTD
 #endif
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
 #  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
+#elif defined(OPENSSL_SYS_WINCE)
+#  define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
+#  define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
 #else
 #  define TEST_SERVER_CERT "../apps/server.pem"
 #  define TEST_CLIENT_CERT "../apps/client.pem"
 #endif
 
+/* There is really no standard for this, so let's assign some tentative
+   numbers.  In any case, these numbers are only for this test */
+#define COMP_RLE	1
+#define COMP_ZLIB	2
+
 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 static void free_tmp_rsa(void);
 #endif
-#ifndef NO_DH
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK "Test Callback Argument"
+static char *app_verify_arg = APP_CALLBACK;
+
+#ifndef OPENSSL_NO_DH
 static DH *get_dh512(void);
 static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
@@ -124,18 +204,18 @@ static void sv_usage(void)
 	fprintf(stderr," -reuse        - use session-id reuse\n");
 	fprintf(stderr," -num <val>    - number of connections to perform\n");
 	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
 	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
 	fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 	fprintf(stderr," -ssl3         - use SSLv3\n");
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 	fprintf(stderr," -tls1         - use TLSv1\n");
 #endif
 	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
@@ -148,6 +228,8 @@ static void sv_usage(void)
 	fprintf(stderr," -bio_pair     - Use BIO pairs\n");
 	fprintf(stderr," -f            - Test even cases that can't work\n");
 	fprintf(stderr," -time         - measure processor time used by client and server\n");
+	fprintf(stderr," -zlib         - use zlib compression\n");
+	fprintf(stderr," -time         - use rle compression\n");
 	}
 
 static void print_details(SSL *c_ssl, const char *prefix)
@@ -169,7 +251,7 @@ static void print_details(SSL *c_ssl, const char *prefix)
 			{
 			if (0) 
 				;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
 				&& pkey->pkey.rsa->n != NULL)
 				{
@@ -177,7 +259,7 @@ static void print_details(SSL *c_ssl, const char *prefix)
 					BN_num_bits(pkey->pkey.rsa->n));
 				}
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
 				&& pkey->pkey.dsa->p != NULL)
 				{
@@ -194,6 +276,69 @@ static void print_details(SSL *c_ssl, const char *prefix)
 	BIO_printf(bio_stdout,"\n");
 	}
 
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+	{
+	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+	const char *errstr = NULL;
+	int rw;
+	
+	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+	if (type < 0 || type > CRYPTO_NUM_LOCKS)
+		{
+		errstr = "type out of bounds";
+		goto err;
+		}
+
+	if (mode & CRYPTO_LOCK)
+		{
+		if (modes[type])
+			{
+			errstr = "already locked";
+			/* must not happen in a single-threaded program
+			 * (would deadlock) */
+			goto err;
+			}
+
+		modes[type] = rw;
+		}
+	else if (mode & CRYPTO_UNLOCK)
+		{
+		if (!modes[type])
+			{
+			errstr = "not locked";
+			goto err;
+			}
+		
+		if (modes[type] != rw)
+			{
+			errstr = (rw == CRYPTO_READ) ?
+				"CRYPTO_r_unlock on write lock" :
+				"CRYPTO_w_unlock on read lock";
+			}
+
+		modes[type] = 0;
+		}
+	else
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+ err:
+	if (errstr)
+		{
+		/* we cannot use bio_err here */
+		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+			errstr, mode, type, file, line);
+		}
+	}
+
 int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
@@ -203,6 +348,7 @@ int main(int argc, char *argv[])
 	int tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
+	int app_verify=0;
 	char *server_cert=TEST_SERVER_CERT;
 	char *server_key=NULL;
 	char *client_cert=TEST_CLIENT_CERT;
@@ -213,23 +359,39 @@ int main(int argc, char *argv[])
 	SSL *c_ssl,*s_ssl;
 	int number=1,reuse=0;
 	long bytes=1L;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh;
 	int dhe1024 = 0, dhe1024dsa = 0;
 #endif
 	int no_dhe = 0;
 	int print_time = 0;
 	clock_t s_time = 0, c_time = 0;
+	int comp = 0;
+	COMP_METHOD *cm = NULL;
 
 	verbose = 0;
 	debug = 0;
 	cipher = 0;
-	
+
+	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	
+
+	CRYPTO_set_locking_callback(lock_dbg_cb);
+
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
 	RAND_seed(rnd_seed, sizeof rnd_seed);
 
-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
 
 	argc--;
@@ -247,12 +409,22 @@ int main(int argc, char *argv[])
 			debug=1;
 		else if	(strcmp(*argv,"-reuse") == 0)
 			reuse=1;
-#ifndef NO_DH
 		else if	(strcmp(*argv,"-dhe1024") == 0)
+			{
+#ifndef OPENSSL_NO_DH
 			dhe1024=1;
+#else
+			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+#endif
+			}
 		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+			{
+#ifndef OPENSSL_NO_DH
 			dhe1024dsa=1;
+#else
+			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
 #endif
+			}
 		else if	(strcmp(*argv,"-no_dhe") == 0)
 			no_dhe=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
@@ -333,6 +505,18 @@ int main(int argc, char *argv[])
 			{
 			print_time = 1;
 			}
+		else if	(strcmp(*argv,"-zlib") == 0)
+			{
+			comp = COMP_ZLIB;
+			}
+		else if	(strcmp(*argv,"-rle") == 0)
+			{
+			comp = COMP_RLE;
+			}
+		else if	(strcmp(*argv,"-app_verify") == 0)
+			{
+			app_verify = 1;
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -355,7 +539,7 @@ bad:
 			"the test anyway (and\n-d to see what happens), "
 			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
 			"to avoid protocol mismatch.\n");
-		exit(1);
+		EXIT(1);
 		}
 
 	if (print_time)
@@ -374,7 +558,24 @@ bad:
 	SSL_library_init();
 	SSL_load_error_strings();
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	if (comp == COMP_ZLIB) cm = COMP_zlib();
+	if (comp == COMP_RLE) cm = COMP_rle();
+	if (cm != NULL)
+		{
+		if (cm->type != NID_undef)
+			SSL_COMP_add_compression_method(comp, cm);
+		else
+			{
+			fprintf(stderr,
+				"Warning: %s compression not supported\n",
+				(comp == COMP_RLE ? "rle" :
+					(comp == COMP_ZLIB ? "zlib" :
+						"unknown")));
+			ERR_print_errors_fp(stderr);
+			}
+		}
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	if (ssl2)
 		meth=SSLv2_method();
 	else 
@@ -386,7 +587,7 @@ bad:
 	else
 		meth=SSLv23_method();
 #else
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 	meth=SSLv3_method();
 #else
 	meth=SSLv2_method();
@@ -407,7 +608,7 @@ bad:
 		SSL_CTX_set_cipher_list(s_ctx,cipher);
 		}
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (!no_dhe)
 		{
 		if (dhe1024dsa)
@@ -427,7 +628,7 @@ bad:
 	(void)no_dhe;
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif
 
@@ -467,12 +668,20 @@ bad:
 		SSL_CTX_set_verify(s_ctx,
 			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	if (server_auth)
 		{
 		BIO_printf(bio_err,"server authentication\n");
 		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	
 	{
@@ -483,6 +692,25 @@ bad:
 	c_ssl=SSL_new(c_ctx);
 	s_ssl=SSL_new(s_ctx);
 
+#ifndef OPENSSL_NO_KRB5
+	if (c_ssl  &&  c_ssl->kssl_ctx)
+                {
+                char	localhost[MAXHOSTNAMELEN+2];
+
+		if (gethostname(localhost, sizeof localhost-1) == 0)
+                        {
+			localhost[sizeof localhost-1]='\0';
+			if(strlen(localhost) == sizeof localhost-1)
+				{
+				BIO_printf(bio_err,"localhost name too long\n");
+				goto end;
+				}
+			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+                                localhost);
+			}
+		}
+#endif    /* OPENSSL_NO_KRB5  */
+
 	for (i=0; i<number; i++)
 		{
 		if (!reuse) SSL_set_session(c_ssl,NULL);
@@ -529,9 +757,11 @@ end:
 
 	if (bio_stdout != NULL) BIO_free(bio_stdout);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	free_tmp_rsa();
 #endif
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
 	ERR_remove_state(0);
 	EVP_cleanup();
@@ -620,6 +850,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 			int i, r;
 			clock_t c_clock = clock();
 
+			memset(cbuf, 0, sizeof(cbuf));
+
 			if (debug)
 				if (SSL_in_init(c_ssl))
 					printf("client waiting in SSL_connect - %s\n",
@@ -704,6 +936,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 			int i, r;
 			clock_t s_clock = clock();
 
+			memset(sbuf, 0, sizeof(sbuf));
+
 			if (debug)
 				if (SSL_in_init(s_ssl))
 					printf("server waiting in SSL_accept - %s\n",
@@ -947,6 +1181,9 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
 	int c_write,s_write;
 	int do_server=0,do_client=0;
 
+	memset(cbuf,0,sizeof(cbuf));
+	memset(sbuf,0,sizeof(sbuf));
+
 	c_to_s=BIO_new(BIO_s_mem());
 	s_to_c=BIO_new(BIO_s_mem());
 	if ((s_to_c == NULL) || (c_to_s == NULL))
@@ -1228,7 +1465,8 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char *s,buf[256];
 
-	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
+			    sizeof buf);
 	if (s != NULL)
 		{
 		if (ok)
@@ -1252,7 +1490,26 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	return(ok);
 	}
 
-#ifndef NO_RSA
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+	{
+	char *s = NULL,buf[256];
+	int ok=1;
+
+	fprintf(stderr, "In app_verify_callback, allowing cert. ");
+	fprintf(stderr, "Arg is: %s\n", (char *)arg);
+	fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
+			(unsigned int)ctx, (unsigned int)ctx->cert);
+	if (ctx->cert)
+		s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
+	if (s != NULL)
+		{
+			fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
+		}
+
+	return(ok);
+	}
+
+#ifndef OPENSSL_NO_RSA
 static RSA *rsa_tmp=NULL;
 
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
@@ -1278,14 +1535,14 @@ static void free_tmp_rsa(void)
 	}
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 /* These DH parameters have been generated as follows:
  *    $ openssl dhparam -C -noout 512
  *    $ openssl dhparam -C -noout 1024
  *    $ openssl dhparam -C -noout -dsaparam 1024
  * (The third function has been renamed to avoid name conflicts.)
  */
-DH *get_dh512()
+static DH *get_dh512()
 	{
 	static unsigned char dh512_p[]={
 		0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
@@ -1308,7 +1565,7 @@ DH *get_dh512()
 	return(dh);
 	}
 
-DH *get_dh1024()
+static DH *get_dh1024()
 	{
 	static unsigned char dh1024_p[]={
 		0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
@@ -1336,7 +1593,7 @@ DH *get_dh1024()
 	return(dh);
 	}
 
-DH *get_dh1024dsa()
+static DH *get_dh1024dsa()
 	{
 	static unsigned char dh1024_p[]={
 		0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
diff --git a/crypto/openssl/ssl/t1_clnt.c b/crypto/openssl/ssl/t1_clnt.c
index 9745630..57205fb 100644
--- a/crypto/openssl/ssl/t1_clnt.c
+++ b/crypto/openssl/ssl/t1_clnt.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *tls1_get_client_method(int ver);
 static SSL_METHOD *tls1_get_client_method(int ver)
@@ -79,11 +79,18 @@ SSL_METHOD *TLSv1_client_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
-			sizeof(SSL_METHOD));
-		TLSv1_client_data.ssl_connect=ssl3_connect;
-		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+				sizeof(SSL_METHOD));
+			TLSv1_client_data.ssl_connect=ssl3_connect;
+			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&TLSv1_client_data);
 	}
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index f3ecc5f..271e247 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -110,12 +110,11 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/comp.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#include "ssl_locl.h"
+#include <openssl/md5.h>
 
 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 			int sec_len, unsigned char *seed, int seed_len,
@@ -125,21 +124,25 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 	unsigned int j;
 	HMAC_CTX ctx;
 	HMAC_CTX ctx_tmp;
-	unsigned char A1[HMAC_MAX_MD_CBLOCK];
+	unsigned char A1[EVP_MAX_MD_SIZE];
 	unsigned int A1_len;
 	
 	chunk=EVP_MD_size(md);
 
-	HMAC_Init(&ctx,sec,sec_len,md);
+	HMAC_CTX_init(&ctx);
+	HMAC_CTX_init(&ctx_tmp);
+	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
+	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
 	HMAC_Update(&ctx,seed,seed_len);
 	HMAC_Final(&ctx,A1,&A1_len);
 
 	n=0;
 	for (;;)
 		{
-		HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
+		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
 		HMAC_Update(&ctx,A1,A1_len);
-		memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+		HMAC_Update(&ctx_tmp,A1,A1_len);
 		HMAC_Update(&ctx,seed,seed_len);
 
 		if (olen > chunk)
@@ -156,9 +159,9 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 			break;
 			}
 		}
-	HMAC_cleanup(&ctx);
-	HMAC_cleanup(&ctx_tmp);
-	memset(A1,0,sizeof(A1));
+	HMAC_CTX_cleanup(&ctx);
+	HMAC_CTX_cleanup(&ctx_tmp);
+	OPENSSL_cleanse(A1,sizeof(A1));
 	}
 
 static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@@ -201,6 +204,17 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
 		 s->session->master_key,s->session->master_key_length,
 		 km,tmp,num);
+#ifdef KSSL_DEBUG
+	printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+                s->session->master_key_length);
+	{
+        int i;
+        for (i=0; i < s->session->master_key_length; i++)
+                {
+                printf("%02X", s->session->master_key[i]);
+                }
+        printf("\n");  }
+#endif    /* KSSL_DEBUG */
 	}
 
 int tls1_change_cipher_state(SSL *s, int which)
@@ -219,19 +233,35 @@ int tls1_change_cipher_state(SSL *s, int which)
 	const EVP_CIPHER *c;
 	const SSL_COMP *comp;
 	const EVP_MD *m;
-	int _exp,n,i,j,k,exp_label_len,cl;
+	int is_export,n,i,j,k,exp_label_len,cl;
+	int reuse_dd = 0;
 
-	_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	comp=s->s3->tmp.new_compression;
 	key_block=s->s3->tmp.key_block;
 
+#ifdef KSSL_DEBUG
+	printf("tls1_change_cipher_state(which= %d) w/\n", which);
+	printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
+                comp);
+	printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+	printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+                c->nid,c->block_size,c->key_len,c->iv_len);
+	printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+	{
+        int i;
+        for (i=0; i<s->s3->tmp.key_block_length; i++)
+		printf("%02x", key_block[i]);  printf("\n");
+        }
+#endif	/* KSSL_DEBUG */
+
 	if (which & SSL3_CC_READ)
 		{
-		if ((s->enc_read_ctx == NULL) &&
-			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		if (s->enc_read_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
@@ -259,6 +289,10 @@ int tls1_change_cipher_state(SSL *s, int which)
 		}
 	else
 		{
+		if (s->enc_write_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+			goto err;
 		if ((s->enc_write_ctx == NULL) &&
 			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
 			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
@@ -283,13 +317,15 @@ int tls1_change_cipher_state(SSL *s, int which)
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
 
+	if (reuse_dd)
+		EVP_CIPHER_CTX_cleanup(dd);
 	EVP_CIPHER_CTX_init(dd);
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
 	cl=EVP_CIPHER_key_length(c);
-	j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-		  cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+	               cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
 	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
@@ -317,7 +353,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 
 	if (n > s->s3->tmp.key_block_length)
 		{
-		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
 		goto err2;
 		}
 
@@ -326,7 +362,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
 #endif
-	if (_exp)
+	if (is_export)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
@@ -362,8 +398,18 @@ printf("which = %04X\nmac key=",which);
 		}
 
 	s->session->key_arg_length=0;
+#ifdef KSSL_DEBUG
+	{
+        int i;
+	printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+	printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
+	printf("\n");
+	printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
+	printf("\n");
+	}
+#endif	/* KSSL_DEBUG */
 
-	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
@@ -372,10 +418,10 @@ printf("\niv=");
 printf("\n");
 #endif
 
-	memset(tmp1,0,sizeof(tmp1));
-	memset(tmp2,0,sizeof(tmp1));
-	memset(iv1,0,sizeof(iv1));
-	memset(iv2,0,sizeof(iv2));
+	OPENSSL_cleanse(tmp1,sizeof(tmp1));
+	OPENSSL_cleanse(tmp2,sizeof(tmp1));
+	OPENSSL_cleanse(iv1,sizeof(iv1));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
 	return(1);
 err:
 	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -391,6 +437,10 @@ int tls1_setup_key_block(SSL *s)
 	int num;
 	SSL_COMP *comp;
 
+#ifdef KSSL_DEBUG
+	printf ("tls1_setup_key_block()\n");
+#endif	/* KSSL_DEBUG */
+
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
@@ -426,7 +476,7 @@ printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
 	tls1_generate_key_block(s,p1,p2,num);
-	memset(p2,0,num);
+	OPENSSL_cleanse(p2,num);
 	OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
@@ -445,13 +495,13 @@ printf("\nkey block\n");
 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
 				s->s3->need_empty_fragments = 0;
 			
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
 				s->s3->need_empty_fragments = 0;
 #endif
 			}
 		}
-		
+
 	return(1);
 err:
 	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
@@ -489,6 +539,10 @@ int tls1_enc(SSL *s, int send)
 			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
 		}
 
+#ifdef KSSL_DEBUG
+	printf("tls1_enc(%d)\n", send);
+#endif    /* KSSL_DEBUG */
+
 	if ((s->session == NULL) || (ds == NULL) ||
 		(enc == NULL))
 		{
@@ -519,6 +573,24 @@ int tls1_enc(SSL *s, int send)
 			rec->length+=i;
 			}
 
+#ifdef KSSL_DEBUG
+		{
+                unsigned long ui;
+		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                        ds,rec->data,rec->input,l);
+		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        ds->buf_len, ds->cipher->key_len,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        ds->cipher->iv_len);
+		printf("\t\tIV: ");
+		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+		printf("\n");
+		printf("\trec->input=");
+		for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
+		printf("\n");
+		}
+#endif	/* KSSL_DEBUG */
+
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
@@ -531,6 +603,15 @@ int tls1_enc(SSL *s, int send)
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
+#ifdef KSSL_DEBUG
+		{
+                unsigned long i;
+                printf("\trec->data=");
+		for (i=0; i<l; i++)
+                        printf(" %02x", rec->data[i]);  printf("\n");
+                }
+#endif	/* KSSL_DEBUG */
+
 		if ((bs != 1) && !send)
 			{
 			ii=i=rec->data[l-1]; /* padding_length */
@@ -573,8 +654,10 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 	unsigned int ret;
 	EVP_MD_CTX ctx;
 
-	EVP_MD_CTX_copy(&ctx,in_ctx);
-	EVP_DigestFinal(&ctx,out,&ret);
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+	EVP_DigestFinal_ex(&ctx,out,&ret);
+	EVP_MD_CTX_cleanup(&ctx);
 	return((int)ret);
 	}
 
@@ -590,19 +673,20 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 	memcpy(q,str,slen);
 	q+=slen;
 
-	EVP_MD_CTX_copy(&ctx,in1_ctx);
-	EVP_DigestFinal(&ctx,q,&i);
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+	EVP_DigestFinal_ex(&ctx,q,&i);
 	q+=i;
-	EVP_MD_CTX_copy(&ctx,in2_ctx);
-	EVP_DigestFinal(&ctx,q,&i);
+	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
+	EVP_DigestFinal_ex(&ctx,q,&i);
 	q+=i;
 
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
 		s->session->master_key,s->session->master_key_length,
-		out,buf2,12);
-	memset(&ctx,0,sizeof(EVP_MD_CTX));
+		out,buf2,sizeof buf2);
+	EVP_MD_CTX_cleanup(&ctx);
 
-	return((int)12);
+	return sizeof buf2;
 	}
 
 int tls1_mac(SSL *ssl, unsigned char *md, int send)
@@ -639,11 +723,13 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	buf[4]=rec->length&0xff;
 
 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-	HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
+	HMAC_CTX_init(&hmac);
+	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
 	HMAC_Update(&hmac,seq,8);
 	HMAC_Update(&hmac,buf,5);
 	HMAC_Update(&hmac,rec->input,rec->length);
 	HMAC_Final(&hmac,md,&md_size);
+	HMAC_CTX_cleanup(&hmac);
 
 #ifdef TLS_DEBUG
 printf("sec=");
@@ -674,6 +760,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
 	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
 
+#ifdef KSSL_DEBUG
+	printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+#endif	/* KSSL_DEBUG */
+
 	/* Setup the stuff to munge */
 	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
 		TLS_MD_MASTER_SECRET_CONST_SIZE);
@@ -683,7 +773,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 		s->s3->server_random,SSL3_RANDOM_SIZE);
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,
 		buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-		s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+		s->session->master_key,buff,sizeof buff);
+#ifdef KSSL_DEBUG
+	printf ("tls1_generate_master_secret() complete\n");
+#endif	/* KSSL_DEBUG */
 	return(SSL3_MASTER_SECRET_SIZE);
 	}
 
diff --git a/crypto/openssl/ssl/t1_meth.c b/crypto/openssl/ssl/t1_meth.c
index 9bb36a7..fcc243f 100644
--- a/crypto/openssl/ssl/t1_meth.c
+++ b/crypto/openssl/ssl/t1_meth.c
@@ -76,13 +76,21 @@ SSL_METHOD *TLSv1_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
-			sizeof(SSL_METHOD));
-		TLSv1_data.ssl_connect=ssl3_connect;
-		TLSv1_data.ssl_accept=ssl3_accept;
-		TLSv1_data.get_ssl_method=tls1_get_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+				sizeof(SSL_METHOD));
+			TLSv1_data.ssl_connect=ssl3_connect;
+			TLSv1_data.ssl_accept=ssl3_accept;
+			TLSv1_data.get_ssl_method=tls1_get_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
+	
 	return(&TLSv1_data);
 	}
 
diff --git a/crypto/openssl/ssl/t1_srvr.c b/crypto/openssl/ssl/t1_srvr.c
index 996b7ca..1c1149e 100644
--- a/crypto/openssl/ssl/t1_srvr.c
+++ b/crypto/openssl/ssl/t1_srvr.c
@@ -57,12 +57,12 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *tls1_get_server_method(int ver);
 static SSL_METHOD *tls1_get_server_method(int ver)
@@ -80,11 +80,18 @@ SSL_METHOD *TLSv1_server_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
-			sizeof(SSL_METHOD));
-		TLSv1_server_data.ssl_accept=ssl3_accept;
-		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+				sizeof(SSL_METHOD));
+			TLSv1_server_data.ssl_accept=ssl3_accept;
+			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+			init=0;
+			}
+			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&TLSv1_server_data);
 	}
diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h
index cf92ae0..38838ea 100644
--- a/crypto/openssl/ssl/tls1.h
+++ b/crypto/openssl/ssl/tls1.h
@@ -96,6 +96,22 @@ extern "C" {
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
 
+/* AES ciphersuites from RFC3268 */
+
+#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033
+#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034
+
+#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039
+#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A
+
 /* XXX
  * Inconsistency alert:
  * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -111,6 +127,21 @@ extern "C" {
 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
 
+/* AES ciphersuites from RFC3268 */
+#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
+
+#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
+
 
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
diff --git a/crypto/openssl/test/Makefile.ssl b/crypto/openssl/test/Makefile.ssl
index 3cb1283..58e8cfe 100644
--- a/crypto/openssl/test/Makefile.ssl
+++ b/crypto/openssl/test/Makefile.ssl
@@ -5,14 +5,15 @@
 DIR=		test
 TOP=		..
 CC=		cc
-INCLUDES=	-I../include
+INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKEFILE=	Makefile.ssl
 MAKE=		make -f $(MAKEFILE)
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 PERL=		perl
 
 PEX_LIBS=
@@ -31,6 +32,7 @@ LIBCRYPTO= -L.. -lcrypto
 LIBSSL= -L.. -lssl
 
 BNTEST=		bntest
+ECTEST=		ectest
 EXPTEST=	exptest
 IDEATEST=	ideatest
 SHATEST=	shatest
@@ -53,27 +55,34 @@ DSATEST=	dsatest
 METHTEST=	methtest
 SSLTEST=	ssltest
 RSATEST=	rsa_test
+ENGINETEST=	enginetest
+EVPTEST=	evp_test
 
-EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
+TESTS=		alltests
+
+EXE=	$(BNTEST) $(ECTEST) $(IDEATEST) $(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
 	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
 	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
-	$(RANDTEST) $(DHTEST) \
-	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
+	$(RANDTEST) $(DHTEST) $(ENGINETEST) \
+	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST) \
+	$(EVPTEST)
 
 # $(METHTEST)
 
-OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
+OBJ=	$(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
 	$(HMACTEST).o \
 	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
 	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
-	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
-	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
-SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+	$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
+	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
+	$(EVPTEST).o
+SRC=	$(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
 	$(HMACTEST).c \
 	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
 	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
-	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
-	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
+	$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
+	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
+	$(EVPTEST).c
 
 EXHEADER= 
 HEADER=	$(EXHEADER)
@@ -85,7 +94,7 @@ top:
 
 all:	exe
 
-exe:	$(EXE)
+exe:	$(EXE) dummytest
 
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
@@ -93,6 +102,10 @@ files:
 links:
 	@@$(TOP)/util/point.sh Makefile.ssl Makefile
 
+generate: $(SRC)
+$(SRC):
+	@$(TOP)/util/point.sh dummytest.c $@
+
 errors:
 
 install:
@@ -100,315 +113,646 @@ install:
 tags:
 	ctags $(SRC)
 
-tests:	exe apps \
+tests:	exe apps $(TESTS)
+
+apps:
+	@(cd ..; $(MAKE) DIRS=apps all)
+
+SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="$$LIBPATH\;$$PATH";  \
+		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+
+alltests: \
 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
 	test_md2 test_mdc2 \
-	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
-	test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
+	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
+	test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
 	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-	test_ss test_ca test_ssl
+	test_ss test_ca test_engine test_evp test_ssl
 
-apps:
-	@(cd ../apps; $(MAKE)  CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
+test_evp:
+	$(SET_SO_PATHS); ./$(EVPTEST) evptests.txt
 
 test_des:
-	./$(DESTEST)
+	$(SET_SO_PATHS); ./$(DESTEST)
 
 test_idea:
-	./$(IDEATEST)
+	$(SET_SO_PATHS); ./$(IDEATEST)
 
 test_sha:
-	./$(SHATEST)
-	./$(SHA1TEST)
+	$(SET_SO_PATHS); ./$(SHATEST)
+	$(SET_SO_PATHS); ./$(SHA1TEST)
 
 test_mdc2:
-	./$(MDC2TEST)
+	$(SET_SO_PATHS); ./$(MDC2TEST)
 
 test_md5:
-	./$(MD5TEST)
+	$(SET_SO_PATHS); ./$(MD5TEST)
 
 test_md4:
-	./$(MD4TEST)
+	$(SET_SO_PATHS); ./$(MD4TEST)
 
 test_hmac:
-	./$(HMACTEST)
+	$(SET_SO_PATHS); ./$(HMACTEST)
 
 test_md2:
-	./$(MD2TEST)
+	$(SET_SO_PATHS); ./$(MD2TEST)
 
 test_rmd:
-	./$(RMDTEST)
+	$(SET_SO_PATHS); ./$(RMDTEST)
 
 test_bf:
-	./$(BFTEST)
+	$(SET_SO_PATHS); ./$(BFTEST)
 
 test_cast:
-	./$(CASTTEST)
+	$(SET_SO_PATHS); ./$(CASTTEST)
 
 test_rc2:
-	./$(RC2TEST)
+	$(SET_SO_PATHS); ./$(RC2TEST)
 
 test_rc4:
-	./$(RC4TEST)
+	$(SET_SO_PATHS); ./$(RC4TEST)
 
 test_rc5:
-	./$(RC5TEST)
+	$(SET_SO_PATHS); ./$(RC5TEST)
 
 test_rand:
-	./$(RANDTEST)
+	$(SET_SO_PATHS); ./$(RANDTEST)
 
 test_enc:
-	@sh ./testenc
+	@$(SET_SO_PATHS); sh ./testenc
 
 test_x509:
 	echo test normal x509v1 certificate
-	sh ./tx509 2>/dev/null
+	$(SET_SO_PATHS); sh ./tx509 2>/dev/null
 	echo test first x509v3 certificate
-	sh ./tx509 v3-cert1.pem 2>/dev/null
+	$(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null
 	echo test second x509v3 certificate
-	sh ./tx509 v3-cert2.pem 2>/dev/null
+	$(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null
 
 test_rsa:
-	@sh ./trsa 2>/dev/null
-	./$(RSATEST)
+	@$(SET_SO_PATHS); sh ./trsa 2>/dev/null
+	$(SET_SO_PATHS); ./$(RSATEST)
 
 test_crl:
-	@sh ./tcrl 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tcrl 2>/dev/null
 
 test_sid:
-	@sh ./tsid 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tsid 2>/dev/null
 
 test_req:
-	@sh ./treq 2>/dev/null
-	@sh ./treq testreq2.pem 2>/dev/null
+	@$(SET_SO_PATHS); sh ./treq 2>/dev/null
+	@$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null
 
 test_pkcs7:
-	@sh ./tpkcs7 2>/dev/null
-	@sh ./tpkcs7d 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null
 
 test_bn:
 	@echo starting big number library test, could take a while...
-	@./$(BNTEST) >tmp.bntest
+	@$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest
 	@echo quit >>tmp.bntest
 	@echo "running bc"
 	@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
 	@echo 'test a^b%c implementations'
-	./$(EXPTEST)
+	$(SET_SO_PATHS); ./$(EXPTEST)
+
+test_ec:
+	@echo 'test elliptic curves'
+	$(SET_SO_PATHS); ./$(ECTEST)
 
 test_verify:
 	@echo "The following command should have some OK's and some failures"
 	@echo "There are definitly a few expired certificates"
-	../apps/openssl verify -CApath ../certs ../certs/*.pem
+	-$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem
 
 test_dh:
 	@echo "Generate a set of DH parameters"
-	./$(DHTEST)
+	$(SET_SO_PATHS); ./$(DHTEST)
 
 test_dsa:
 	@echo "Generate a set of DSA parameters"
-	./$(DSATEST)
-	./$(DSATEST) -app2_1
+	$(SET_SO_PATHS); ./$(DSATEST)
+	$(SET_SO_PATHS); ./$(DSATEST) -app2_1
 
 test_gen:
 	@echo "Generate and verify a certificate request"
-	@sh ./testgen
+	@$(SET_SO_PATHS); sh ./testgen
 
 test_ss keyU.ss certU.ss certCA.ss: testss
 	@echo "Generate and certify a test certificate"
-	@sh ./testss
+	@$(SET_SO_PATHS); sh ./testss
+
+test_engine: 
+	@echo "Manipulate the ENGINE structures"
+	$(SET_SO_PATHS); ./$(ENGINETEST)
 
 test_ssl: keyU.ss certU.ss certCA.ss
 	@echo "test SSL protocol"
-	@sh ./testssl keyU.ss certU.ss certCA.ss
+	@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
 
 test_ca:
-	@if ../apps/openssl no-rsa; then \
+	@$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
 	  echo "skipping CA.sh test -- requires RSA"; \
 	else \
 	  echo "Generate and certify a test certificate via the 'ca' program"; \
 	  sh ./testca; \
  	fi
 
+test_rd: #$(RDTEST)
+#	@echo "test Rijndael"
+#	$(SET_SO_PATHS); ./$(RDTEST)
+
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log
 
 $(DLIBSSL):
-	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+	(cd ..; $(MAKE) DIRS=ssl all)
 
 $(DLIBCRYPTO):
-	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+	(cd ..; $(MAKE) DIRS=crypto all)
 
 $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(ECTEST): $(ECTEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+	
+#$(RDTEST).o: $(RDTEST).c
+#	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
+
+#$(RDTEST): $(RDTEST).o $(DLIBCRYPTO)
+#	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+#	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+#	else \
+#	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+#	fi
+
+dummytest: dummytest.o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-bftest.o: ../include/openssl/blowfish.h
-bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-bntest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+bftest.o: ../include/openssl/opensslconf.h bftest.c
+bntest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+bntest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+bntest.o: ../include/openssl/des.h ../include/openssl/des_old.h
 bntest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-bntest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-bntest.o: ../include/openssl/err.h ../include/openssl/evp.h
-bntest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-bntest.o: ../include/openssl/md2.h ../include/openssl/md4.h
-bntest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bntest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bntest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+bntest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-bntest.o: ../include/openssl/x509_vfy.h
-casttest.o: ../include/openssl/cast.h
-destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
-destest.o: ../include/openssl/opensslconf.h
-dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+bntest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h bntest.c
+casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+casttest.o: ../include/openssl/opensslconf.h casttest.c
+destest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+destest.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+destest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+destest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+destest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+destest.o: ../include/openssl/ui_compat.h destest.c
+dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
 dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
-dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
-dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-dsatest.o: ../include/openssl/symhacks.h
-exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
-exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c
+dsatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+dsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsatest.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+dsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsatest.o: ../include/openssl/ui.h dsatest.c
+ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ectest.o: ../include/openssl/engine.h ../include/openssl/err.h
+ectest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enginetest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+enginetest.o: enginetest.c
+evp_test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+evp_test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+evp_test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+evp_test.o: ../include/openssl/des.h ../include/openssl/des_old.h
+evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+evp_test.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+evp_test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+evp_test.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+evp_test.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+evp_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+evp_test.o: ../include/openssl/ui_compat.h evp_test.c
+exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
 exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-exptest.o: ../include/openssl/symhacks.h
-hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
-hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+exptest.o: ../include/openssl/symhacks.h exptest.c
+hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+hmactest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+hmactest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
 hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
 hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
 hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
-hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
-md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
-md4test.o: ../include/openssl/md4.h
-md5test.o: ../include/openssl/md5.h
-mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
-mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
-randtest.o: ../include/openssl/rand.h
-rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
-rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
-rc5test.o: ../include/openssl/rc5.h
-rmdtest.o: ../include/openssl/ripemd.h
-rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
-rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+hmactest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+hmactest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+hmactest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+hmactest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+hmactest.o: ../include/openssl/ui_compat.h hmactest.c
+ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+ideatest.o: ../include/openssl/opensslconf.h ideatest.c
+md2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md2test.c
+md4test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md4test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md4test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md4test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md4test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md4test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md4test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md4test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md4test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md4test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md4test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md4test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md4test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md4test.c
+md5test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md5test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md5test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md5test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md5test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md5test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md5test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md5test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md5test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md5test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md5test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md5test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md5test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md5test.c
+mdc2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+mdc2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+mdc2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+mdc2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+mdc2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+mdc2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+mdc2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+mdc2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+mdc2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+mdc2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c
+randtest.o: ../e_os.h ../include/openssl/e_os2.h
+randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
+randtest.o: ../include/openssl/rand.h randtest.c
+rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
+rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h rc4test.c
+rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h rc5test.c
+rmdtest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rmdtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rmdtest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+rmdtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rmdtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rmdtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rmdtest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rmdtest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+rmdtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rmdtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rmdtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rmdtest.c
+rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsa_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+rsa_test.o: ../include/openssl/err.h ../include/openssl/lhash.h
+rsa_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa_test.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
 rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-sha1test.o: ../include/openssl/sha.h
-shatest.o: ../include/openssl/sha.h
-ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssltest.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssltest.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssltest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa_test.o: ../include/openssl/ui.h rsa_test.c
+sha1test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sha1test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sha1test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+sha1test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sha1test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+sha1test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+sha1test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sha1test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+sha1test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+sha1test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sha1test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sha1test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h sha1test.c
+shatest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+shatest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+shatest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+shatest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+shatest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+shatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h shatest.c
+ssltest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssltest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssltest.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssltest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
 ssltest.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssltest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssltest.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssltest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssltest.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssltest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssltest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssltest.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
@@ -417,5 +761,6 @@ ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssltest.o: ../include/openssl/x509_vfy.h
+ssltest.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssltest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssltest.o: ../include/openssl/x509_vfy.h ssltest.c
diff --git a/crypto/openssl/test/dummytest.c b/crypto/openssl/test/dummytest.c
new file mode 100644
index 0000000..5b4467e
--- /dev/null
+++ b/crypto/openssl/test/dummytest.c
@@ -0,0 +1,48 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+
+int main(int argc, char *argv[])
+	{
+	char *p, *q = 0, *program;
+
+	p = strrchr(argv[0], '/');
+	if (!p) p = strrchr(argv[0], '\\');
+#ifdef OPENSSL_SYS_VMS
+	if (!p) p = strrchr(argv[0], ']');
+	if (p) q = strrchr(p, '>');
+	if (q) p = q;
+	if (!p) p = strrchr(argv[0], ':');
+	q = 0;
+#endif
+	if (p) p++;
+	if (!p) p = argv[0];
+	if (p) q = strchr(p, '.');
+	if (p && !q) q = p + strlen(p);
+
+	if (!p)
+		program = BUF_strdup("(unknown)");
+	else
+		{
+		program = OPENSSL_malloc((q - p) + 1);
+		strncpy(program, p, q - p);
+		program[q - p] = '\0';
+		}
+
+	for(p = program; *p; p++)
+		if (islower((unsigned char)(*p)))
+			*p = toupper((unsigned char)(*p));
+
+	q = strstr(program, "TEST");
+	if (q > p && q[-1] == '_') q--;
+	*q = '\0';
+
+	printf("No %s support\n", program);
+
+	OPENSSL_free(program);
+	return(0);
+	}
diff --git a/crypto/openssl/test/methtest.c b/crypto/openssl/test/methtest.c
index 06ccb3b..005c2f4 100644
--- a/crypto/openssl/test/methtest.c
+++ b/crypto/openssl/test/methtest.c
@@ -96,10 +96,10 @@ char *argv[];
 	METH_init(top);
 	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
 	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	exit(1);
+	EXIT(1);
 	return(0);
 	}
diff --git a/crypto/openssl/test/tcrl b/crypto/openssl/test/tcrl
index acaf8f3..f71ef7a 100644
--- a/crypto/openssl/test/tcrl
+++ b/crypto/openssl/test/tcrl
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 cmd='../apps/openssl crl'
diff --git a/crypto/openssl/test/testca b/crypto/openssl/test/testca
index 88c186b..8215ebb 100644
--- a/crypto/openssl/test/testca
+++ b/crypto/openssl/test/testca
@@ -1,7 +1,11 @@
 #!/bin/sh
 
 SH="/bin/sh"
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=./apps\;../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export SH PATH
 
 SSLEAY_CONFIG="-config CAss.cnf"
diff --git a/crypto/openssl/test/testgen b/crypto/openssl/test/testgen
index 6a4b6b9..55c496f 100644
--- a/crypto/openssl/test/testgen
+++ b/crypto/openssl/test/testgen
@@ -6,7 +6,11 @@ CA=../certs/testca.pem
 
 /bin/rm -f $T.1 $T.2 $T.key
 
-PATH=../apps:$PATH;
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH;
+else
+    PATH=../apps:$PATH;
+fi
 export PATH
 
 echo "generating certificate request"
diff --git a/crypto/openssl/test/testssl b/crypto/openssl/test/testssl
index 2151a64..ca8e718 100644
--- a/crypto/openssl/test/testssl
+++ b/crypto/openssl/test/testssl
@@ -24,105 +24,122 @@ else
   CA="-CAfile $3"
 fi
 
+if [ "$4" = "" ]; then
+  extra=""
+else
+  extra="$4"
+fi
+
 #############################################################################
 
 echo test sslv2
-$ssltest -ssl2 || exit 1
+$ssltest -ssl2 $extra || exit 1
 
 echo test sslv2 with server authentication
-$ssltest -ssl2 -server_auth $CA || exit 1
+$ssltest -ssl2 -server_auth $CA $extra || exit 1
 
 if [ $dsa_cert = NO ]; then
   echo test sslv2 with client authentication
-  $ssltest -ssl2 -client_auth $CA || exit 1
+  $ssltest -ssl2 -client_auth $CA $extra || exit 1
 
   echo test sslv2 with both client and server authentication
-  $ssltest -ssl2 -server_auth -client_auth $CA || exit 1
+  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
 fi
 
 echo test sslv3
-$ssltest -ssl3 || exit 1
+$ssltest -ssl3 $extra || exit 1
 
 echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA || exit 1
+$ssltest -ssl3 -server_auth $CA $extra || exit 1
 
 echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA || exit 1
+$ssltest -ssl3 -client_auth $CA $extra || exit 1
 
 echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA || exit 1
+$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3
-$ssltest || exit 1
+$ssltest $extra || exit 1
 
 echo test sslv2/sslv3 with server authentication
-$ssltest -server_auth $CA || exit 1
+$ssltest -server_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 with client authentication
-$ssltest -client_auth $CA || exit 1
+$ssltest -client_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 with both client and server authentication
-$ssltest -server_auth -client_auth $CA || exit 1
+$ssltest -server_auth -client_auth $CA $extra || exit 1
 
 echo test sslv2 via BIO pair
-$ssltest -bio_pair -ssl2 || exit 1
+$ssltest -bio_pair -ssl2 $extra || exit 1
 
 echo test sslv2 with server authentication via BIO pair
-$ssltest -bio_pair -ssl2 -server_auth $CA || exit 1
+$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
 
 if [ $dsa_cert = NO ]; then
   echo test sslv2 with client authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -client_auth $CA || exit 1
+  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
 
   echo test sslv2 with both client and server authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA || exit 1
+  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
 fi
 
 echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 || exit 1
+$ssltest -bio_pair -ssl3 $extra || exit 1
 
 echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA || exit 1
+$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
 
 echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA || exit 1
+$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
 
 echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA || exit 1
+$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 via BIO pair
-$ssltest || exit 1
+$ssltest $extra || exit 1
 
 if [ $dsa_cert = NO ]; then
   echo test sslv2/sslv3 w/o DHE via BIO pair
-  $ssltest -bio_pair -no_dhe || exit 1
+  $ssltest -bio_pair -no_dhe $extra || exit 1
 fi
 
 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v || exit 1
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
 
 echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA || exit 1
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA || exit 1
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA || exit 1
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
 #############################################################################
 
-echo test tls1 with 1024bit anonymous DH, multiple handshakes
-$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+if ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
 
 if ../apps/openssl no-rsa; then
   echo skipping RSA tests
 else
   echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
-
-  echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+
+  if ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
 fi
 
 exit 0
diff --git a/crypto/openssl/test/tpkcs7 b/crypto/openssl/test/tpkcs7
index 15bbba4..cf3bd9f 100644
--- a/crypto/openssl/test/tpkcs7
+++ b/crypto/openssl/test/tpkcs7
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 cmd='../apps/openssl pkcs7'
diff --git a/crypto/openssl/test/tpkcs7d b/crypto/openssl/test/tpkcs7d
index 46e5aa2..18f9311 100644
--- a/crypto/openssl/test/tpkcs7d
+++ b/crypto/openssl/test/tpkcs7d
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 cmd='../apps/openssl pkcs7'
diff --git a/crypto/openssl/test/treq b/crypto/openssl/test/treq
index 9f5eb7e..47a8273 100644
--- a/crypto/openssl/test/treq
+++ b/crypto/openssl/test/treq
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 cmd='../apps/openssl req -config ../apps/openssl.cnf'
diff --git a/crypto/openssl/test/trsa b/crypto/openssl/test/trsa
index bd6c076..413e2ec 100644
--- a/crypto/openssl/test/trsa
+++ b/crypto/openssl/test/trsa
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 if ../apps/openssl no-rsa; then
diff --git a/crypto/openssl/test/tsid b/crypto/openssl/test/tsid
index 9e08545..40a1dfa 100644
--- a/crypto/openssl/test/tsid
+++ b/crypto/openssl/test/tsid
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 cmd='../apps/openssl sess_id'
diff --git a/crypto/openssl/test/tx509 b/crypto/openssl/test/tx509
index 35169f3..d380963 100644
--- a/crypto/openssl/test/tx509
+++ b/crypto/openssl/test/tx509
@@ -1,6 +1,10 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
 cmd='../apps/openssl x509'
diff --git a/crypto/openssl/tools/Makefile.ssl b/crypto/openssl/tools/Makefile.ssl
index 7e6285b..bf0cd29 100644
--- a/crypto/openssl/tools/Makefile.ssl
+++ b/crypto/openssl/tools/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	tools
 TOP=	..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 
 CFLAGS= $(INCLUDES) $(CFLAG)
@@ -26,13 +27,15 @@ all:
 install:
 	@for i in $(APPS) ; \
 	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	done;
 	@for i in $(MISC_APPS) ; \
 	do  \
-	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
-	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+	mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	done;
 
 files:
diff --git a/crypto/openssl/tools/c_rehash b/crypto/openssl/tools/c_rehash
index 049bb3f..3e9ba1e 100644
--- a/crypto/openssl/tools/c_rehash
+++ b/crypto/openssl/tools/c_rehash
@@ -17,10 +17,10 @@ if(defined $ENV{OPENSSL}) {
 
 $ENV{PATH} .= ":$dir/bin";
 
-if(! -f $openssl) {
+if(! -x $openssl) {
 	my $found = 0;
 	foreach (split /:/, $ENV{PATH}) {
-		if(-f "$_/$openssl") {
+		if(-x "$_/$openssl") {
 			$found = 1;
 			last;
 		}	
@@ -100,7 +100,8 @@ sub check_file {
 
 sub link_hash_cert {
 		my $fname = $_[0];
-		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
@@ -130,7 +131,8 @@ sub link_hash_cert {
 
 sub link_hash_crl {
 		my $fname = $_[0];
-		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
diff --git a/crypto/openssl/tools/c_rehash.in b/crypto/openssl/tools/c_rehash.in
index 26db899..4497cbd 100644
--- a/crypto/openssl/tools/c_rehash.in
+++ b/crypto/openssl/tools/c_rehash.in
@@ -17,10 +17,10 @@ if(defined $ENV{OPENSSL}) {
 
 $ENV{PATH} .= ":$dir/bin";
 
-if(! -f $openssl) {
+if(! -x $openssl) {
 	my $found = 0;
 	foreach (split /:/, $ENV{PATH}) {
-		if(-f "$_/$openssl") {
+		if(-x "$_/$openssl") {
 			$found = 1;
 			last;
 		}	
@@ -100,7 +100,8 @@ sub check_file {
 
 sub link_hash_cert {
 		my $fname = $_[0];
-		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
@@ -130,7 +131,8 @@ sub link_hash_cert {
 
 sub link_hash_crl {
 		my $fname = $_[0];
-		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
diff --git a/crypto/openssl/util/clean-depend.pl b/crypto/openssl/util/clean-depend.pl
index 0193e72..6c485d1 100755
--- a/crypto/openssl/util/clean-depend.pl
+++ b/crypto/openssl/util/clean-depend.pl
@@ -11,20 +11,36 @@ while(<STDIN>) {
 
 my %files;
 
+my $thisfile="";
 while(<STDIN>) {
-    my ($file,$deps)=/^(.*): (.*)$/;
+    my ($dummy, $file,$deps)=/^((.*):)? (.*)$/;
+    my $origfile="";
+    $thisfile=$file if defined $file;
     next if !defined $deps;
+    $origfile=$thisfile;
+    $origfile=~s/\.o$/.c/;
     my @deps=split ' ',$deps;
     @deps=grep(!/^\//,@deps);
     @deps=grep(!/^\\$/,@deps);
-    push @{$files{$file}},@deps;
+    @deps=grep(!/^$origfile$/,@deps);
+# pull out the kludged kerberos header (if present).
+    @deps=grep(!/^[.\/]+\/krb5.h/,@deps);
+    push @{$files{$thisfile}},@deps;
 }
 
 my $file;
 foreach $file (sort keys %files) {
     my $len=0;
     my $dep;
+    my $origfile=$file;
+    $origfile=~s/\.o$/.c/;
+    $file=~s/^\.\///;
+    push @{$files{$file}},$origfile;
+    my $prevdep="";
     foreach $dep (sort @{$files{$file}}) {
+	$dep=~s/^\.\///;
+	next if $prevdep eq $dep; # to exterminate duplicates...
+	$prevdep = $dep;
 	$len=0 if $len+length($dep)+1 >= 80;
 	if($len == 0) {
 	    print "\n$file:";
diff --git a/crypto/openssl/util/domd b/crypto/openssl/util/domd
index 51c59bd..49310bb 100755
--- a/crypto/openssl/util/domd
+++ b/crypto/openssl/util/domd
@@ -4,8 +4,31 @@
 
 TOP=$1
 shift
+if [ "$1" = "-MD" ]; then
+    shift
+    MAKEDEPEND=$1
+    shift
+fi
+if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
 
 cp Makefile.ssl Makefile.save
-makedepend -f Makefile.ssl $@
-${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+# fake the presence of Kerberos
+touch $TOP/krb5.h
+if [ "$MAKEDEPEND" = "gcc" ]; then
+    args=""
+    while [ $# -gt 0 ]; do
+	if [ "$1" != "--" ]; then args="$args $1"; fi
+	shift
+    done
+    sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp
+    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+    gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    rm -f Makefile.tmp
+else
+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@
+    ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+fi
 mv Makefile.new Makefile.ssl
+# unfake the presence of Kerberos
+rm $TOP/krb5.h
diff --git a/crypto/openssl/util/extract-names.pl b/crypto/openssl/util/extract-names.pl
new file mode 100644
index 0000000..d413a04
--- /dev/null
+++ b/crypto/openssl/util/extract-names.pl
@@ -0,0 +1,22 @@
+#!/usr/bin/perl
+
+$/ = "";			# Eat a paragraph at once.
+while(<STDIN>) {
+    chop;
+    s/\n/ /gm;
+    if (/^=head1 /) {
+	$name = 0;
+    } elsif ($name) {
+	if (/ - /) {
+	    s/ - .*//;
+	    s/[ \t,]+/ /g;
+	    push @words, split ' ';
+	}
+    }
+    if (/^=head1 *NAME *$/) {
+	$name = 1;
+    }
+}
+
+print join("\n", @words),"\n";
+
diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num
index ef6573c..81f5d31 100755
--- a/crypto/openssl/util/libeay.num
+++ b/crypto/openssl/util/libeay.num
@@ -15,28 +15,28 @@ ASN1_STRING_cmp                         14	EXIST::FUNCTION:
 ASN1_STRING_dup                         15	EXIST::FUNCTION:
 ASN1_STRING_free                        16	EXIST::FUNCTION:
 ASN1_STRING_new                         17	EXIST::FUNCTION:
-ASN1_STRING_print                       18	EXIST::FUNCTION:
+ASN1_STRING_print                       18	EXIST::FUNCTION:BIO
 ASN1_STRING_set                         19	EXIST::FUNCTION:
 ASN1_STRING_type_new                    20	EXIST::FUNCTION:
 ASN1_TYPE_free                          21	EXIST::FUNCTION:
 ASN1_TYPE_new                           22	EXIST::FUNCTION:
 ASN1_UNIVERSALSTRING_to_string          23	EXIST::FUNCTION:
 ASN1_UTCTIME_check                      24	EXIST::FUNCTION:
-ASN1_UTCTIME_print                      25	EXIST::FUNCTION:
+ASN1_UTCTIME_print                      25	EXIST::FUNCTION:BIO
 ASN1_UTCTIME_set                        26	EXIST::FUNCTION:
 ASN1_check_infinite_end                 27	EXIST::FUNCTION:
-ASN1_d2i_bio                            28	EXIST::FUNCTION:
+ASN1_d2i_bio                            28	EXIST::FUNCTION:BIO
 ASN1_d2i_fp                             29	EXIST::FUNCTION:FP_API
-ASN1_digest                             30	EXIST::FUNCTION:
+ASN1_digest                             30	EXIST::FUNCTION:EVP
 ASN1_dup                                31	EXIST::FUNCTION:
 ASN1_get_object                         32	EXIST::FUNCTION:
-ASN1_i2d_bio                            33	EXIST::FUNCTION:
+ASN1_i2d_bio                            33	EXIST::FUNCTION:BIO
 ASN1_i2d_fp                             34	EXIST::FUNCTION:FP_API
 ASN1_object_size                        35	EXIST::FUNCTION:
-ASN1_parse                              36	EXIST::FUNCTION:
+ASN1_parse                              36	EXIST::FUNCTION:BIO
 ASN1_put_object                         37	EXIST::FUNCTION:
-ASN1_sign                               38	EXIST::FUNCTION:
-ASN1_verify                             39	EXIST::FUNCTION:
+ASN1_sign                               38	EXIST::FUNCTION:EVP
+ASN1_verify                             39	EXIST::FUNCTION:EVP
 BF_cbc_encrypt                          40	EXIST::FUNCTION:BF
 BF_cfb64_encrypt                        41	EXIST::FUNCTION:BF
 BF_ecb_encrypt                          42	EXIST::FUNCTION:BF
@@ -52,10 +52,10 @@ BIO_int_ctrl                            53	EXIST::FUNCTION:
 BIO_debug_callback                      54	EXIST::FUNCTION:
 BIO_dump                                55	EXIST::FUNCTION:
 BIO_dup_chain                           56	EXIST::FUNCTION:
-BIO_f_base64                            57	EXIST::FUNCTION:
+BIO_f_base64                            57	EXIST::FUNCTION:BIO
 BIO_f_buffer                            58	EXIST::FUNCTION:
-BIO_f_cipher                            59	EXIST::FUNCTION:
-BIO_f_md                                60	EXIST::FUNCTION:
+BIO_f_cipher                            59	EXIST::FUNCTION:BIO
+BIO_f_md                                60	EXIST::FUNCTION:BIO
 BIO_f_null                              61	EXIST::FUNCTION:
 BIO_f_proxy_server                      62	NOEXIST::FUNCTION:
 BIO_fd_non_fatal_error                  63	EXIST::FUNCTION:
@@ -92,7 +92,7 @@ BIO_s_null                              96	EXIST::FUNCTION:
 BIO_s_proxy_client                      97	NOEXIST::FUNCTION:
 BIO_s_socket                            98	EXIST::FUNCTION:
 BIO_set                                 100	EXIST::FUNCTION:
-BIO_set_cipher                          101	EXIST::FUNCTION:
+BIO_set_cipher                          101	EXIST::FUNCTION:BIO
 BIO_set_tcp_ndelay                      102	EXIST::FUNCTION:
 BIO_sock_cleanup                        103	EXIST::FUNCTION:
 BIO_sock_error                          104	EXIST::FUNCTION:
@@ -130,7 +130,7 @@ BN_is_prime                             135	EXIST::FUNCTION:
 BN_lshift                               136	EXIST::FUNCTION:
 BN_lshift1                              137	EXIST::FUNCTION:
 BN_mask_bits                            138	EXIST::FUNCTION:
-BN_mod                                  139	EXIST::FUNCTION:
+BN_mod                                  139	NOEXIST::FUNCTION:
 BN_mod_exp                              140	EXIST::FUNCTION:
 BN_mod_exp_mont                         141	EXIST::FUNCTION:
 BN_mod_exp_simple                       143	EXIST::FUNCTION:
@@ -196,30 +196,30 @@ DH_generate_key                         203	EXIST::FUNCTION:DH
 DH_generate_parameters                  204	EXIST::FUNCTION:DH
 DH_new                                  205	EXIST::FUNCTION:DH
 DH_size                                 206	EXIST::FUNCTION:DH
-DHparams_print                          207	EXIST::FUNCTION:DH
-DHparams_print_fp                       208	EXIST::FUNCTION:FP_API,DH
+DHparams_print                          207	EXIST::FUNCTION:BIO,DH
+DHparams_print_fp                       208	EXIST::FUNCTION:DH,FP_API
 DSA_free                                209	EXIST::FUNCTION:DSA
 DSA_generate_key                        210	EXIST::FUNCTION:DSA
 DSA_generate_parameters                 211	EXIST::FUNCTION:DSA
 DSA_is_prime                            212	NOEXIST::FUNCTION:
 DSA_new                                 213	EXIST::FUNCTION:DSA
-DSA_print                               214	EXIST::FUNCTION:DSA
+DSA_print                               214	EXIST::FUNCTION:BIO,DSA
 DSA_print_fp                            215	EXIST::FUNCTION:DSA,FP_API
 DSA_sign                                216	EXIST::FUNCTION:DSA
 DSA_sign_setup                          217	EXIST::FUNCTION:DSA
 DSA_size                                218	EXIST::FUNCTION:DSA
 DSA_verify                              219	EXIST::FUNCTION:DSA
-DSAparams_print                         220	EXIST::FUNCTION:DSA
+DSAparams_print                         220	EXIST::FUNCTION:BIO,DSA
 DSAparams_print_fp                      221	EXIST::FUNCTION:DSA,FP_API
 ERR_clear_error                         222	EXIST::FUNCTION:
 ERR_error_string                        223	EXIST::FUNCTION:
 ERR_free_strings                        224	EXIST::FUNCTION:
 ERR_func_error_string                   225	EXIST::FUNCTION:
-ERR_get_err_state_table                 226	EXIST::FUNCTION:
+ERR_get_err_state_table                 226	EXIST::FUNCTION:LHASH
 ERR_get_error                           227	EXIST::FUNCTION:
 ERR_get_error_line                      228	EXIST::FUNCTION:
 ERR_get_state                           229	EXIST::FUNCTION:
-ERR_get_string_table                    230	EXIST::FUNCTION:
+ERR_get_string_table                    230	EXIST::FUNCTION:LHASH
 ERR_lib_error_string                    231	EXIST::FUNCTION:
 ERR_load_ASN1_strings                   232	EXIST::FUNCTION:
 ERR_load_BIO_strings                    233	EXIST::FUNCTION:
@@ -239,7 +239,7 @@ ERR_load_crypto_strings                 246	EXIST::FUNCTION:
 ERR_load_strings                        247	EXIST::FUNCTION:
 ERR_peek_error                          248	EXIST::FUNCTION:
 ERR_peek_error_line                     249	EXIST::FUNCTION:
-ERR_print_errors                        250	EXIST::FUNCTION:
+ERR_print_errors                        250	EXIST::FUNCTION:BIO
 ERR_print_errors_fp                     251	EXIST::FUNCTION:FP_API
 ERR_put_error                           252	EXIST::FUNCTION:
 ERR_reason_error_string                 253	EXIST::FUNCTION:
@@ -301,8 +301,8 @@ EVP_des_ede_cfb                         308	EXIST::FUNCTION:DES
 EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
 EVP_des_ofb                             310	EXIST::FUNCTION:DES
 EVP_desx_cbc                            311	EXIST::FUNCTION:DES
-EVP_dss                                 312	EXIST::FUNCTION:SHA,DSA
-EVP_dss1                                313	EXIST::FUNCTION:SHA,DSA
+EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
 EVP_enc_null                            314	EXIST::FUNCTION:
 EVP_get_cipherbyname                    315	EXIST::FUNCTION:
 EVP_get_digestbyname                    316	EXIST::FUNCTION:
@@ -340,8 +340,8 @@ NETSCAPE_SPKAC_free                     347	EXIST::FUNCTION:
 NETSCAPE_SPKAC_new                      348	EXIST::FUNCTION:
 NETSCAPE_SPKI_free                      349	EXIST::FUNCTION:
 NETSCAPE_SPKI_new                       350	EXIST::FUNCTION:
-NETSCAPE_SPKI_sign                      351	EXIST::FUNCTION:
-NETSCAPE_SPKI_verify                    352	EXIST::FUNCTION:
+NETSCAPE_SPKI_sign                      351	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_verify                    352	EXIST::FUNCTION:EVP
 OBJ_add_object                          353	EXIST::FUNCTION:
 OBJ_bsearch                             354	EXIST::FUNCTION:
 OBJ_cleanup                             355	EXIST::FUNCTION:
@@ -357,9 +357,9 @@ OBJ_obj2nid                             364	EXIST::FUNCTION:
 OBJ_sn2nid                              365	EXIST::FUNCTION:
 OBJ_txt2nid                             366	EXIST::FUNCTION:
 PEM_ASN1_read                           367	EXIST:!WIN16:FUNCTION:
-PEM_ASN1_read_bio                       368	EXIST::FUNCTION:
+PEM_ASN1_read_bio                       368	EXIST::FUNCTION:BIO
 PEM_ASN1_write                          369	EXIST:!WIN16:FUNCTION:
-PEM_ASN1_write_bio                      370	EXIST::FUNCTION:
+PEM_ASN1_write_bio                      370	EXIST::FUNCTION:BIO
 PEM_SealFinal                           371	EXIST::FUNCTION:RSA
 PEM_SealInit                            372	EXIST::FUNCTION:RSA
 PEM_SealUpdate                          373	EXIST::FUNCTION:RSA
@@ -367,8 +367,8 @@ PEM_SignFinal                           374	EXIST::FUNCTION:
 PEM_SignInit                            375	EXIST::FUNCTION:
 PEM_SignUpdate                          376	EXIST::FUNCTION:
 PEM_X509_INFO_read                      377	EXIST:!WIN16:FUNCTION:
-PEM_X509_INFO_read_bio                  378	EXIST::FUNCTION:
-PEM_X509_INFO_write_bio                 379	EXIST::FUNCTION:
+PEM_X509_INFO_read_bio                  378	EXIST::FUNCTION:BIO
+PEM_X509_INFO_write_bio                 379	EXIST::FUNCTION:BIO
 PEM_dek_info                            380	EXIST::FUNCTION:
 PEM_do_header                           381	EXIST::FUNCTION:
 PEM_get_EVP_CIPHER_INFO                 382	EXIST::FUNCTION:
@@ -383,7 +383,7 @@ PEM_read_RSAPrivateKey                  390	EXIST:!WIN16:FUNCTION:RSA
 PEM_read_X509                           391	EXIST:!WIN16:FUNCTION:
 PEM_read_X509_CRL                       392	EXIST:!WIN16:FUNCTION:
 PEM_read_X509_REQ                       393	EXIST:!WIN16:FUNCTION:
-PEM_read_bio                            394	EXIST::FUNCTION:
+PEM_read_bio                            394	EXIST::FUNCTION:BIO
 PEM_read_bio_DHparams                   395	EXIST::FUNCTION:DH
 PEM_read_bio_DSAPrivateKey              396	EXIST::FUNCTION:DSA
 PEM_read_bio_DSAparams                  397	EXIST::FUNCTION:DSA
@@ -403,7 +403,7 @@ PEM_write_RSAPrivateKey                 410	EXIST:!WIN16:FUNCTION:RSA
 PEM_write_X509                          411	EXIST:!WIN16:FUNCTION:
 PEM_write_X509_CRL                      412	EXIST:!WIN16:FUNCTION:
 PEM_write_X509_REQ                      413	EXIST:!WIN16:FUNCTION:
-PEM_write_bio                           414	EXIST::FUNCTION:
+PEM_write_bio                           414	EXIST::FUNCTION:BIO
 PEM_write_bio_DHparams                  415	EXIST::FUNCTION:DH
 PEM_write_bio_DSAPrivateKey             416	EXIST::FUNCTION:DSA
 PEM_write_bio_DSAparams                 417	EXIST::FUNCTION:DSA
@@ -457,7 +457,7 @@ RAND_bytes                              464	EXIST::FUNCTION:
 RAND_cleanup                            465	EXIST::FUNCTION:
 RAND_file_name                          466	EXIST::FUNCTION:
 RAND_load_file                          467	EXIST::FUNCTION:
-RAND_screen                             468	EXIST::FUNCTION:
+RAND_screen                             468	EXIST:WIN32:FUNCTION:
 RAND_seed                               469	EXIST::FUNCTION:
 RAND_write_file                         470	EXIST::FUNCTION:
 RC2_cbc_encrypt                         471	EXIST::FUNCTION:RC2
@@ -477,7 +477,7 @@ RSA_free                                484	EXIST::FUNCTION:RSA
 RSA_generate_key                        485	EXIST::FUNCTION:RSA
 RSA_new                                 486	EXIST::FUNCTION:RSA
 RSA_new_method                          487	EXIST::FUNCTION:RSA
-RSA_print                               488	EXIST::FUNCTION:RSA
+RSA_print                               488	EXIST::FUNCTION:BIO,RSA
 RSA_print_fp                            489	EXIST::FUNCTION:FP_API,RSA
 RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
 RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
@@ -489,23 +489,23 @@ RSA_sign_ASN1_OCTET_STRING              496	EXIST::FUNCTION:RSA
 RSA_size                                497	EXIST::FUNCTION:RSA
 RSA_verify                              498	EXIST::FUNCTION:RSA
 RSA_verify_ASN1_OCTET_STRING            499	EXIST::FUNCTION:RSA
-SHA                                     500	EXIST::FUNCTION:SHA
-SHA1                                    501	EXIST::FUNCTION:SHA
-SHA1_Final                              502	EXIST::FUNCTION:SHA
-SHA1_Init                               503	EXIST::FUNCTION:SHA
-SHA1_Update                             504	EXIST::FUNCTION:SHA
-SHA_Final                               505	EXIST::FUNCTION:SHA
-SHA_Init                                506	EXIST::FUNCTION:SHA
-SHA_Update                              507	EXIST::FUNCTION:SHA
-OpenSSL_add_all_algorithms              508	EXIST::FUNCTION:
+SHA                                     500	EXIST::FUNCTION:SHA,SHA0
+SHA1                                    501	EXIST::FUNCTION:SHA,SHA1
+SHA1_Final                              502	EXIST::FUNCTION:SHA,SHA1
+SHA1_Init                               503	EXIST::FUNCTION:SHA,SHA1
+SHA1_Update                             504	EXIST::FUNCTION:SHA,SHA1
+SHA_Final                               505	EXIST::FUNCTION:SHA,SHA0
+SHA_Init                                506	EXIST::FUNCTION:SHA,SHA0
+SHA_Update                              507	EXIST::FUNCTION:SHA,SHA0
+OpenSSL_add_all_algorithms              508	NOEXIST::FUNCTION:
 OpenSSL_add_all_ciphers                 509	EXIST::FUNCTION:
 OpenSSL_add_all_digests                 510	EXIST::FUNCTION:
 TXT_DB_create_index                     511	EXIST::FUNCTION:
 TXT_DB_free                             512	EXIST::FUNCTION:
 TXT_DB_get_by_index                     513	EXIST::FUNCTION:
 TXT_DB_insert                           514	EXIST::FUNCTION:
-TXT_DB_read                             515	EXIST::FUNCTION:
-TXT_DB_write                            516	EXIST::FUNCTION:
+TXT_DB_read                             515	EXIST::FUNCTION:BIO
+TXT_DB_write                            516	EXIST::FUNCTION:BIO
 X509_ALGOR_free                         517	EXIST::FUNCTION:
 X509_ALGOR_new                          518	EXIST::FUNCTION:
 X509_ATTRIBUTE_free                     519	EXIST::FUNCTION:
@@ -525,8 +525,8 @@ X509_CRL_get_ext_by_OBJ                 532	EXIST::FUNCTION:
 X509_CRL_get_ext_by_critical            533	EXIST::FUNCTION:
 X509_CRL_get_ext_count                  534	EXIST::FUNCTION:
 X509_CRL_new                            535	EXIST::FUNCTION:
-X509_CRL_sign                           536	EXIST::FUNCTION:
-X509_CRL_verify                         537	EXIST::FUNCTION:
+X509_CRL_sign                           536	EXIST::FUNCTION:EVP
+X509_CRL_verify                         537	EXIST::FUNCTION:EVP
 X509_EXTENSION_create_by_NID            538	EXIST::FUNCTION:
 X509_EXTENSION_create_by_OBJ            539	EXIST::FUNCTION:
 X509_EXTENSION_dup                      540	EXIST::FUNCTION:
@@ -538,8 +538,8 @@ X509_EXTENSION_new                      545	EXIST::FUNCTION:
 X509_EXTENSION_set_critical             546	EXIST::FUNCTION:
 X509_EXTENSION_set_data                 547	EXIST::FUNCTION:
 X509_EXTENSION_set_object               548	EXIST::FUNCTION:
-X509_INFO_free                          549	EXIST::FUNCTION:
-X509_INFO_new                           550	EXIST::FUNCTION:
+X509_INFO_free                          549	EXIST::FUNCTION:EVP
+X509_INFO_new                           550	EXIST::FUNCTION:EVP
 X509_LOOKUP_by_alias                    551	EXIST::FUNCTION:
 X509_LOOKUP_by_fingerprint              552	EXIST::FUNCTION:
 X509_LOOKUP_by_issuer_serial            553	EXIST::FUNCTION:
@@ -563,7 +563,7 @@ X509_NAME_ENTRY_set_object              570	EXIST::FUNCTION:
 X509_NAME_add_entry                     571	EXIST::FUNCTION:
 X509_NAME_cmp                           572	EXIST::FUNCTION:
 X509_NAME_delete_entry                  573	EXIST::FUNCTION:
-X509_NAME_digest                        574	EXIST::FUNCTION:
+X509_NAME_digest                        574	EXIST::FUNCTION:EVP
 X509_NAME_dup                           575	EXIST::FUNCTION:
 X509_NAME_entry_count                   576	EXIST::FUNCTION:
 X509_NAME_free                          577	EXIST::FUNCTION:
@@ -574,8 +574,8 @@ X509_NAME_get_text_by_NID               581	EXIST::FUNCTION:
 X509_NAME_get_text_by_OBJ               582	EXIST::FUNCTION:
 X509_NAME_hash                          583	EXIST::FUNCTION:
 X509_NAME_new                           584	EXIST::FUNCTION:
-X509_NAME_oneline                       585	EXIST::FUNCTION:
-X509_NAME_print                         586	EXIST::FUNCTION:
+X509_NAME_oneline                       585	EXIST::FUNCTION:EVP
+X509_NAME_print                         586	EXIST::FUNCTION:BIO
 X509_NAME_set                           587	EXIST::FUNCTION:
 X509_OBJECT_free_contents               588	EXIST::FUNCTION:
 X509_OBJECT_retrieve_by_subject         589	EXIST::FUNCTION:
@@ -592,14 +592,14 @@ X509_REQ_dup                            599	EXIST::FUNCTION:
 X509_REQ_free                           600	EXIST::FUNCTION:
 X509_REQ_get_pubkey                     601	EXIST::FUNCTION:
 X509_REQ_new                            602	EXIST::FUNCTION:
-X509_REQ_print                          603	EXIST::FUNCTION:
+X509_REQ_print                          603	EXIST::FUNCTION:BIO
 X509_REQ_print_fp                       604	EXIST::FUNCTION:FP_API
 X509_REQ_set_pubkey                     605	EXIST::FUNCTION:
 X509_REQ_set_subject_name               606	EXIST::FUNCTION:
 X509_REQ_set_version                    607	EXIST::FUNCTION:
-X509_REQ_sign                           608	EXIST::FUNCTION:
+X509_REQ_sign                           608	EXIST::FUNCTION:EVP
 X509_REQ_to_X509                        609	EXIST::FUNCTION:
-X509_REQ_verify                         610	EXIST::FUNCTION:
+X509_REQ_verify                         610	EXIST::FUNCTION:EVP
 X509_REVOKED_add_ext                    611	EXIST::FUNCTION:
 X509_REVOKED_delete_ext                 612	EXIST::FUNCTION:
 X509_REVOKED_free                       613	EXIST::FUNCTION:
@@ -618,9 +618,9 @@ X509_STORE_add_cert                     624	EXIST::FUNCTION:
 X509_STORE_add_lookup                   625	EXIST::FUNCTION:
 X509_STORE_free                         626	EXIST::FUNCTION:
 X509_STORE_get_by_subject               627	EXIST::FUNCTION:
-X509_STORE_load_locations               628	EXIST::FUNCTION:
+X509_STORE_load_locations               628	EXIST::FUNCTION:STDIO
 X509_STORE_new                          629	EXIST::FUNCTION:
-X509_STORE_set_default_paths            630	EXIST::FUNCTION:
+X509_STORE_set_default_paths            630	EXIST::FUNCTION:STDIO
 X509_VAL_free                           631	EXIST::FUNCTION:
 X509_VAL_new                            632	EXIST::FUNCTION:
 X509_add_ext                            633	EXIST::FUNCTION:
@@ -629,7 +629,7 @@ X509_certificate_type                   635	EXIST::FUNCTION:
 X509_check_private_key                  636	EXIST::FUNCTION:
 X509_cmp_current_time                   637	EXIST::FUNCTION:
 X509_delete_ext                         638	EXIST::FUNCTION:
-X509_digest                             639	EXIST::FUNCTION:
+X509_digest                             639	EXIST::FUNCTION:EVP
 X509_dup                                640	EXIST::FUNCTION:
 X509_free                               641	EXIST::FUNCTION:
 X509_get_default_cert_area              642	EXIST::FUNCTION:
@@ -653,9 +653,9 @@ X509_issuer_and_serial_cmp              659	EXIST::FUNCTION:
 X509_issuer_and_serial_hash             660	EXIST::FUNCTION:
 X509_issuer_name_cmp                    661	EXIST::FUNCTION:
 X509_issuer_name_hash                   662	EXIST::FUNCTION:
-X509_load_cert_file                     663	EXIST::FUNCTION:
+X509_load_cert_file                     663	EXIST::FUNCTION:STDIO
 X509_new                                664	EXIST::FUNCTION:
-X509_print                              665	EXIST::FUNCTION:
+X509_print                              665	EXIST::FUNCTION:BIO
 X509_print_fp                           666	EXIST::FUNCTION:FP_API
 X509_set_issuer_name                    667	EXIST::FUNCTION:
 X509_set_notAfter                       668	EXIST::FUNCTION:
@@ -664,11 +664,11 @@ X509_set_pubkey                         670	EXIST::FUNCTION:
 X509_set_serialNumber                   671	EXIST::FUNCTION:
 X509_set_subject_name                   672	EXIST::FUNCTION:
 X509_set_version                        673	EXIST::FUNCTION:
-X509_sign                               674	EXIST::FUNCTION:
+X509_sign                               674	EXIST::FUNCTION:EVP
 X509_subject_name_cmp                   675	EXIST::FUNCTION:
 X509_subject_name_hash                  676	EXIST::FUNCTION:
 X509_to_X509_REQ                        677	EXIST::FUNCTION:
-X509_verify                             678	EXIST::FUNCTION:
+X509_verify                             678	EXIST::FUNCTION:EVP
 X509_verify_cert                        679	EXIST::FUNCTION:
 X509_verify_cert_error_string           680	EXIST::FUNCTION:
 X509v3_add_ext                          681	EXIST::FUNCTION:
@@ -690,8 +690,8 @@ X509v3_pack_type_by_OBJ                 696	NOEXIST::FUNCTION:
 X509v3_unpack_string                    697	NOEXIST::FUNCTION:
 _des_crypt                              698	NOEXIST::FUNCTION:
 a2d_ASN1_OBJECT                         699	EXIST::FUNCTION:
-a2i_ASN1_INTEGER                        700	EXIST::FUNCTION:
-a2i_ASN1_STRING                         701	EXIST::FUNCTION:
+a2i_ASN1_INTEGER                        700	EXIST::FUNCTION:BIO
+a2i_ASN1_STRING                         701	EXIST::FUNCTION:BIO
 asn1_Finish                             702	EXIST::FUNCTION:
 asn1_GetSequence                        703	EXIST::FUNCTION:
 bn_div_words                            704	EXIST::FUNCTION:
@@ -701,7 +701,7 @@ bn_mul_words                            707	EXIST::FUNCTION:
 BN_uadd                                 708	EXIST::FUNCTION:
 BN_usub                                 709	EXIST::FUNCTION:
 bn_sqr_words                            710	EXIST::FUNCTION:
-crypt                                   711	EXIST:!PERL5,!NeXT,!__FreeBSD__:FUNCTION:DES
+_ossl_old_crypt                         711	EXIST:!NeXT,!PERL5:FUNCTION:DES
 d2i_ASN1_BIT_STRING                     712	EXIST::FUNCTION:
 d2i_ASN1_BOOLEAN                        713	EXIST::FUNCTION:
 d2i_ASN1_HEADER                         714	EXIST::FUNCTION:
@@ -719,7 +719,7 @@ d2i_ASN1_bytes                          725	EXIST::FUNCTION:
 d2i_ASN1_type_bytes                     726	EXIST::FUNCTION:
 d2i_DHparams                            727	EXIST::FUNCTION:DH
 d2i_DSAPrivateKey                       728	EXIST::FUNCTION:DSA
-d2i_DSAPrivateKey_bio                   729	EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio                   729	EXIST::FUNCTION:BIO,DSA
 d2i_DSAPrivateKey_fp                    730	EXIST::FUNCTION:DSA,FP_API
 d2i_DSAPublicKey                        731	EXIST::FUNCTION:DSA
 d2i_DSAparams                           732	EXIST::FUNCTION:DSA
@@ -741,7 +741,7 @@ d2i_PKCS7_fp                            747	EXIST::FUNCTION:FP_API
 d2i_PrivateKey                          748	EXIST::FUNCTION:
 d2i_PublicKey                           749	EXIST::FUNCTION:
 d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
-d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:BIO,RSA
 d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:FP_API,RSA
 d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
 d2i_X509                                754	EXIST::FUNCTION:
@@ -750,7 +750,7 @@ d2i_X509_ATTRIBUTE                      756	EXIST::FUNCTION:
 d2i_X509_CINF                           757	EXIST::FUNCTION:
 d2i_X509_CRL                            758	EXIST::FUNCTION:
 d2i_X509_CRL_INFO                       759	EXIST::FUNCTION:
-d2i_X509_CRL_bio                        760	EXIST::FUNCTION:
+d2i_X509_CRL_bio                        760	EXIST::FUNCTION:BIO
 d2i_X509_CRL_fp                         761	EXIST::FUNCTION:FP_API
 d2i_X509_EXTENSION                      762	EXIST::FUNCTION:
 d2i_X509_NAME                           763	EXIST::FUNCTION:
@@ -759,54 +759,54 @@ d2i_X509_PKEY                           765	EXIST::FUNCTION:
 d2i_X509_PUBKEY                         766	EXIST::FUNCTION:
 d2i_X509_REQ                            767	EXIST::FUNCTION:
 d2i_X509_REQ_INFO                       768	EXIST::FUNCTION:
-d2i_X509_REQ_bio                        769	EXIST::FUNCTION:
+d2i_X509_REQ_bio                        769	EXIST::FUNCTION:BIO
 d2i_X509_REQ_fp                         770	EXIST::FUNCTION:FP_API
 d2i_X509_REVOKED                        771	EXIST::FUNCTION:
 d2i_X509_SIG                            772	EXIST::FUNCTION:
 d2i_X509_VAL                            773	EXIST::FUNCTION:
-d2i_X509_bio                            774	EXIST::FUNCTION:
+d2i_X509_bio                            774	EXIST::FUNCTION:BIO
 d2i_X509_fp                             775	EXIST::FUNCTION:FP_API
-des_cbc_cksum                           777	EXIST::FUNCTION:DES
-des_cbc_encrypt                         778	EXIST::FUNCTION:DES
-des_cblock_print_file                   779	NOEXIST::FUNCTION:
-des_cfb64_encrypt                       780	EXIST::FUNCTION:DES
-des_cfb_encrypt                         781	EXIST::FUNCTION:DES
-des_decrypt3                            782	EXIST::FUNCTION:DES
-des_ecb3_encrypt                        783	EXIST::FUNCTION:DES
-des_ecb_encrypt                         784	EXIST::FUNCTION:DES
-des_ede3_cbc_encrypt                    785	EXIST::FUNCTION:DES
-des_ede3_cfb64_encrypt                  786	EXIST::FUNCTION:DES
-des_ede3_ofb64_encrypt                  787	EXIST::FUNCTION:DES
-des_enc_read                            788	EXIST::FUNCTION:DES
-des_enc_write                           789	EXIST::FUNCTION:DES
-des_encrypt1                            790	EXIST::FUNCTION:DES
-des_encrypt2                            791	EXIST::FUNCTION:DES
-des_encrypt3                            792	EXIST::FUNCTION:DES
-des_fcrypt                              793	EXIST::FUNCTION:DES
-des_is_weak_key                         794	EXIST::FUNCTION:DES
-des_key_sched                           795	EXIST::FUNCTION:DES
-des_ncbc_encrypt                        796	EXIST::FUNCTION:DES
-des_ofb64_encrypt                       797	EXIST::FUNCTION:DES
-des_ofb_encrypt                         798	EXIST::FUNCTION:DES
-des_options                             799	EXIST::FUNCTION:DES
-des_pcbc_encrypt                        800	EXIST::FUNCTION:DES
-des_quad_cksum                          801	EXIST::FUNCTION:DES
-des_random_key                          802	EXIST::FUNCTION:DES
-des_random_seed                         803	EXIST::FUNCTION:DES
-des_read_2passwords                     804	EXIST::FUNCTION:DES
-des_read_password                       805	EXIST::FUNCTION:DES
-des_read_pw                             806	EXIST::FUNCTION:DES
-des_read_pw_string                      807	EXIST::FUNCTION:DES
-des_set_key                             808	EXIST::FUNCTION:DES
-des_set_odd_parity                      809	EXIST::FUNCTION:DES
-des_string_to_2keys                     810	EXIST::FUNCTION:DES
-des_string_to_key                       811	EXIST::FUNCTION:DES
-des_xcbc_encrypt                        812	EXIST::FUNCTION:DES
-des_xwhite_in2out                       813	EXIST::FUNCTION:DES
+DES_cbc_cksum                           777	EXIST::FUNCTION:DES
+DES_cbc_encrypt                         778	EXIST::FUNCTION:DES
+DES_cblock_print_file                   779	NOEXIST::FUNCTION:
+DES_cfb64_encrypt                       780	EXIST::FUNCTION:DES
+DES_cfb_encrypt                         781	EXIST::FUNCTION:DES
+DES_decrypt3                            782	EXIST::FUNCTION:DES
+DES_ecb3_encrypt                        783	EXIST::FUNCTION:DES
+DES_ecb_encrypt                         784	EXIST::FUNCTION:DES
+DES_ede3_cbc_encrypt                    785	EXIST::FUNCTION:DES
+DES_ede3_cfb64_encrypt                  786	EXIST::FUNCTION:DES
+DES_ede3_ofb64_encrypt                  787	EXIST::FUNCTION:DES
+DES_enc_read                            788	EXIST::FUNCTION:DES
+DES_enc_write                           789	EXIST::FUNCTION:DES
+DES_encrypt1                            790	EXIST::FUNCTION:DES
+DES_encrypt2                            791	EXIST::FUNCTION:DES
+DES_encrypt3                            792	EXIST::FUNCTION:DES
+DES_fcrypt                              793	EXIST::FUNCTION:DES
+DES_is_weak_key                         794	EXIST::FUNCTION:DES
+DES_key_sched                           795	EXIST::FUNCTION:DES
+DES_ncbc_encrypt                        796	EXIST::FUNCTION:DES
+DES_ofb64_encrypt                       797	EXIST::FUNCTION:DES
+DES_ofb_encrypt                         798	EXIST::FUNCTION:DES
+DES_options                             799	EXIST::FUNCTION:DES
+DES_pcbc_encrypt                        800	EXIST::FUNCTION:DES
+DES_quad_cksum                          801	EXIST::FUNCTION:DES
+DES_random_key                          802	EXIST::FUNCTION:DES
+_ossl_old_des_random_seed               803	EXIST::FUNCTION:DES
+_ossl_old_des_read_2passwords           804	EXIST::FUNCTION:DES
+_ossl_old_des_read_password             805	EXIST::FUNCTION:DES
+_ossl_old_des_read_pw                   806	EXIST::FUNCTION:
+_ossl_old_des_read_pw_string            807	EXIST::FUNCTION:
+DES_set_key                             808	EXIST::FUNCTION:DES
+DES_set_odd_parity                      809	EXIST::FUNCTION:DES
+DES_string_to_2keys                     810	EXIST::FUNCTION:DES
+DES_string_to_key                       811	EXIST::FUNCTION:DES
+DES_xcbc_encrypt                        812	EXIST::FUNCTION:DES
+DES_xwhite_in2out                       813	EXIST::FUNCTION:DES
 fcrypt_body                             814	NOEXIST::FUNCTION:
-i2a_ASN1_INTEGER                        815	EXIST::FUNCTION:
-i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:
-i2a_ASN1_STRING                         817	EXIST::FUNCTION:
+i2a_ASN1_INTEGER                        815	EXIST::FUNCTION:BIO
+i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:BIO
+i2a_ASN1_STRING                         817	EXIST::FUNCTION:BIO
 i2d_ASN1_BIT_STRING                     818	EXIST::FUNCTION:
 i2d_ASN1_BOOLEAN                        819	EXIST::FUNCTION:
 i2d_ASN1_HEADER                         820	EXIST::FUNCTION:
@@ -821,7 +821,7 @@ i2d_ASN1_UTCTIME                        828	EXIST::FUNCTION:
 i2d_ASN1_bytes                          829	EXIST::FUNCTION:
 i2d_DHparams                            830	EXIST::FUNCTION:DH
 i2d_DSAPrivateKey                       831	EXIST::FUNCTION:DSA
-i2d_DSAPrivateKey_bio                   832	EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio                   832	EXIST::FUNCTION:BIO,DSA
 i2d_DSAPrivateKey_fp                    833	EXIST::FUNCTION:DSA,FP_API
 i2d_DSAPublicKey                        834	EXIST::FUNCTION:DSA
 i2d_DSAparams                           835	EXIST::FUNCTION:DSA
@@ -843,7 +843,7 @@ i2d_PKCS7_fp                            850	EXIST::FUNCTION:FP_API
 i2d_PrivateKey                          851	EXIST::FUNCTION:
 i2d_PublicKey                           852	EXIST::FUNCTION:
 i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
-i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:BIO,RSA
 i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:FP_API,RSA
 i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
 i2d_X509                                857	EXIST::FUNCTION:
@@ -852,7 +852,7 @@ i2d_X509_ATTRIBUTE                      859	EXIST::FUNCTION:
 i2d_X509_CINF                           860	EXIST::FUNCTION:
 i2d_X509_CRL                            861	EXIST::FUNCTION:
 i2d_X509_CRL_INFO                       862	EXIST::FUNCTION:
-i2d_X509_CRL_bio                        863	EXIST::FUNCTION:
+i2d_X509_CRL_bio                        863	EXIST::FUNCTION:BIO
 i2d_X509_CRL_fp                         864	EXIST::FUNCTION:FP_API
 i2d_X509_EXTENSION                      865	EXIST::FUNCTION:
 i2d_X509_NAME                           866	EXIST::FUNCTION:
@@ -861,12 +861,12 @@ i2d_X509_PKEY                           868	EXIST::FUNCTION:
 i2d_X509_PUBKEY                         869	EXIST::FUNCTION:
 i2d_X509_REQ                            870	EXIST::FUNCTION:
 i2d_X509_REQ_INFO                       871	EXIST::FUNCTION:
-i2d_X509_REQ_bio                        872	EXIST::FUNCTION:
+i2d_X509_REQ_bio                        872	EXIST::FUNCTION:BIO
 i2d_X509_REQ_fp                         873	EXIST::FUNCTION:FP_API
 i2d_X509_REVOKED                        874	EXIST::FUNCTION:
 i2d_X509_SIG                            875	EXIST::FUNCTION:
 i2d_X509_VAL                            876	EXIST::FUNCTION:
-i2d_X509_bio                            877	EXIST::FUNCTION:
+i2d_X509_bio                            877	EXIST::FUNCTION:BIO
 i2d_X509_fp                             878	EXIST::FUNCTION:FP_API
 idea_cbc_encrypt                        879	EXIST::FUNCTION:IDEA
 idea_cfb64_encrypt                      880	EXIST::FUNCTION:IDEA
@@ -883,12 +883,12 @@ lh_free                                 890	EXIST::FUNCTION:
 lh_insert                               891	EXIST::FUNCTION:
 lh_new                                  892	EXIST::FUNCTION:
 lh_node_stats                           893	EXIST::FUNCTION:FP_API
-lh_node_stats_bio                       894	EXIST::FUNCTION:
+lh_node_stats_bio                       894	EXIST::FUNCTION:BIO
 lh_node_usage_stats                     895	EXIST::FUNCTION:FP_API
-lh_node_usage_stats_bio                 896	EXIST::FUNCTION:
+lh_node_usage_stats_bio                 896	EXIST::FUNCTION:BIO
 lh_retrieve                             897	EXIST::FUNCTION:
 lh_stats                                898	EXIST::FUNCTION:FP_API
-lh_stats_bio                            899	EXIST::FUNCTION:
+lh_stats_bio                            899	EXIST::FUNCTION:BIO
 lh_strhash                              900	EXIST::FUNCTION:
 sk_delete                               901	EXIST::FUNCTION:
 sk_delete_ptr                           902	EXIST::FUNCTION:
@@ -907,7 +907,7 @@ sk_zero                                 914	EXIST::FUNCTION:
 BIO_f_nbio_test                         915	EXIST::FUNCTION:
 ASN1_TYPE_get                           916	EXIST::FUNCTION:
 ASN1_TYPE_set                           917	EXIST::FUNCTION:
-PKCS7_content_free                      918	EXIST::FUNCTION:
+PKCS7_content_free                      918	NOEXIST::FUNCTION:
 ERR_load_PKCS7_strings                  919	EXIST::FUNCTION:
 X509_find_by_issuer_and_serial          920	EXIST::FUNCTION:
 X509_find_by_subject                    921	EXIST::FUNCTION:
@@ -929,8 +929,8 @@ EVP_delete_alias                        941	NOEXIST::FUNCTION:
 EVP_mdc2                                942	EXIST::FUNCTION:MDC2
 PEM_read_bio_RSAPublicKey               943	EXIST::FUNCTION:RSA
 PEM_write_bio_RSAPublicKey              944	EXIST::FUNCTION:RSA
-d2i_RSAPublicKey_bio                    945	EXIST::FUNCTION:RSA
-i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio                    945	EXIST::FUNCTION:BIO,RSA
+i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:BIO,RSA
 PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
 PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
 d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:FP_API,RSA
@@ -938,7 +938,7 @@ i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:FP_API,RSA
 BIO_copy_next_retry                     955	EXIST::FUNCTION:
 RSA_flags                               956	EXIST::FUNCTION:RSA
 X509_STORE_add_crl                      957	EXIST::FUNCTION:
-X509_load_crl_file                      958	EXIST::FUNCTION:
+X509_load_crl_file                      958	EXIST::FUNCTION:STDIO
 EVP_rc2_40_cbc                          959	EXIST::FUNCTION:RC2
 EVP_rc4_40                              960	EXIST::FUNCTION:RC4
 EVP_CIPHER_CTX_init                     961	EXIST::FUNCTION:
@@ -948,7 +948,7 @@ HMAC_Update                             964	EXIST::FUNCTION:HMAC
 HMAC_Final                              965	EXIST::FUNCTION:HMAC
 ERR_get_next_error_library              966	EXIST::FUNCTION:
 EVP_PKEY_cmp_parameters                 967	EXIST::FUNCTION:
-HMAC_cleanup                            968	EXIST::FUNCTION:HMAC
+HMAC_cleanup                            968	NOEXIST::FUNCTION:
 BIO_ptr_ctrl                            969	EXIST::FUNCTION:
 BIO_new_file_internal                   970	EXIST:WIN16:FUNCTION:FP_API
 BIO_new_fp_internal                     971	EXIST:WIN16:FUNCTION:FP_API
@@ -980,16 +980,16 @@ BN_mul_word                             999	EXIST::FUNCTION:
 BN_sub_word                             1000	EXIST::FUNCTION:
 BN_dec2bn                               1001	EXIST::FUNCTION:
 BN_bn2dec                               1002	EXIST::FUNCTION:
-BIO_ghbn_ctrl                           1003	EXIST::FUNCTION:
+BIO_ghbn_ctrl                           1003	NOEXIST::FUNCTION:
 CRYPTO_free_ex_data                     1004	EXIST::FUNCTION:
 CRYPTO_get_ex_data                      1005	EXIST::FUNCTION:
 CRYPTO_set_ex_data                      1007	EXIST::FUNCTION:
-ERR_load_CRYPTO_strings                 1009	EXIST:!WIN16,!VMS:FUNCTION:
-ERR_load_CRYPTOlib_strings              1009	EXIST:WIN16,VMS:FUNCTION:
+ERR_load_CRYPTO_strings                 1009	EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009	EXIST:OS2,VMS,WIN16:FUNCTION:
 EVP_PKEY_bits                           1010	EXIST::FUNCTION:
 MD5_Transform                           1011	EXIST::FUNCTION:MD5
-SHA1_Transform                          1012	EXIST::FUNCTION:SHA
-SHA_Transform                           1013	EXIST::FUNCTION:SHA
+SHA1_Transform                          1012	EXIST::FUNCTION:SHA,SHA1
+SHA_Transform                           1013	EXIST::FUNCTION:SHA,SHA0
 X509_STORE_CTX_get_chain                1014	EXIST::FUNCTION:
 X509_STORE_CTX_get_current_cert         1015	EXIST::FUNCTION:
 X509_STORE_CTX_get_error                1016	EXIST::FUNCTION:
@@ -1014,7 +1014,7 @@ RSA_padding_check_PKCS1_type_2          1036	EXIST::FUNCTION:RSA
 RSA_padding_check_SSLv23                1037	EXIST::FUNCTION:RSA
 RSA_padding_check_none                  1038	EXIST::FUNCTION:RSA
 bn_add_words                            1039	EXIST::FUNCTION:
-d2i_Netscape_RSA_2                      1040	EXIST::FUNCTION:RSA
+d2i_Netscape_RSA_2                      1040	NOEXIST::FUNCTION:
 CRYPTO_get_ex_new_index                 1041	EXIST::FUNCTION:
 RIPEMD160_Init                          1042	EXIST::FUNCTION:RIPEMD
 RIPEMD160_Update                        1043	EXIST::FUNCTION:RIPEMD
@@ -1050,7 +1050,7 @@ ASN1_TYPE_get_octetstring               1077	EXIST::FUNCTION:
 ASN1_TYPE_set_int_octetstring           1078	EXIST::FUNCTION:
 ASN1_TYPE_set_octetstring               1079	EXIST::FUNCTION:
 ASN1_UTCTIME_set_string                 1080	EXIST::FUNCTION:
-ERR_add_error_data                      1081	EXIST::FUNCTION:
+ERR_add_error_data                      1081	EXIST::FUNCTION:BIO
 ERR_set_error_data                      1082	EXIST::FUNCTION:
 EVP_CIPHER_asn1_to_param                1083	EXIST::FUNCTION:
 EVP_CIPHER_param_to_asn1                1084	EXIST::FUNCTION:
@@ -1127,20 +1127,24 @@ PKCS7_set_signed_attributes             1154	EXIST::FUNCTION:
 X509_ATTRIBUTE_create                   1155	EXIST::FUNCTION:
 X509_ATTRIBUTE_dup                      1156	EXIST::FUNCTION:
 ASN1_GENERALIZEDTIME_check              1157	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_print              1158	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              1158	EXIST::FUNCTION:BIO
 ASN1_GENERALIZEDTIME_set                1159	EXIST::FUNCTION:
 ASN1_GENERALIZEDTIME_set_string         1160	EXIST::FUNCTION:
-ASN1_TIME_print                         1161	EXIST::FUNCTION:
+ASN1_TIME_print                         1161	EXIST::FUNCTION:BIO
 BASIC_CONSTRAINTS_free                  1162	EXIST::FUNCTION:
 BASIC_CONSTRAINTS_new                   1163	EXIST::FUNCTION:
 ERR_load_X509V3_strings                 1164	EXIST::FUNCTION:
 NETSCAPE_CERT_SEQUENCE_free             1165	EXIST::FUNCTION:
 NETSCAPE_CERT_SEQUENCE_new              1166	EXIST::FUNCTION:
 OBJ_txt2obj                             1167	EXIST::FUNCTION:
-PEM_read_NETSCAPE_CERT_SEQUENCE         1168	EXIST:!WIN16:FUNCTION:
-PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169	EXIST::FUNCTION:
-PEM_write_NETSCAPE_CERT_SEQUENCE        1170	EXIST:!WIN16:FUNCTION:
-PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171	EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1168	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NS_CERT_SEQ                    1168	EXIST:VMS:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169	EXIST:!VMS:FUNCTION:
+PEM_read_bio_NS_CERT_SEQ                1169	EXIST:VMS:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1170	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NS_CERT_SEQ                   1170	EXIST:VMS:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171	EXIST:!VMS:FUNCTION:
+PEM_write_bio_NS_CERT_SEQ               1171	EXIST:VMS:FUNCTION:
 X509V3_EXT_add                          1172	EXIST::FUNCTION:
 X509V3_EXT_add_alias                    1173	EXIST::FUNCTION:
 X509V3_EXT_add_conf                     1174	EXIST::FUNCTION:
@@ -1163,14 +1167,14 @@ d2i_ASN1_GENERALIZEDTIME                1190	EXIST::FUNCTION:
 d2i_ASN1_TIME                           1191	EXIST::FUNCTION:
 d2i_BASIC_CONSTRAINTS                   1192	EXIST::FUNCTION:
 d2i_NETSCAPE_CERT_SEQUENCE              1193	EXIST::FUNCTION:
-d2i_ext_ku                              1194	EXIST::FUNCTION:
-ext_ku_free                             1195	EXIST::FUNCTION:
-ext_ku_new                              1196	EXIST::FUNCTION:
+d2i_ext_ku                              1194	NOEXIST::FUNCTION:
+ext_ku_free                             1195	NOEXIST::FUNCTION:
+ext_ku_new                              1196	NOEXIST::FUNCTION:
 i2d_ASN1_GENERALIZEDTIME                1197	EXIST::FUNCTION:
 i2d_ASN1_TIME                           1198	EXIST::FUNCTION:
 i2d_BASIC_CONSTRAINTS                   1199	EXIST::FUNCTION:
 i2d_NETSCAPE_CERT_SEQUENCE              1200	EXIST::FUNCTION:
-i2d_ext_ku                              1201	EXIST::FUNCTION:
+i2d_ext_ku                              1201	NOEXIST::FUNCTION:
 EVP_MD_CTX_copy                         1202	EXIST::FUNCTION:
 i2d_ASN1_ENUMERATED                     1203	EXIST::FUNCTION:
 d2i_ASN1_ENUMERATED                     1204	EXIST::FUNCTION:
@@ -1178,8 +1182,8 @@ ASN1_ENUMERATED_set                     1205	EXIST::FUNCTION:
 ASN1_ENUMERATED_get                     1206	EXIST::FUNCTION:
 BN_to_ASN1_ENUMERATED                   1207	EXIST::FUNCTION:
 ASN1_ENUMERATED_to_BN                   1208	EXIST::FUNCTION:
-i2a_ASN1_ENUMERATED                     1209	EXIST::FUNCTION:
-a2i_ASN1_ENUMERATED                     1210	EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     1209	EXIST::FUNCTION:BIO
+a2i_ASN1_ENUMERATED                     1210	EXIST::FUNCTION:BIO
 i2d_GENERAL_NAME                        1211	EXIST::FUNCTION:
 d2i_GENERAL_NAME                        1212	EXIST::FUNCTION:
 GENERAL_NAME_new                        1213	EXIST::FUNCTION:
@@ -1194,11 +1198,11 @@ s2i_ASN1_OCTET_STRING                   1221	EXIST::FUNCTION:
 X509V3_EXT_check_conf                   1222	NOEXIST::FUNCTION:
 hex_to_string                           1223	EXIST::FUNCTION:
 string_to_hex                           1224	EXIST::FUNCTION:
-des_ede3_cbcm_encrypt                   1225	EXIST::FUNCTION:DES
+DES_ede3_cbcm_encrypt                   1225	EXIST::FUNCTION:DES
 RSA_padding_add_PKCS1_OAEP              1226	EXIST::FUNCTION:RSA
 RSA_padding_check_PKCS1_OAEP            1227	EXIST::FUNCTION:RSA
 X509_CRL_print_fp                       1228	EXIST::FUNCTION:FP_API
-X509_CRL_print                          1229	EXIST::FUNCTION:
+X509_CRL_print                          1229	EXIST::FUNCTION:BIO
 i2v_GENERAL_NAME                        1230	EXIST::FUNCTION:
 v2i_GENERAL_NAME                        1231	EXIST::FUNCTION:
 i2d_PKEY_USAGE_PERIOD                   1232	EXIST::FUNCTION:
@@ -1212,8 +1216,8 @@ name_cmp                                1239	EXIST::FUNCTION:
 str_dup                                 1240	NOEXIST::FUNCTION:
 i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
 i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
-BIO_s_log                               1243	EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
-BIO_f_reliable                          1244	EXIST::FUNCTION:
+BIO_s_log                               1243	EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable                          1244	EXIST::FUNCTION:BIO
 PKCS7_dataFinal                         1245	EXIST::FUNCTION:
 PKCS7_dataDecode                        1246	EXIST::FUNCTION:
 X509V3_EXT_CRL_add_conf                 1247	EXIST::FUNCTION:
@@ -1231,7 +1235,7 @@ ASN1_seq_unpack                         1258	EXIST::FUNCTION:
 ASN1_seq_pack                           1259	EXIST::FUNCTION:
 ASN1_unpack_string                      1260	EXIST::FUNCTION:
 ASN1_pack_string                        1261	EXIST::FUNCTION:
-PKCS12_pack_safebag                     1262	EXIST::FUNCTION:
+PKCS12_pack_safebag                     1262	NOEXIST::FUNCTION:
 PKCS12_MAKE_KEYBAG                      1263	EXIST::FUNCTION:
 PKCS8_encrypt                           1264	EXIST::FUNCTION:
 PKCS12_MAKE_SHKEYBAG                    1265	EXIST::FUNCTION:
@@ -1242,8 +1246,8 @@ PKCS12_add_friendlyname_asc             1269	EXIST::FUNCTION:
 PKCS12_add_friendlyname_uni             1270	EXIST::FUNCTION:
 PKCS12_get_friendlyname                 1271	EXIST::FUNCTION:
 PKCS12_pbe_crypt                        1272	EXIST::FUNCTION:
-PKCS12_decrypt_d2i                      1273	EXIST::FUNCTION:
-PKCS12_i2d_encrypt                      1274	EXIST::FUNCTION:
+PKCS12_decrypt_d2i                      1273	NOEXIST::FUNCTION:
+PKCS12_i2d_encrypt                      1274	NOEXIST::FUNCTION:
 PKCS12_init                             1275	EXIST::FUNCTION:
 PKCS12_key_gen_asc                      1276	EXIST::FUNCTION:
 PKCS12_key_gen_uni                      1277	EXIST::FUNCTION:
@@ -1423,21 +1427,25 @@ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753	NOEXIST::FUNCTION:
 PKCS5_PBE_add                           1775	EXIST::FUNCTION:
 PEM_write_bio_PKCS8                     1776	EXIST::FUNCTION:
 i2d_PKCS8_fp                            1777	EXIST::FUNCTION:FP_API
-PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778	EXIST::FUNCTION:
-d2i_PKCS8_bio                           1779	EXIST::FUNCTION:
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778	EXIST:!VMS:FUNCTION:
+PEM_read_bio_P8_PRIV_KEY_INFO           1778	EXIST:VMS:FUNCTION:
+d2i_PKCS8_bio                           1779	EXIST::FUNCTION:BIO
 d2i_PKCS8_PRIV_KEY_INFO_fp              1780	EXIST::FUNCTION:FP_API
-PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781	EXIST::FUNCTION:
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781	EXIST:!VMS:FUNCTION:
+PEM_write_bio_P8_PRIV_KEY_INFO          1781	EXIST:VMS:FUNCTION:
 PEM_read_PKCS8                          1782	EXIST:!WIN16:FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO_bio             1783	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783	EXIST::FUNCTION:BIO
 d2i_PKCS8_fp                            1784	EXIST::FUNCTION:FP_API
 PEM_write_PKCS8                         1785	EXIST:!WIN16:FUNCTION:
-PEM_read_PKCS8_PRIV_KEY_INFO            1786	EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            1786	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_P8_PRIV_KEY_INFO               1786	EXIST:VMS:FUNCTION:
 PEM_read_bio_PKCS8                      1787	EXIST::FUNCTION:
-PEM_write_PKCS8_PRIV_KEY_INFO           1788	EXIST:!WIN16:FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO           1788	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_P8_PRIV_KEY_INFO              1788	EXIST:VMS:FUNCTION:
 PKCS5_PBE_keyivgen                      1789	EXIST::FUNCTION:
-i2d_PKCS8_bio                           1790	EXIST::FUNCTION:
+i2d_PKCS8_bio                           1790	EXIST::FUNCTION:BIO
 i2d_PKCS8_PRIV_KEY_INFO_fp              1791	EXIST::FUNCTION:FP_API
-i2d_PKCS8_PRIV_KEY_INFO_bio             1792	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792	EXIST::FUNCTION:BIO
 BIO_s_bio                               1793	EXIST::FUNCTION:
 PKCS5_pbe2_set                          1794	EXIST::FUNCTION:
 PKCS5_PBKDF2_HMAC_SHA1                  1795	EXIST::FUNCTION:
@@ -1460,7 +1468,7 @@ RSA_get_method                          1847	EXIST::FUNCTION:RSA
 RSA_get_default_method                  1848	EXIST::FUNCTION:RSA
 RSA_check_key                           1869	EXIST::FUNCTION:RSA
 OBJ_obj2txt                             1870	EXIST::FUNCTION:
-DSA_dup_DH                              1871	EXIST::FUNCTION:DSA,DH
+DSA_dup_DH                              1871	EXIST::FUNCTION:DH,DSA
 X509_REQ_get_extensions                 1872	EXIST::FUNCTION:
 X509_REQ_set_extension_nids             1873	EXIST::FUNCTION:
 BIO_nwrite                              1874	EXIST::FUNCTION:
@@ -1486,11 +1494,11 @@ DSA_set_ex_data                         1893	EXIST::FUNCTION:DSA
 DH_set_default_method                   1894	EXIST::FUNCTION:DH
 DSA_get_ex_data                         1895	EXIST::FUNCTION:DSA
 X509V3_EXT_REQ_add_conf                 1896	EXIST::FUNCTION:
-NETSCAPE_SPKI_print                     1897	EXIST::FUNCTION:
-NETSCAPE_SPKI_set_pubkey                1898	EXIST::FUNCTION:
-NETSCAPE_SPKI_b64_encode                1899	EXIST::FUNCTION:
-NETSCAPE_SPKI_get_pubkey                1900	EXIST::FUNCTION:
-NETSCAPE_SPKI_b64_decode                1901	EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     1897	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_set_pubkey                1898	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_encode                1899	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_get_pubkey                1900	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_decode                1901	EXIST::FUNCTION:EVP
 UTF8_putc                               1902	EXIST::FUNCTION:
 UTF8_getc                               1903	EXIST::FUNCTION:
 RSA_null_method                         1904	EXIST::FUNCTION:RSA
@@ -1537,20 +1545,20 @@ PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
 ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
 d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:FP_API,RSA
 X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
-PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:DSA
 X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
 EVP_PKEY_set1_DSA                       1970	EXIST::FUNCTION:DSA
 i2d_DSA_PUBKEY_fp                       1971	EXIST::FUNCTION:DSA,FP_API
-X509_load_cert_crl_file                 1972	EXIST::FUNCTION:
+X509_load_cert_crl_file                 1972	EXIST::FUNCTION:STDIO
 ASN1_TIME_new                           1973	EXIST::FUNCTION:
 i2d_RSA_PUBKEY                          1974	EXIST::FUNCTION:RSA
 X509_STORE_CTX_purpose_inherit          1976	EXIST::FUNCTION:
 PEM_read_RSA_PUBKEY                     1977	EXIST:!WIN16:FUNCTION:RSA
 d2i_X509_AUX                            1980	EXIST::FUNCTION:
 i2d_DSA_PUBKEY                          1981	EXIST::FUNCTION:DSA
-X509_CERT_AUX_print                     1982	EXIST::FUNCTION:
-PEM_read_DSA_PUBKEY                     1984	EXIST:!WIN16:FUNCTION:
-i2d_RSA_PUBKEY_bio                      1985	EXIST::FUNCTION:RSA
+X509_CERT_AUX_print                     1982	EXIST::FUNCTION:BIO
+PEM_read_DSA_PUBKEY                     1984	EXIST:!WIN16:FUNCTION:DSA
+i2d_RSA_PUBKEY_bio                      1985	EXIST::FUNCTION:BIO,RSA
 ASN1_BIT_STRING_num_asc                 1986	EXIST::FUNCTION:
 i2d_PUBKEY                              1987	EXIST::FUNCTION:
 ASN1_UTCTIME_free                       1988	EXIST::FUNCTION:
@@ -1568,7 +1576,7 @@ X509_NAME_add_entry_by_OBJ              2008	EXIST::FUNCTION:
 X509_CRL_get_ext_d2i                    2009	EXIST::FUNCTION:
 X509_PURPOSE_get0_name                  2011	EXIST::FUNCTION:
 PEM_read_PUBKEY                         2012	EXIST:!WIN16:FUNCTION:
-i2d_DSA_PUBKEY_bio                      2014	EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_bio                      2014	EXIST::FUNCTION:BIO,DSA
 i2d_OTHERNAME                           2015	EXIST::FUNCTION:
 ASN1_OCTET_STRING_free                  2016	EXIST::FUNCTION:
 ASN1_BIT_STRING_set_asc                 2017	EXIST::FUNCTION:
@@ -1598,7 +1606,7 @@ ASN1_IA5STRING_new                      2049	EXIST::FUNCTION:
 d2i_DSA_PUBKEY                          2050	EXIST::FUNCTION:DSA
 X509_check_purpose                      2051	EXIST::FUNCTION:
 ASN1_ENUMERATED_new                     2052	EXIST::FUNCTION:
-d2i_RSA_PUBKEY_bio                      2053	EXIST::FUNCTION:RSA
+d2i_RSA_PUBKEY_bio                      2053	EXIST::FUNCTION:BIO,RSA
 d2i_PUBKEY                              2054	EXIST::FUNCTION:
 X509_TRUST_get_trust                    2055	EXIST::FUNCTION:
 X509_TRUST_get_flags                    2056	EXIST::FUNCTION:
@@ -1622,15 +1630,15 @@ ASN1_BIT_STRING_free                    2080	EXIST::FUNCTION:
 PEM_read_bio_RSA_PUBKEY                 2081	EXIST::FUNCTION:RSA
 X509_add1_reject_object                 2082	EXIST::FUNCTION:
 X509_check_trust                        2083	EXIST::FUNCTION:
-PEM_read_bio_DSA_PUBKEY                 2088	EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY                 2088	EXIST::FUNCTION:DSA
 X509_PURPOSE_add                        2090	EXIST::FUNCTION:
 ASN1_STRING_TABLE_get                   2091	EXIST::FUNCTION:
 ASN1_UTF8STRING_free                    2092	EXIST::FUNCTION:
-d2i_DSA_PUBKEY_bio                      2093	EXIST::FUNCTION:DSA
+d2i_DSA_PUBKEY_bio                      2093	EXIST::FUNCTION:BIO,DSA
 PEM_write_RSA_PUBKEY                    2095	EXIST:!WIN16:FUNCTION:RSA
 d2i_OTHERNAME                           2096	EXIST::FUNCTION:
 X509_reject_set_bit                     2098	NOEXIST::FUNCTION:
-PEM_write_DSA_PUBKEY                    2101	EXIST:!WIN16:FUNCTION:
+PEM_write_DSA_PUBKEY                    2101	EXIST:!WIN16:FUNCTION:DSA
 X509_PURPOSE_get0_sname                 2105	EXIST::FUNCTION:
 EVP_PKEY_set1_DH                        2107	EXIST::FUNCTION:DH
 ASN1_OCTET_STRING_dup                   2108	EXIST::FUNCTION:
@@ -1650,7 +1658,7 @@ EVP_PKEY_get1_DH                        2128	EXIST::FUNCTION:DH
 ASN1_OCTET_STRING_new                   2130	EXIST::FUNCTION:
 ASN1_INTEGER_new                        2131	EXIST::FUNCTION:
 i2d_X509_AUX                            2132	EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print              2134	EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2134	EXIST::FUNCTION:BIO
 X509_cmp                                2135	EXIST::FUNCTION:
 ASN1_STRING_length_set                  2136	EXIST::FUNCTION:
 DIRECTORYSTRING_new                     2137	EXIST::FUNCTION:
@@ -1658,10 +1666,10 @@ X509_add1_trust_object                  2140	EXIST::FUNCTION:
 PKCS12_newpass                          2141	EXIST::FUNCTION:
 SMIME_write_PKCS7                       2142	EXIST::FUNCTION:
 SMIME_read_PKCS7                        2143	EXIST::FUNCTION:
-des_set_key_checked                     2144	EXIST::FUNCTION:DES
+DES_set_key_checked                     2144	EXIST::FUNCTION:DES
 PKCS7_verify                            2145	EXIST::FUNCTION:
 PKCS7_encrypt                           2146	EXIST::FUNCTION:
-des_set_key_unchecked                   2147	EXIST::FUNCTION:DES
+DES_set_key_unchecked                   2147	EXIST::FUNCTION:DES
 SMIME_crlf_copy                         2148	EXIST::FUNCTION:
 i2d_ASN1_PRINTABLESTRING                2149	EXIST::FUNCTION:
 PKCS7_get0_signers                      2150	EXIST::FUNCTION:
@@ -1693,12 +1701,12 @@ i2d_PKCS8PrivateKey_nid_fp              2174	EXIST::FUNCTION:
 d2i_PKCS8PrivateKey_fp                  2175	EXIST::FUNCTION:
 i2d_PKCS8PrivateKey_nid_bio             2176	EXIST::FUNCTION:
 i2d_PKCS8PrivateKeyInfo_fp              2177	EXIST::FUNCTION:FP_API
-i2d_PKCS8PrivateKeyInfo_bio             2178	EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_bio             2178	EXIST::FUNCTION:BIO
 PEM_cb                                  2179	NOEXIST::FUNCTION:
 i2d_PrivateKey_fp                       2180	EXIST::FUNCTION:FP_API
-d2i_PrivateKey_bio                      2181	EXIST::FUNCTION:
+d2i_PrivateKey_bio                      2181	EXIST::FUNCTION:BIO
 d2i_PrivateKey_fp                       2182	EXIST::FUNCTION:FP_API
-i2d_PrivateKey_bio                      2183	EXIST::FUNCTION:
+i2d_PrivateKey_bio                      2183	EXIST::FUNCTION:BIO
 X509_reject_clear                       2184	EXIST::FUNCTION:
 X509_TRUST_set_default                  2185	EXIST::FUNCTION:
 d2i_AutoPrivateKey                      2186	EXIST::FUNCTION:
@@ -1745,21 +1753,21 @@ ASN1_STRING_TABLE_add                   2245	EXIST::FUNCTION:
 CRYPTO_dbg_get_options                  2246	EXIST::FUNCTION:
 AUTHORITY_INFO_ACCESS_new               2247	EXIST::FUNCTION:
 CRYPTO_get_mem_debug_options            2248	EXIST::FUNCTION:
-des_crypt                               2249	EXIST::FUNCTION:DES
+DES_crypt                               2249	EXIST::FUNCTION:DES
 PEM_write_bio_X509_REQ_NEW              2250	EXIST::FUNCTION:
 PEM_write_X509_REQ_NEW                  2251	EXIST:!WIN16:FUNCTION:
 BIO_callback_ctrl                       2252	EXIST::FUNCTION:
 RAND_egd                                2253	EXIST::FUNCTION:
 RAND_status                             2254	EXIST::FUNCTION:
 bn_dump1                                2255	NOEXIST::FUNCTION:
-des_check_key_parity                    2256	EXIST::FUNCTION:DES
+DES_check_key_parity                    2256	EXIST::FUNCTION:DES
 lh_num_items                            2257	EXIST::FUNCTION:
-RAND_event                              2258	EXIST::FUNCTION:
+RAND_event                              2258	EXIST:WIN32:FUNCTION:
 DSO_new                                 2259	EXIST::FUNCTION:
 DSO_new_method                          2260	EXIST::FUNCTION:
 DSO_free                                2261	EXIST::FUNCTION:
 DSO_flags                               2262	EXIST::FUNCTION:
-DSO_up                                  2263	EXIST::FUNCTION:
+DSO_up                                  2263	NOEXIST::FUNCTION:
 DSO_set_default_method                  2264	EXIST::FUNCTION:
 DSO_get_default_method                  2265	EXIST::FUNCTION:
 DSO_get_method                          2266	EXIST::FUNCTION:
@@ -1777,7 +1785,7 @@ NCONF_load_fp                           2278	EXIST::FUNCTION:FP_API
 NCONF_new                               2279	EXIST::FUNCTION:
 NCONF_get_string                        2280	EXIST::FUNCTION:
 NCONF_free                              2281	EXIST::FUNCTION:
-NCONF_get_number                        2282	EXIST::FUNCTION:
+NCONF_get_number                        2282	NOEXIST::FUNCTION:
 CONF_dump_fp                            2283	EXIST::FUNCTION:
 NCONF_load_bio                          2284	EXIST::FUNCTION:
 NCONF_dump_fp                           2285	EXIST::FUNCTION:
@@ -1795,9 +1803,9 @@ i2d_ASN1_SET_OF_PKCS7                   2328	NOEXIST::FUNCTION:
 BIO_vfree                               2334	EXIST::FUNCTION:
 d2i_ASN1_SET_OF_ASN1_INTEGER            2339	NOEXIST::FUNCTION:
 d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341	NOEXIST::FUNCTION:
-ASN1_UTCTIME_get                        2350	EXIST::FUNCTION:
-X509_REQ_digest                         2362	EXIST::FUNCTION:
-X509_CRL_digest                         2391	EXIST::FUNCTION:
+ASN1_UTCTIME_get                        2350	NOEXIST::FUNCTION:
+X509_REQ_digest                         2362	EXIST::FUNCTION:EVP
+X509_CRL_digest                         2391	EXIST::FUNCTION:EVP
 d2i_ASN1_SET_OF_PKCS7                   2397	NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_set_key_length           2399	EXIST::FUNCTION:
 EVP_CIPHER_CTX_ctrl                     2400	EXIST::FUNCTION:
@@ -1807,7 +1815,7 @@ X509_REQ_get1_email                     2403	EXIST::FUNCTION:
 X509_get1_email                         2404	EXIST::FUNCTION:
 X509_email_free                         2405	EXIST::FUNCTION:
 i2d_RSA_NET                             2406	EXIST::FUNCTION:RSA
-d2i_RSA_NET_2                           2407	EXIST::FUNCTION:RSA
+d2i_RSA_NET_2                           2407	NOEXIST::FUNCTION:
 d2i_RSA_NET                             2408	EXIST::FUNCTION:RSA
 DSO_bind_func                           2409	EXIST::FUNCTION:
 CRYPTO_get_new_dynlockid                2410	EXIST::FUNCTION:
@@ -1833,21 +1841,21 @@ RAND_poll                               2423	EXIST::FUNCTION:
 c2i_ASN1_INTEGER                        2424	EXIST::FUNCTION:
 i2c_ASN1_INTEGER                        2425	EXIST::FUNCTION:
 BIO_dump_indent                         2426	EXIST::FUNCTION:
-ASN1_parse_dump                         2427	EXIST::FUNCTION:
+ASN1_parse_dump                         2427	EXIST::FUNCTION:BIO
 c2i_ASN1_OBJECT                         2428	EXIST::FUNCTION:
 X509_NAME_print_ex_fp                   2429	EXIST::FUNCTION:FP_API
 ASN1_STRING_print_ex_fp                 2430	EXIST::FUNCTION:FP_API
-X509_NAME_print_ex                      2431	EXIST::FUNCTION:
-ASN1_STRING_print_ex                    2432	EXIST::FUNCTION:
+X509_NAME_print_ex                      2431	EXIST::FUNCTION:BIO
+ASN1_STRING_print_ex                    2432	EXIST::FUNCTION:BIO
 MD4                                     2433	EXIST::FUNCTION:MD4
 MD4_Transform                           2434	EXIST::FUNCTION:MD4
 MD4_Final                               2435	EXIST::FUNCTION:MD4
 MD4_Update                              2436	EXIST::FUNCTION:MD4
 MD4_Init                                2437	EXIST::FUNCTION:MD4
 EVP_md4                                 2438	EXIST::FUNCTION:MD4
-i2d_PUBKEY_bio                          2439	EXIST::FUNCTION:
+i2d_PUBKEY_bio                          2439	EXIST::FUNCTION:BIO
 i2d_PUBKEY_fp                           2440	EXIST::FUNCTION:FP_API
-d2i_PUBKEY_bio                          2441	EXIST::FUNCTION:
+d2i_PUBKEY_bio                          2441	EXIST::FUNCTION:BIO
 ASN1_STRING_to_UTF8                     2442	EXIST::FUNCTION:
 BIO_vprintf                             2443	EXIST::FUNCTION:
 BIO_vsnprintf                           2444	EXIST::FUNCTION:
@@ -1862,10 +1870,10 @@ X509_STORE_CTX_trusted_stack            2452	EXIST::FUNCTION:
 X509_time_adj                           2453	EXIST::FUNCTION:
 X509_check_issued                       2454	EXIST::FUNCTION:
 ASN1_UTCTIME_cmp_time_t                 2455	EXIST::FUNCTION:
-des_set_weak_key_flag                   2456	EXIST::VARIABLE:DES
-des_check_key                           2457	EXIST::VARIABLE:DES
-des_rw_mode                             2458	EXIST::VARIABLE:DES
-RSA_PKCS1_RSAref                        2459	EXIST:RSAREF:FUNCTION:RSA
+DES_set_weak_key_flag                   2456	NOEXIST::FUNCTION:
+DES_check_key                           2457	NOEXIST::FUNCTION:
+DES_rw_mode                             2458	NOEXIST::FUNCTION:
+RSA_PKCS1_RSAref                        2459	NOEXIST::FUNCTION:
 X509_keyid_set1                         2460	EXIST::FUNCTION:
 BIO_next                                2461	EXIST::FUNCTION:
 DSO_METHOD_vms                          2462	EXIST::FUNCTION:
@@ -1873,64 +1881,923 @@ BIO_f_linebuffer                        2463	EXIST:VMS:FUNCTION:
 BN_bntest_rand                          2464	EXIST::FUNCTION:
 OPENSSL_issetugid                       2465	EXIST::FUNCTION:
 BN_rand_range                           2466	EXIST::FUNCTION:
-ERR_load_ENGINE_strings                 2467	NOEXIST::FUNCTION:
-ENGINE_set_DSA                          2468	NOEXIST::FUNCTION:
-ENGINE_get_finish_function              2469	NOEXIST::FUNCTION:
-ENGINE_get_default_RSA                  2470	NOEXIST::FUNCTION:
+ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:
+ENGINE_set_DSA                          2468	EXIST::FUNCTION:
+ENGINE_get_finish_function              2469	EXIST::FUNCTION:
+ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:
 ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
 DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
-ENGINE_set_DH                           2473	NOEXIST::FUNCTION:
+ENGINE_set_DH                           2473	EXIST::FUNCTION:
 ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
 ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
-ENGINE_init                             2475	NOEXIST::FUNCTION:
+ENGINE_init                             2475	EXIST::FUNCTION:
 DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
 RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
-ENGINE_finish                           2478	NOEXIST::FUNCTION:
-ENGINE_load_public_key                  2479	NOEXIST::FUNCTION:
-ENGINE_get_DH                           2480	NOEXIST::FUNCTION:
-ENGINE_ctrl                             2481	NOEXIST::FUNCTION:
-ENGINE_get_init_function                2482	NOEXIST::FUNCTION:
-ENGINE_set_init_function                2483	NOEXIST::FUNCTION:
-ENGINE_set_default_DSA                  2484	NOEXIST::FUNCTION:
-ENGINE_get_name                         2485	NOEXIST::FUNCTION:
-ENGINE_get_last                         2486	NOEXIST::FUNCTION:
-ENGINE_get_prev                         2487	NOEXIST::FUNCTION:
-ENGINE_get_default_DH                   2488	NOEXIST::FUNCTION:
-ENGINE_get_RSA                          2489	NOEXIST::FUNCTION:
-ENGINE_set_default                      2490	NOEXIST::FUNCTION:
-ENGINE_get_RAND                         2491	NOEXIST::FUNCTION:
-ENGINE_get_first                        2492	NOEXIST::FUNCTION:
-ENGINE_by_id                            2493	NOEXIST::FUNCTION:
-ENGINE_set_finish_function              2494	NOEXIST::FUNCTION:
-ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+ENGINE_finish                           2478	EXIST::FUNCTION:
+ENGINE_load_public_key                  2479	EXIST::FUNCTION:
+ENGINE_get_DH                           2480	EXIST::FUNCTION:
+ENGINE_ctrl                             2481	EXIST::FUNCTION:
+ENGINE_get_init_function                2482	EXIST::FUNCTION:
+ENGINE_set_init_function                2483	EXIST::FUNCTION:
+ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:
+ENGINE_get_name                         2485	EXIST::FUNCTION:
+ENGINE_get_last                         2486	EXIST::FUNCTION:
+ENGINE_get_prev                         2487	EXIST::FUNCTION:
+ENGINE_get_default_DH                   2488	EXIST::FUNCTION:
+ENGINE_get_RSA                          2489	EXIST::FUNCTION:
+ENGINE_set_default                      2490	EXIST::FUNCTION:
+ENGINE_get_RAND                         2491	EXIST::FUNCTION:
+ENGINE_get_first                        2492	EXIST::FUNCTION:
+ENGINE_by_id                            2493	EXIST::FUNCTION:
+ENGINE_set_finish_function              2494	EXIST::FUNCTION:
 ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
 RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
-ENGINE_set_RSA                          2497	NOEXIST::FUNCTION:
-ENGINE_load_private_key                 2498	NOEXIST::FUNCTION:
-ENGINE_set_default_RAND                 2499	NOEXIST::FUNCTION:
+ENGINE_set_RSA                          2497	EXIST::FUNCTION:
+ENGINE_load_private_key                 2498	EXIST::FUNCTION:
+ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:
 ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
-ENGINE_remove                           2501	NOEXIST::FUNCTION:
-ENGINE_free                             2502	NOEXIST::FUNCTION:
+ENGINE_remove                           2501	EXIST::FUNCTION:
+ENGINE_free                             2502	EXIST::FUNCTION:
 ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
-ENGINE_get_next                         2504	NOEXIST::FUNCTION:
-ENGINE_set_name                         2505	NOEXIST::FUNCTION:
-ENGINE_get_default_DSA                  2506	NOEXIST::FUNCTION:
+ENGINE_get_next                         2504	EXIST::FUNCTION:
+ENGINE_set_name                         2505	EXIST::FUNCTION:
+ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:
 ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
-ENGINE_set_default_RSA                  2508	NOEXIST::FUNCTION:
-ENGINE_get_default_RAND                 2509	NOEXIST::FUNCTION:
+ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:
+ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:
 ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
-ENGINE_set_RAND                         2511	NOEXIST::FUNCTION:
-ENGINE_set_id                           2512	NOEXIST::FUNCTION:
+ENGINE_set_RAND                         2511	EXIST::FUNCTION:
+ENGINE_set_id                           2512	EXIST::FUNCTION:
 ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
-ENGINE_set_default_DH                   2514	NOEXIST::FUNCTION:
-ENGINE_new                              2515	NOEXIST::FUNCTION:
-ENGINE_get_id                           2516	NOEXIST::FUNCTION:
+ENGINE_set_default_DH                   2514	EXIST::FUNCTION:
+ENGINE_new                              2515	EXIST::FUNCTION:
+ENGINE_get_id                           2516	EXIST::FUNCTION:
 DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
-ENGINE_add                              2518	NOEXIST::FUNCTION:
+ENGINE_add                              2518	EXIST::FUNCTION:
 DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
-ENGINE_get_DSA                          2520	NOEXIST::FUNCTION:
-ENGINE_get_ctrl_function                2521	NOEXIST::FUNCTION:
-ENGINE_set_ctrl_function                2522	NOEXIST::FUNCTION:
+ENGINE_get_DSA                          2520	EXIST::FUNCTION:
+ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:
+ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:
 BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
 X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
 ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:
+ENGINE_get_ciphers                      2529	EXIST::FUNCTION:
+d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_add                            2532	EXIST::FUNCTION:EC
+ASN1_item_ex_i2d                        2533	EXIST::FUNCTION:
+OCSP_CERTID_it                          2534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTID_it                          2534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPBYTES                      2535	EXIST::FUNCTION:
+X509V3_add1_i2d                         2536	EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_input_boolean                    2538	EXIST::FUNCTION:
+ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:
+X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+X509_print_ex                           2544	EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+ENGINE_register_all_RAND                2546	EXIST::FUNCTION:
+ENGINE_load_dynamic                     2547	EXIST::FUNCTION:
+PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+EC_GROUP_clear_free                     2550	EXIST::FUNCTION:EC
+OCSP_sendreq_bio                        2551	EXIST::FUNCTION:
+ASN1_item_digest                        2552	EXIST::FUNCTION:EVP
+OCSP_BASICRESP_delete_ext               2553	EXIST::FUNCTION:
+OCSP_SIGNATURE_it                       2554	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SIGNATURE_it                       2554	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_it                             2555	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             2555	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_add_ext                  2556	EXIST::FUNCTION:
+KRB5_ENCKEY_it                          2557	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCKEY_it                          2557	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_closer                    2558	EXIST::FUNCTION:
+X509_STORE_set_purpose                  2559	EXIST::FUNCTION:
+i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+OCSP_response_status                    2561	EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+ENGINE_get_digest_engine                2563	EXIST::FUNCTION:
+EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+_ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+ASN1_T61STRING_it                       2567	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2567	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      2568	EXIST::FUNCTION:EC
+i2d_KRB5_APREQ                          2569	EXIST::FUNCTION:
+_ossl_old_des_encrypt                   2570	EXIST::FUNCTION:DES
+ASN1_PRINTABLE_new                      2571	EXIST::FUNCTION:
+HMAC_Init_ex                            2572	EXIST::FUNCTION:HMAC
+d2i_KRB5_AUTHENT                        2573	EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 2574	EXIST::FUNCTION:
+EC_POINT_set_Jprojective_coordinates_GFp 2575	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_Jproj_coords_GFp           2575	EXIST:VMS:FUNCTION:EC
+_ossl_old_des_is_weak_key               2576	EXIST::FUNCTION:DES
+OCSP_BASICRESP_get_ext_by_OBJ           2577	EXIST::FUNCTION:
+EC_POINT_oct2point                      2578	EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get_ext_count           2579	EXIST::FUNCTION:
+UI_ctrl                                 2580	EXIST::FUNCTION:
+_shadow_DES_rw_mode                     2581	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+asn1_do_adb                             2582	EXIST::FUNCTION:
+ASN1_template_i2d                       2583	EXIST::FUNCTION:
+ENGINE_register_DH                      2584	EXIST::FUNCTION:
+UI_construct_prompt                     2585	EXIST::FUNCTION:
+X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+UI_dup_input_string                     2587	EXIST::FUNCTION:
+d2i_KRB5_APREQ                          2588	EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      2589	EXIST::FUNCTION:
+OCSP_request_is_signed                  2590	EXIST::FUNCTION:
+i2d_OCSP_REQINFO                        2591	EXIST::FUNCTION:
+KRB5_ENCKEY_free                        2592	EXIST::FUNCTION:
+OCSP_resp_get0                          2593	EXIST::FUNCTION:
+GENERAL_NAME_it                         2594	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         2594	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_GENERALIZEDTIME_it                 2595	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2595	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_STORE_set_flags                    2596	EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 2597	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GFp           2597	EXIST:VMS:FUNCTION:EC
+OCSP_response_status_str                2598	EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    2599	EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2600	EXIST::FUNCTION:
+ERR_get_implementation                  2601	EXIST::FUNCTION:
+EVP_CipherFinal_ex                      2602	EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     2603	EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data              2604	EXIST::FUNCTION:
+OCSP_resp_find                          2605	EXIST::FUNCTION:
+BN_nnmod                                2606	EXIST::FUNCTION:
+X509_CRL_sort                           2607	EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+ENGINE_register_RAND                    2609	EXIST::FUNCTION:
+OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+_ossl_old_des_options                   2612	EXIST::FUNCTION:DES
+SXNET_it                                2613	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                2613	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:
+DSO_convert_filename                    2618	EXIST::FUNCTION:
+POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_ciphers                 2620	EXIST::FUNCTION:
+BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+DSO_set_filename                        2622	EXIST::FUNCTION:
+ASN1_item_free                          2623	EXIST::FUNCTION:
+KRB5_TKTBODY_free                       2624	EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2625	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:
+i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      2632	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      2632	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_error_string                     2633	EXIST::FUNCTION:
+KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+ENGINE_load_ubsec                       2636	EXIST::FUNCTION:
+ENGINE_register_all_digests             2637	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+ASN1_item_unpack                        2640	EXIST::FUNCTION:
+NETSCAPE_SPKAC_it                       2641	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2641	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REVOKED_it                         2642	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         2642	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_STRING_encode                      2643	EXIST::FUNCTION:
+EVP_aes_128_ecb                         2644	EXIST::FUNCTION:AES
+KRB5_AUTHENT_free                       2645	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      2646	EXIST:!VMS:FUNCTION:
+OCSP_BASICRESP_get_ext_by_crit          2646	EXIST:VMS:FUNCTION:
+OCSP_cert_status_str                    2647	EXIST::FUNCTION:
+d2i_OCSP_REQUEST                        2648	EXIST::FUNCTION:
+UI_dup_info_string                      2649	EXIST::FUNCTION:
+_ossl_old_des_xwhite_in2out             2650	EXIST::FUNCTION:DES
+PKCS12_it                               2651	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               2651	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2652	EXIST:!VMS:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_crit         2652	EXIST:VMS:FUNCTION:
+OCSP_CERTSTATUS_free                    2653	EXIST::FUNCTION:
+_ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+ASN1_item_i2d                           2655	EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+ENGINE_load_openssl                     2657	EXIST::FUNCTION:
+ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:
+ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:
+ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:
+EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+ENGINE_set_default_digests              2661	EXIST::FUNCTION:
+X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+asn1_ex_i2c                             2663	EXIST::FUNCTION:
+ENGINE_register_RSA                     2664	EXIST::FUNCTION:
+ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:
+_ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENT                        2668	EXIST::FUNCTION:
+SXNETID_it                              2669	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              2669	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SINGLERESP                     2670	EXIST::FUNCTION:
+EDIPARTYNAME_new                        2671	EXIST::FUNCTION:
+PKCS12_certbag2x509                     2672	EXIST::FUNCTION:
+_ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+ENGINE_set_ciphers                      2676	EXIST::FUNCTION:
+d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+UI_method_get_flusher                   2678	EXIST::FUNCTION:
+X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          2679	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_read                  2680	EXIST::FUNCTION:DES
+PKCS7_ENCRYPT_it                        2681	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2681	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_RESPONSE                       2682	EXIST::FUNCTION:
+EC_GROUP_get_cofactor                   2683	EXIST::FUNCTION:EC
+PKCS12_unpack_p7data                    2684	EXIST::FUNCTION:
+d2i_KRB5_AUTHDATA                       2685	EXIST::FUNCTION:
+OCSP_copy_nonce                         2686	EXIST::FUNCTION:
+KRB5_AUTHDATA_new                       2687	EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2688	EXIST::FUNCTION:
+EC_GFp_mont_method                      2689	EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_free                   2690	EXIST::FUNCTION:
+UI_get_ex_data                          2691	EXIST::FUNCTION:
+KRB5_APREQBODY_free                     2692	EXIST::FUNCTION:
+EC_GROUP_get0_generator                 2693	EXIST::FUNCTION:EC
+UI_get_default_method                   2694	EXIST::FUNCTION:
+X509V3_set_nconf                        2695	EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt                 2696	EXIST::FUNCTION:
+X509_add1_ext_i2d                       2697	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    2698	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    2698	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_PRINCNAME_new                      2699	EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2700	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2700	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_order                      2701	EXIST::FUNCTION:EC
+d2i_OCSP_RESPID                         2702	EXIST::FUNCTION:
+OCSP_request_verify                     2703	EXIST::FUNCTION:
+NCONF_get_number_e                      2704	EXIST::FUNCTION:
+_ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+X509_signature_print                    2706	EXIST::FUNCTION:EVP
+OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:
+i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+EVP_MD_CTX_create                       2712	EXIST::FUNCTION:
+OCSP_resp_find_status                   2713	EXIST::FUNCTION:
+X509_ALGOR_it                           2714	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           2714	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_TIME_it                            2715	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2715	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_set1_name                  2716	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               2717	EXIST::FUNCTION:
+UI_get0_result                          2718	EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2719	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2719	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_256_ecb                         2720	EXIST::FUNCTION:AES
+PKCS12_pack_authsafes                   2721	EXIST::FUNCTION:
+ASN1_IA5STRING_it                       2722	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       2722	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_input_flags                      2723	EXIST::FUNCTION:
+EC_GROUP_set_generator                  2724	EXIST::FUNCTION:EC
+_ossl_old_des_string_to_2keys           2725	EXIST::FUNCTION:DES
+OCSP_CERTID_free                        2726	EXIST::FUNCTION:
+X509_CERT_AUX_it                        2727	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        2727	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+RAND_set_rand_engine                    2730	EXIST::FUNCTION:
+DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2733	EXIST::FUNCTION:
+PKCS12_decrypt_skey                     2734	EXIST::FUNCTION:
+KRB5_AUTHENT_it                         2735	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENT_it                         2735	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_error_string                     2736	EXIST::FUNCTION:
+RSAPublicKey_it                         2737	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         2737	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+i2d_OCSP_REQUEST                        2738	EXIST::FUNCTION:
+PKCS12_x509crl2certbag                  2739	EXIST::FUNCTION:
+OCSP_SERVICELOC_it                      2740	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SERVICELOC_it                      2740	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_sign                          2741	EXIST::FUNCTION:EVP
+X509_CRL_set_issuer_name                2742	EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2743	EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      2744	EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+ENGINE_get_digest                       2748	EXIST::FUNCTION:
+OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ACCESS_DESCRIPTION_it                   2751	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2751	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBE2PARAM_it                            2753	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            2753	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_cipher                       2756	EXIST::FUNCTION:
+i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:
+RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_DSA                     2762	EXIST::FUNCTION:
+X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:
+PKCS8_decrypt                           2765	EXIST::FUNCTION:
+PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2767	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_CRLID                          2768	EXIST::FUNCTION:
+EC_POINT_is_on_curve                    2769	EXIST::FUNCTION:EC
+CRYPTO_set_locked_mem_ex_functions      2770	EXIST:!VMS:FUNCTION:
+CRYPTO_set_locked_mem_ex_funcs          2770	EXIST:VMS:FUNCTION:
+d2i_KRB5_CHECKSUM                       2771	EXIST::FUNCTION:
+ASN1_item_dup                           2772	EXIST::FUNCTION:
+X509_it                                 2773	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 2773	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add                              2774	EXIST::FUNCTION:
+KRB5_AUTHDATA_free                      2775	EXIST::FUNCTION:
+_ossl_old_des_cbc_cksum                 2776	EXIST::FUNCTION:DES
+ASN1_item_verify                        2777	EXIST::FUNCTION:EVP
+CRYPTO_set_mem_ex_functions             2778	EXIST::FUNCTION:
+EC_POINT_get_Jprojective_coordinates_GFp 2779	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_Jproj_coords_GFp           2779	EXIST:VMS:FUNCTION:EC
+ZLONG_it                                2780	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it                                2780	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_get_locked_mem_ex_functions      2781	EXIST:!VMS:FUNCTION:
+CRYPTO_get_locked_mem_ex_funcs          2781	EXIST:VMS:FUNCTION:
+ASN1_TIME_check                         2782	EXIST::FUNCTION:
+UI_get0_user_data                       2783	EXIST::FUNCTION:
+HMAC_CTX_cleanup                        2784	EXIST::FUNCTION:HMAC
+DSA_up_ref                              2785	EXIST::FUNCTION:DSA
+_ossl_old_des_ede3_cfb64_encrypt        2786	EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt           2786	EXIST:VMS:FUNCTION:DES
+ASN1_BMPSTRING_it                       2787	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       2787	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_tag2bit                            2788	EXIST::FUNCTION:
+UI_method_set_flusher                   2789	EXIST::FUNCTION:
+X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:
+UI_add_user_data                        2793	EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+UI_get_method                           2795	EXIST::FUNCTION:
+OCSP_ONEREQ_free                        2796	EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_it                 2797	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 2797	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_nextUpdate                 2798	EXIST::FUNCTION:
+OCSP_REQUEST_it                         2799	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQUEST_it                         2799	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_it                       2800	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_BASICRESP_it                       2800	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_ecb_encrypt                         2801	EXIST::FUNCTION:AES
+BN_mod_sqr                              2802	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAMES_it                        2804	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2804	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2805	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2805	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_FBOOLEAN_it                        2806	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_ex_data                          2807	EXIST::FUNCTION:
+_ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:
+d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_digests               2813	EXIST::FUNCTION:
+d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+ENGINE_get_digests                      2816	EXIST::FUNCTION:
+_ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+OTHERNAME_it                            2820	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2820	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_cleanup                      2821	EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2822	EXIST::FUNCTION:
+X509_CRL_set_version                    2823	EXIST::FUNCTION:
+BN_mod_sub                              2824	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:
+OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             2829	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINTs_make_affine                   2830	EXIST::FUNCTION:EC
+EC_POINT_mul                            2831	EXIST::FUNCTION:EC
+X509V3_EXT_add_nconf                    2832	EXIST::FUNCTION:
+X509_TRUST_set                          2833	EXIST::FUNCTION:
+X509_CRL_add1_ext_i2d                   2834	EXIST::FUNCTION:
+_ossl_old_des_fcrypt                    2835	EXIST::FUNCTION:DES
+DISPLAYTEXT_it                          2836	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          2836	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_lastUpdate                 2837	EXIST::FUNCTION:
+OCSP_BASICRESP_free                     2838	EXIST::FUNCTION:
+OCSP_BASICRESP_add1_ext_i2d             2839	EXIST::FUNCTION:
+d2i_KRB5_AUTHENTBODY                    2840	EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       2841	EXIST:!VMS:FUNCTION:
+CRYPTO_set_ex_data_impl                 2841	EXIST:VMS:FUNCTION:
+KRB5_ENCDATA_new                        2842	EXIST::FUNCTION:
+DSO_up_ref                              2843	EXIST::FUNCTION:
+OCSP_crl_reason_str                     2844	EXIST::FUNCTION:
+UI_get0_result_string                   2845	EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  2846	EXIST::FUNCTION:
+X509_SIG_it                             2847	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             2847	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_set_implementation                  2848	EXIST::FUNCTION:
+ERR_load_EC_strings                     2849	EXIST::FUNCTION:EC
+UI_get0_action_string                   2850	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext                     2851	EXIST::FUNCTION:
+EC_POINT_method_of                      2852	EXIST::FUNCTION:EC
+i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+_ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+ENGINE_get_ex_data                      2856	EXIST::FUNCTION:
+UI_destroy_method                       2857	EXIST::FUNCTION:
+ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+ASN1_primitive_new                      2860	EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       2861	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       2861	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_ecb                         2862	EXIST::FUNCTION:AES
+OCSP_SIGNATURE_new                      2863	EXIST::FUNCTION:
+LONG_it                                 2864	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it                                 2864	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_VISIBLESTRING_it                   2865	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   2865	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            2866	EXIST::FUNCTION:
+d2i_OCSP_CERTID                         2867	EXIST::FUNCTION:
+ASN1_item_d2i_fp                        2868	EXIST::FUNCTION:FP_API
+CRL_DIST_POINTS_it                      2869	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      2869	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAME_print                      2870	EXIST::FUNCTION:
+OCSP_SINGLERESP_delete_ext              2871	EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      2872	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:
+OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      2878	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_it                             2879	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             2879	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_cbc_encrypt               2880	EXIST::FUNCTION:DES
+ERR_unload_strings                      2881	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EDIPARTYNAME_free                       2883	EXIST::FUNCTION:
+OCSP_REQINFO_free                       2884	EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  2885	EXIST::FUNCTION:EC
+OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+asn1_ex_c2i                             2888	EXIST::FUNCTION:
+ENGINE_register_digests                 2889	EXIST::FUNCTION:
+i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+asn1_enc_restore                        2891	EXIST::FUNCTION:
+UI_free                                 2892	EXIST::FUNCTION:
+UI_new_method                           2893	EXIST::FUNCTION:
+EVP_EncryptInit_ex                      2894	EXIST::FUNCTION:
+X509_pubkey_digest                      2895	EXIST::FUNCTION:EVP
+EC_POINT_invert                         2896	EXIST::FUNCTION:EC
+OCSP_basic_sign                         2897	EXIST::FUNCTION:
+i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+OCSP_check_nonce                        2899	EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:
+d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+OCSP_parse_url                          2902	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+OCSP_CRLID_free                         2904	EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ENGINE_register_all_DH                  2907	EXIST::FUNCTION:
+i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+ENGINE_get_flags                        2911	EXIST::FUNCTION:
+OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_process                              2913	EXIST::FUNCTION:
+ASN1_INTEGER_it                         2914	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+UI_get_string_type                      2916	EXIST::FUNCTION:
+ENGINE_unregister_DH                    2917	EXIST::FUNCTION:
+ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+bn_dup_expand                           2920	EXIST::FUNCTION:
+OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2922	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2922	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2923	EXIST::FUNCTION:
+EC_POINT_new                            2924	EXIST::FUNCTION:EC
+EVP_MD_CTX_destroy                      2925	EXIST::FUNCTION:
+OCSP_RESPBYTES_free                     2926	EXIST::FUNCTION:
+EVP_aes_128_cbc                         2927	EXIST::FUNCTION:AES
+OCSP_SINGLERESP_get1_ext_d2i            2928	EXIST::FUNCTION:
+EC_POINT_free                           2929	EXIST::FUNCTION:EC
+DH_up_ref                               2930	EXIST::FUNCTION:DH
+X509_NAME_ENTRY_it                      2931	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2931	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_ex_new_index                     2932	EXIST::FUNCTION:
+BN_mod_sub_quick                        2933	EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+OCSP_request_sign                       2935	EXIST::FUNCTION:
+EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+ENGINE_set_digests                      2937	EXIST::FUNCTION:
+OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+ENGINE_register_complete                2941	EXIST::FUNCTION:
+X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_default_method                   2944	EXIST::FUNCTION:
+RAND_query_egd_bytes                    2945	EXIST::FUNCTION:
+UI_method_get_writer                    2946	EXIST::FUNCTION:
+UI_OpenSSL                              2947	EXIST::FUNCTION:
+PEM_def_callback                        2948	EXIST::FUNCTION:
+ENGINE_cleanup                          2949	EXIST::FUNCTION:
+DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SINGLERESP_it                      2951	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_KRB5_TKTBODY                        2952	EXIST::FUNCTION:
+EC_POINT_cmp                            2953	EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_new                    2954	EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2955	EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   2956	EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2957	EXIST::FUNCTION:
+BN_mod_lshift1_quick                    2958	EXIST::FUNCTION:
+UI_set_method                           2959	EXIST::FUNCTION:
+OCSP_id_get0_info                       2960	EXIST::FUNCTION:
+BN_mod_sqrt                             2961	EXIST::FUNCTION:
+EC_GROUP_copy                           2962	EXIST::FUNCTION:EC
+KRB5_ENCDATA_free                       2963	EXIST::FUNCTION:
+_ossl_old_des_cfb_encrypt               2964	EXIST::FUNCTION:DES
+OCSP_SINGLERESP_get_ext_by_OBJ          2965	EXIST::FUNCTION:
+OCSP_cert_to_id                         2966	EXIST::FUNCTION:
+OCSP_RESPID_new                         2967	EXIST::FUNCTION:
+OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+ENGINE_register_all_complete            2970	EXIST::FUNCTION:
+OCSP_check_validity                     2971	EXIST::FUNCTION:
+PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_url_svcloc_new                     2973	EXIST::FUNCTION:
+ASN1_template_free                      2974	EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 2975	EXIST::FUNCTION:
+KRB5_AUTHENTBODY_it                     2976	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENTBODY_it                     2976	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_supported_extension                2977	EXIST::FUNCTION:
+i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+UI_method_get_opener                    2979	EXIST::FUNCTION:
+ENGINE_set_ex_data                      2980	EXIST::FUNCTION:
+OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_TICKET_new                         2983	EXIST::FUNCTION:
+KRB5_APREQ_new                          2984	EXIST::FUNCTION:
+EC_GROUP_get_curve_GFp                  2985	EXIST::FUNCTION:EC
+KRB5_ENCKEY_new                         2986	EXIST::FUNCTION:
+ASN1_template_d2i                       2987	EXIST::FUNCTION:
+_ossl_old_des_quad_cksum                2988	EXIST::FUNCTION:DES
+OCSP_single_get0_status                 2989	EXIST::FUNCTION:
+BN_swap                                 2990	EXIST::FUNCTION:
+POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_set_destroy_function             2992	EXIST::FUNCTION:
+asn1_enc_free                           2993	EXIST::FUNCTION:
+OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_new                            2995	EXIST::FUNCTION:EC
+EVP_aes_256_cbc                         2996	EXIST::FUNCTION:AES
+i2d_KRB5_PRINCNAME                      2997	EXIST::FUNCTION:
+_ossl_old_des_encrypt2                  2998	EXIST::FUNCTION:DES
+_ossl_old_des_encrypt3                  2999	EXIST::FUNCTION:DES
+PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_it                         3001	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQINFO_it                         3001	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBEPARAM_it                             3002	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             3002	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_AUTHENTBODY_new                    3003	EXIST::FUNCTION:
+X509_CRL_add0_revoked                   3004	EXIST::FUNCTION:
+EDIPARTYNAME_it                         3005	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         3005	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get0_test_string                     3007	EXIST::FUNCTION:
+ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:
+ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:
+EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+BN_kronecker                            3011	EXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt           3012	EXIST:VMS:FUNCTION:DES
+UI_method_get_reader                    3013	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_count            3014	EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      3015	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      3015	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_result                           3016	EXIST::FUNCTION:
+i2d_KRB5_TICKET                         3017	EXIST::FUNCTION:
+X509_print_ex_fp                        3018	EXIST::FUNCTION:FP_API
+EVP_CIPHER_CTX_set_padding              3019	EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       3020	EXIST::FUNCTION:
+ASN1_UTCTIME_it                         3021	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         3021	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_write                 3022	EXIST::FUNCTION:DES
+OCSP_RESPONSE_new                       3023	EXIST::FUNCTION:
+AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+OCSP_resp_count                         3025	EXIST::FUNCTION:
+KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+ENGINE_load_cswift                      3027	EXIST::FUNCTION:
+OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:
+NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3032	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REVOKEDINFO_it                     3032	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_encrypt                             3033	EXIST::FUNCTION:AES
+OCSP_REQUEST_new                        3034	EXIST::FUNCTION:
+ASN1_ANY_it                             3035	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             3035	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ex_data_new_class                3036	EXIST::FUNCTION:
+_ossl_old_des_ncbc_encrypt              3037	EXIST::FUNCTION:DES
+i2d_KRB5_TKTBODY                        3038	EXIST::FUNCTION:
+EC_POINT_clear_free                     3039	EXIST::FUNCTION:EC
+AES_decrypt                             3040	EXIST::FUNCTION:AES
+asn1_enc_init                           3041	EXIST::FUNCTION:
+UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:
+UI_method_get_closer                    3045	EXIST::FUNCTION:
+d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+OCSP_basic_verify                       3048	EXIST::FUNCTION:
+KRB5_AUTHENTBODY_free                   3049	EXIST::FUNCTION:
+ASN1_item_d2i                           3050	EXIST::FUNCTION:
+ASN1_primitive_free                     3051	EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+asn1_enc_save                           3054	EXIST::FUNCTION:
+ENGINE_load_nuron                       3055	EXIST::FUNCTION:
+_ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_accept_responses_new               3058	EXIST::FUNCTION:
+asn1_do_lock                            3059	EXIST::FUNCTION:
+PKCS7_ATTR_VERIFY_it                    3060	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    3060	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_it                       3061	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQBODY_it                       3061	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_SINGLERESP                     3062	EXIST::FUNCTION:
+ASN1_item_ex_new                        3063	EXIST::FUNCTION:
+UI_add_verify_string                    3064	EXIST::FUNCTION:
+_ossl_old_des_set_key                   3065	EXIST::FUNCTION:DES
+KRB5_PRINCNAME_it                       3066	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_PRINCNAME_it                       3066	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DecryptInit_ex                      3067	EXIST::FUNCTION:
+i2d_OCSP_CERTID                         3068	EXIST::FUNCTION:
+ASN1_item_d2i_bio                       3069	EXIST::FUNCTION:BIO
+EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+asn1_get_choice_selector                3071	EXIST::FUNCTION:
+i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+ENGINE_set_table_flags                  3073	EXIST::FUNCTION:
+AES_options                             3074	EXIST::FUNCTION:AES
+ENGINE_load_chil                        3075	EXIST::FUNCTION:
+OCSP_id_cmp                             3076	EXIST::FUNCTION:
+OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_destroy_function             3080	EXIST::FUNCTION:
+CONF_set_nconf                          3081	EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+DIST_POINT_NAME_it                      3084	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      3084	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_extensions_print                 3085	EXIST::FUNCTION:
+_ossl_old_des_cfb64_encrypt             3086	EXIST::FUNCTION:DES
+X509_REVOKED_add1_ext_i2d               3087	EXIST::FUNCTION:
+_ossl_old_des_ofb_encrypt               3088	EXIST::FUNCTION:DES
+KRB5_TKTBODY_new                        3089	EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    3090	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    3090	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_UI_strings                     3091	EXIST::FUNCTION:
+i2d_KRB5_ENCKEY                         3092	EXIST::FUNCTION:
+ASN1_template_new                       3093	EXIST::FUNCTION:
+OCSP_SIGNATURE_free                     3094	EXIST::FUNCTION:
+ASN1_item_i2d_fp                        3095	EXIST::FUNCTION:FP_API
+KRB5_PRINCNAME_free                     3096	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3097	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3097	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_it                   3098	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   3098	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GFp_simple_method                    3099	EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult                3100	EXIST::FUNCTION:EC
+OCSP_request_onereq_get0                3101	EXIST::FUNCTION:
+UI_method_set_writer                    3102	EXIST::FUNCTION:
+KRB5_AUTHENT_new                        3103	EXIST::FUNCTION:
+X509_CRL_INFO_it                        3104	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        3104	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_set_name_converter                  3105	EXIST::FUNCTION:
+AES_set_decrypt_key                     3106	EXIST::FUNCTION:AES
+PKCS7_DIGEST_it                         3107	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3107	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_x5092certbag                     3108	EXIST::FUNCTION:
+EVP_DigestInit_ex                       3109	EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3110	EXIST::FUNCTION:
+OCSP_RESPONSE_it                        3111	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPONSE_it                        3111	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ENC_CONTENT_it                    3112	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3112	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add0_id                    3113	EXIST::FUNCTION:
+EC_POINT_make_affine                    3114	EXIST::FUNCTION:EC
+DSO_get_filename                        3115	EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      3116	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTSTATUS_it                      3116	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add1_cert                  3117	EXIST::FUNCTION:
+UI_get0_output_string                   3118	EXIST::FUNCTION:
+UI_dup_verify_string                    3119	EXIST::FUNCTION:
+BN_mod_lshift                           3120	EXIST::FUNCTION:
+KRB5_AUTHDATA_it                        3121	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHDATA_it                        3121	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+asn1_set_choice_selector                3122	EXIST::FUNCTION:
+OCSP_basic_add1_status                  3123	EXIST::FUNCTION:
+OCSP_RESPID_free                        3124	EXIST::FUNCTION:
+asn1_get_field_ptr                      3125	EXIST::FUNCTION:
+UI_add_input_string                     3126	EXIST::FUNCTION:
+OCSP_CRLID_it                           3127	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+ENGINE_load_atalla                      3130	EXIST::FUNCTION:
+X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3132	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_new                        3133	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext                  3134	EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3135	EXIST:!VMS:FUNCTION:
+CRYPTO_get_ex_data_impl                 3135	EXIST:VMS:FUNCTION:
+ASN1_item_pack                          3136	EXIST::FUNCTION:
+i2d_KRB5_ENCDATA                        3137	EXIST::FUNCTION:
+X509_PURPOSE_set                        3138	EXIST::FUNCTION:
+X509_REQ_INFO_it                        3139	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        3139	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_opener                    3140	EXIST::FUNCTION:
+ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_table_flags                  3143	EXIST::FUNCTION:
+UI_create_method                        3144	EXIST::FUNCTION:
+OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+_shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   3146	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+d2i_OCSP_REQINFO                        3147	EXIST::FUNCTION:
+UI_add_info_string                      3148	EXIST::FUNCTION:
+UI_get_result_minsize                   3149	EXIST::FUNCTION:
+ASN1_NULL_it                            3150	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            3150	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_lshift1                          3151	EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3152	EXIST::FUNCTION:
+OCSP_ONEREQ_new                         3153	EXIST::FUNCTION:
+KRB5_TICKET_it                          3154	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TICKET_it                          3154	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_cbc                         3155	EXIST::FUNCTION:AES
+KRB5_TICKET_free                        3156	EXIST::FUNCTION:
+UI_new                                  3157	EXIST::FUNCTION:
+OCSP_response_create                    3158	EXIST::FUNCTION:
+_ossl_old_des_xcbc_encrypt              3159	EXIST::FUNCTION:DES
+PKCS7_it                                3160	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+ENGINE_set_flags                        3162	EXIST::FUNCTION:
+_ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+EVP_Digest                              3165	EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  3166	EXIST::FUNCTION:
+ASN1_TBOOLEAN_it                        3167	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        3167	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_new                           3168	EXIST::FUNCTION:
+ASN1_TIME_to_generalizedtime            3169	EXIST::FUNCTION:
+BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:
+ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:
+OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+UI_method_set_reader                    3174	EXIST::FUNCTION:
+i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+EC_POINT_set_to_infinity                3176	EXIST::FUNCTION:EC
+ERR_load_OCSP_strings                   3177	EXIST::FUNCTION:
+EC_POINT_point2oct                      3178	EXIST::FUNCTION:EC
+KRB5_APREQ_free                         3179	EXIST::FUNCTION:
+ASN1_OBJECT_it                          3180	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          3180	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_crlID_new                          3181	EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+OCSP_crlID2_new                         3181	EXIST:OS2,VMS,WIN16:FUNCTION:
+CONF_modules_load_file                  3182	EXIST::FUNCTION:
+CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+ENGINE_set_default_string               3184	EXIST::FUNCTION:
+CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+CONF_modules_finish                     3187	EXIST::FUNCTION:
+OPENSSL_config                          3188	EXIST::FUNCTION:
+CONF_modules_unload                     3189	EXIST::FUNCTION:
+CONF_imodule_get_value                  3190	EXIST::FUNCTION:
+CONF_module_set_usr_data                3191	EXIST::FUNCTION:
+CONF_parse_list                         3192	EXIST::FUNCTION:
+CONF_module_add                         3193	EXIST::FUNCTION:
+CONF_get1_default_config_file           3194	EXIST::FUNCTION:
+CONF_imodule_get_flags                  3195	EXIST::FUNCTION:
+CONF_imodule_get_module                 3196	EXIST::FUNCTION:
+CONF_modules_load                       3197	EXIST::FUNCTION:
+CONF_imodule_get_name                   3198	EXIST::FUNCTION:
+ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+ENGINE_add_conf_module                  3202	EXIST::FUNCTION:
+ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+ERR_peek_last_error                     3205	EXIST::FUNCTION:
+DES_read_2passwords                     3206	EXIST::FUNCTION:DES
+DES_read_password                       3207	EXIST::FUNCTION:DES
+UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+ENGINE_load_aep                         3210	EXIST::FUNCTION:
+ENGINE_load_sureware                    3211	EXIST::FUNCTION:
+OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_conf               3213	EXIST:VMS:FUNCTION:
+OPENSSL_load_builtin_modules            3214	EXIST::FUNCTION:
+AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+ENGINE_load_4758cca                     3218	EXIST::FUNCTION:
+_ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+EVP_aes_128_cfb                         3222	EXIST::FUNCTION:AES
+EVP_aes_256_cfb                         3223	EXIST::FUNCTION:AES
+EVP_aes_128_ofb                         3224	EXIST::FUNCTION:AES
+EVP_aes_192_cfb                         3225	EXIST::FUNCTION:AES
+CONF_modules_free                       3226	EXIST::FUNCTION:
+NCONF_default                           3227	EXIST::FUNCTION:
+OPENSSL_no_config                       3228	EXIST::FUNCTION:
+NCONF_WIN32                             3229	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                3230	EXIST::FUNCTION:
+EVP_des_ede_ecb                         3231	EXIST::FUNCTION:DES
+i2d_ASN1_UNIVERSALSTRING                3232	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               3233	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_it                 3234	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 3234	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+ENGINE_up_ref                           3238	EXIST::FUNCTION:
+BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+BUF_strlcat                             3241	EXIST::FUNCTION:
+BIO_indent                              3242	EXIST::FUNCTION:
+BUF_strlcpy                             3243	EXIST::FUNCTION:
+OpenSSLDie                              3244	EXIST::FUNCTION:
+OPENSSL_cleanse                         3245	EXIST::FUNCTION:
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
index 4cc7881..751fc75 100755
--- a/crypto/openssl/util/mk1mf.pl
+++ b/crypto/openssl/util/mk1mf.pl
@@ -24,6 +24,7 @@ $infile="MINFO";
 
 %ops=(
 	"VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+	"VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
 	"VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
 	"VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
 	"VC-WIN16",   "Alias for VC-W31-32",
@@ -37,6 +38,7 @@ $infile="MINFO";
 	"linux-elf","Linux elf",
 	"ultrix-mips","DEC mips ultrix",
 	"FreeBSD","FreeBSD distribution",
+	"OS2-EMX", "EMX GCC OS/2",
 	"default","cc under unix",
 	);
 
@@ -54,12 +56,14 @@ foreach (@ARGV)
 and [options] can be one of
 	no-md2 no-md4 no-md5 no-sha no-mdc2	- Skip this digest
 	no-ripemd
-	no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
-	no-rc5
+	no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
+	no-bf no-cast no-aes
 	no-rsa no-dsa no-dh			- Skip this public key cipher
 	no-ssl2 no-ssl3				- Skip this version of SSL
 	just-ssl				- remove all non-ssl keys/digest
 	no-asm 					- No x86 asm
+	no-krb5					- No KRB5
+	no-ec					- No EC
 	nasm 					- Use NASM for x86 asm
 	gaswin					- Use GNU as with Mingw32
 	no-socks				- No socket code
@@ -68,7 +72,6 @@ and [options] can be one of
 	debug					- Debug build
         profile                                 - Profiling build
 	gcc					- Use Gcc (unix)
-	rsaref					- Build to require RSAref
 
 Values that can be set
 TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
@@ -81,7 +84,7 @@ EOF
 		}
 	$platform=$_;
 	}
-foreach (split / /, $OPTIONS)
+foreach (grep(!/^$/, split(/ /, $OPTIONS)))
 	{
 	print STDERR "unknown option - $_\n" if !&read_options;
 	}
@@ -91,7 +94,7 @@ $no_mdc2=1 if ($no_des);
 $no_ssl3=1 if ($no_md5 || $no_sha);
 $no_ssl3=1 if ($no_rsa && $no_dh);
 
-$no_ssl2=1 if ($no_md5 || $no_rsa);
+$no_ssl2=1 if ($no_md5);
 $no_ssl2=1 if ($no_rsa);
 
 $out_def="out";
@@ -101,7 +104,6 @@ $tmp_def="tmp";
 $mkdir="-mkdir";
 
 ($ssl,$crypto)=("ssl","crypto");
-$RSAglue="RSAglue";
 $ranlib="echo ranlib";
 
 $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -136,6 +138,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
 	$NT = 1 if $platform eq "VC-NT";
 	require 'VC-32.pl';
 	}
+elsif ($platform eq "VC-CE")
+	{
+	require 'VC-CE.pl';
+	}
 elsif ($platform eq "Mingw32")
 	{
 	require 'Mingw32.pl';
@@ -183,6 +189,11 @@ elsif ($platform eq "ultrix-mips")
 	require "ultrix.pl";
 	$unix=1;
 	}
+elsif ($platform eq "OS2-EMX")
+	{
+	$wc=1;
+	require 'OS2-EMX.pl';
+	}
 else
 	{
 	require "unix.pl";
@@ -197,28 +208,31 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
 
 $bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
 
-$cflags.=" -DNO_IDEA" if $no_idea;
-$cflags.=" -DNO_RC2"  if $no_rc2;
-$cflags.=" -DNO_RC4"  if $no_rc4;
-$cflags.=" -DNO_RC5"  if $no_rc5;
-$cflags.=" -DNO_MD2"  if $no_md2;
-$cflags.=" -DNO_MD4"  if $no_md4;
-$cflags.=" -DNO_MD5"  if $no_md5;
-$cflags.=" -DNO_SHA"  if $no_sha;
-$cflags.=" -DNO_SHA1" if $no_sha1;
-$cflags.=" -DNO_RIPEMD" if $no_rmd160;
-$cflags.=" -DNO_MDC2" if $no_mdc2;
-$cflags.=" -DNO_BF"  if $no_bf;
-$cflags.=" -DNO_CAST" if $no_cast;
-$cflags.=" -DNO_DES"  if $no_des;
-$cflags.=" -DNO_RSA"  if $no_rsa;
-$cflags.=" -DNO_DSA"  if $no_dsa;
-$cflags.=" -DNO_DH"   if $no_dh;
-$cflags.=" -DNO_SOCK" if $no_sock;
-$cflags.=" -DNO_SSL2" if $no_ssl2;
-$cflags.=" -DNO_SSL3" if $no_ssl3;
-$cflags.=" -DNO_ERR"  if $no_err;
-$cflags.=" -DRSAref"  if $rsaref ne "";
+$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
+$cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
+$cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
+$cflags.=" -DOPENSSL_NO_RC4"  if $no_rc4;
+$cflags.=" -DOPENSSL_NO_RC5"  if $no_rc5;
+$cflags.=" -DOPENSSL_NO_MD2"  if $no_md2;
+$cflags.=" -DOPENSSL_NO_MD4"  if $no_md4;
+$cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+$cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160;
+$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+$cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+$cflags.=" -DOPENSSL_NO_DES"  if $no_des;
+$cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
+$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
+$cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
+$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
+$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
+$cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+$cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
+#$cflags.=" -DRSAref"  if $rsaref ne "";
 
 ## if ($unix)
 ##	{ $cflags="$c_flags" if ($c_flags ne ""); }
@@ -227,6 +241,9 @@ $cflags.=" -DRSAref"  if $rsaref ne "";
 
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 
+%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
+		  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
+
 if ($msdos)
 	{
 	$banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
@@ -254,6 +271,17 @@ $defs= <<"EOF";
 # The one monster makefile better suits building in non-unix
 # environments.
 
+EOF
+
+if ($platform eq "VC-CE")
+	{
+	$defs.= <<"EOF";
+!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
+
+EOF
+	}
+
+$defs.= <<"EOF";
 INSTALLTOP=$INSTALLTOP
 
 # Set your compiler options
@@ -319,7 +347,6 @@ ASM=$bin_dir$asm
 E_EXE=openssl
 SSL=$ssl
 CRYPTO=$crypto
-RSAGLUE=$RSAglue
 
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
@@ -338,14 +365,12 @@ INCL_D=\$(TMP_D)
 
 O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
 O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
 SO_SSL=    $plib\$(SSL)$so_shlibp
 SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
 L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
 
 L_LIBS= \$(L_SSL) \$(L_CRYPTO)
-#L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
 
 ######################################################
 # Don't touch anything below this point
@@ -355,7 +380,7 @@ INC=-I\$(INC_D) -I\$(INCL_D)
 APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
 LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
 SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 
 #############################################
 EOF
@@ -527,20 +552,12 @@ foreach (values %lib_nam)
 	$lib_obj=$lib_obj{$_};
 	local($slib)=$shlib;
 
-	$slib=0 if ($_ eq "RSAGLUE");
-
 	if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
 		{
 		$rules.="\$(O_SSL):\n\n"; 
 		next;
 		}
 
-	if (($_ eq "RSAGLUE") && $no_rsa)
-		{
-		$rules.="\$(O_RSAGLUE):\n\n"; 
-		next;
-		}
-
 	if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
 		{
 		$lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
@@ -593,7 +610,7 @@ foreach (values %lib_nam)
 		$rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
 		}
 	$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
-	$lib=($slib)?" \$(SHLIB_CFLAGS)":" \$(LIB_CFLAGS)";
+	$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
 	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
 	}
 
@@ -606,8 +623,6 @@ foreach (split(/\s+/,$test))
 	}
 
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0,"")
-	unless $no_rsa;
 $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
 
 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
@@ -634,6 +649,7 @@ sub var_add
 	local(@a,$_,$ret);
 
 	return("") if $no_idea && $dir =~ /\/idea/;
+	return("") if $no_aes  && $dir =~ /\/aes/;
 	return("") if $no_rc2  && $dir =~ /\/rc2/;
 	return("") if $no_rc4  && $dir =~ /\/rc4/;
 	return("") if $no_rc5  && $dir =~ /\/rc5/;
@@ -659,7 +675,8 @@ sub var_add
 
 	@a=grep(!/^e_.*_3d$/,@a) if $no_des;
 	@a=grep(!/^e_.*_d$/,@a) if $no_des;
-	@a=grep(!/^e_.*_i$/,@a) if $no_idea;
+	@a=grep(!/^e_.*_ae$/,@a) if $no_idea;
+	@a=grep(!/^e_.*_i$/,@a) if $no_aes;
 	@a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
 	@a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
 	@a=grep(!/^e_.*_bf$/,@a) if $no_bf;
@@ -858,6 +875,7 @@ sub read_options
 	elsif (/^no-rc4$/)	{ $no_rc4=1; }
 	elsif (/^no-rc5$/)	{ $no_rc5=1; }
 	elsif (/^no-idea$/)	{ $no_idea=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
 	elsif (/^no-des$/)	{ $no_des=1; }
 	elsif (/^no-bf$/)	{ $no_bf=1; }
 	elsif (/^no-cast$/)	{ $no_cast=1; }
@@ -873,6 +891,7 @@ sub read_options
 	elsif (/^no-dsa$/)	{ $no_dsa=1; }
 	elsif (/^no-dh$/)	{ $no_dh=1; }
 	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
 	elsif (/^no-asm$/)	{ $no_asm=1; }
 	elsif (/^nasm$/)	{ $nasm=1; }
 	elsif (/^gaswin$/)	{ $gaswin=1; }
@@ -880,12 +899,15 @@ sub read_options
 	elsif (/^no-ssl3$/)	{ $no_ssl3=1; }
 	elsif (/^no-err$/)	{ $no_err=1; }
 	elsif (/^no-sock$/)	{ $no_sock=1; }
+	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+	elsif (/^no-ec$/)	{ $no_ec=1; }
 
 	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
 				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
-				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1;
+				  $no_aes=1; }
 
-	elsif (/^rsaref$/)	{ $rsaref=1; }
+	elsif (/^rsaref$/)	{ }
 	elsif (/^gcc$/)		{ $gcc=1; }
 	elsif (/^debug$/)	{ $debug=1; }
 	elsif (/^profile$/)	{ $profile=1; }
diff --git a/crypto/openssl/util/mkcerts.sh b/crypto/openssl/util/mkcerts.sh
index 5f8a1da..0184fcb 100755
--- a/crypto/openssl/util/mkcerts.sh
+++ b/crypto/openssl/util/mkcerts.sh
@@ -1,4 +1,4 @@
-#!bin/sh
+#!/bin/sh
 
 # This script will re-make all the required certs.
 # cd apps
@@ -12,8 +12,8 @@
 #
  
 CAbits=1024
-SSLEAY="../apps/ssleay"
-CONF="-config ../apps/ssleay.cnf"
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
 
 # create pca request.
 echo creating $CAbits bit PCA cert request
diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl
index d7b5e6f..adfd447 100755
--- a/crypto/openssl/util/mkdef.pl
+++ b/crypto/openssl/util/mkdef.pl
@@ -37,46 +37,61 @@
 # - "platforms" is empty if it exists on all platforms, otherwise it contains
 #   comma-separated list of the platform, just as they are if the symbol exists
 #   for those platforms, or prepended with a "!" if not.  This helps resolve
-#   symbol name replacements for platforms where the names are too long for the
+#   symbol name variants for platforms where the names are too long for the
 #   compiler or linker, or if the systems is case insensitive and there is a
-#   clash.  This script assumes those redefinitions are place in the file
-#   crypto/symhacks.h.
-#   The semantics for the platforms list is a bit complicated.  The rule of
-#   thumb is that the list is exclusive, but it seems to mean different things.
-#   So, if the list is all negatives (like "!VMS,!WIN16"), the symbol exists
-#   on all platforms except those listed.  If the list is all positives (like
-#   "VMS,WIN16"), the symbol exists only on those platforms and nowhere else.
-#   The combination of positives and negatives will act as if the positives
-#   weren't there.
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive itms, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
 # - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
 # - "algorithms" is a comma-separated list of algorithm names.  This helps
 #   exclude symbols that are part of an algorithm that some user wants to
 #   exclude.
 #
 
+my $debug=0;
+
 my $crypto_num= "util/libeay.num";
 my $ssl_num=    "util/ssleay.num";
+my $libname;
 
 my $do_update = 0;
-my $do_rewrite = 0;
+my $do_rewrite = 1;
 my $do_crypto = 0;
 my $do_ssl = 0;
 my $do_ctest = 0;
 my $do_ctestall = 0;
-my $rsaref = 0;
+my $do_checkexist = 0;
 
+my $VMSVAX=0;
+my $VMSAlpha=0;
 my $VMS=0;
 my $W32=0;
 my $W16=0;
 my $NT=0;
+my $OS2=0;
 # Set this to make typesafe STACK definitions appear in DEF
 my $safe_stack_def = 0;
 
-my @known_platforms = ( "__FreeBSD__", "VMS", "WIN16", "WIN32",
-			"WINNT", "PERL5", "NeXT" );
+my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
+			"EXPORT_VAR_AS_FUNCTION" );
+my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
-			 "CAST", "MD2", "MD4", "MD5", "SHA", "RIPEMD",
-			 "MDC2", "RSA", "DSA", "DH", "HMAC", "FP_API" );
+			 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
+			 "RIPEMD",
+			 "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
+			 # Envelope "algorithms"
+			 "EVP", "X509", "ASN1_TYPEDEFS",
+			 # Helper "algorithms"
+			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+			 "LOCKING",
+			 # External "algorithms"
+			 "FP_API", "STDIO", "SOCK", "KRB5" );
 
 my $options="";
 open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
@@ -91,28 +106,45 @@ close(IN);
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
 my $no_cast;
 my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_ec;
 my $no_fp_api;
 
 foreach (@ARGV, split(/ /, $options))
 	{
+	$debug=1 if $_ eq "debug";
 	$W32=1 if $_ eq "32";
 	$W16=1 if $_ eq "16";
 	if($_ eq "NT") {
 		$W32 = 1;
 		$NT = 1;
 	}
+	if ($_ eq "VMS-VAX") {
+		$VMS=1;
+		$VMSVAX=1;
+	}
+	if ($_ eq "VMS-Alpha") {
+		$VMS=1;
+		$VMSAlpha=1;
+	}
 	$VMS=1 if $_ eq "VMS";
-	$rsaref=1 if $_ eq "rsaref";
+	$OS2=1 if $_ eq "OS2";
 
 	$do_ssl=1 if $_ eq "ssleay";
-	$do_ssl=1 if $_ eq "ssl";
+	if ($_ eq "ssl") {
+		$do_ssl=1; 
+		$libname=$_
+	}
 	$do_crypto=1 if $_ eq "libeay";
-	$do_crypto=1 if $_ eq "crypto";
+	if ($_ eq "crypto") {
+		$do_crypto=1;
+		$libname=$_;
+	}
 	$do_update=1 if $_ eq "update";
 	$do_rewrite=1 if $_ eq "rewrite";
 	$do_ctest=1 if $_ eq "ctest";
 	$do_ctestall=1 if $_ eq "ctestall";
+	$do_checkexist=1 if $_ eq "exist";
 	#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
 
 	if    (/^no-rc2$/)      { $no_rc2=1; }
@@ -131,12 +163,33 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-rsa$/)      { $no_rsa=1; }
 	elsif (/^no-dsa$/)      { $no_dsa=1; }
 	elsif (/^no-dh$/)       { $no_dh=1; }
+	elsif (/^no-ec$/)       { $no_ec=1; }
 	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
+	elsif (/^no-evp$/)	{ $no_evp=1; }
+	elsif (/^no-lhash$/)	{ $no_lhash=1; }
+	elsif (/^no-stack$/)	{ $no_stack=1; }
+	elsif (/^no-err$/)	{ $no_err=1; }
+	elsif (/^no-buffer$/)	{ $no_buffer=1; }
+	elsif (/^no-bio$/)	{ $no_bio=1; }
+	#elsif (/^no-locking$/)	{ $no_locking=1; }
+	elsif (/^no-comp$/)	{ $no_comp=1; }
+	elsif (/^no-dso$/)	{ $no_dso=1; }
+	elsif (/^no-krb5$/)	{ $no_krb5=1; }
 	}
 
 
+if (!$libname) { 
+	if ($do_ssl) {
+		$libname="SSLEAY";
+	}
+	if ($do_crypto) {
+		$libname="LIBEAY";
+	}
+}
+
 # If no platform is given, assume WIN32
-if ($W32 + $W16 + $VMS == 0) {
+if ($W32 + $W16 + $VMS + $OS2 == 0) {
 	$W32 = 1;
 }
 
@@ -147,7 +200,7 @@ if ($W16) {
 
 if (!$do_ssl && !$do_crypto)
 	{
-	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ] [rsaref]\n";
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
 	exit(1);
 	}
 
@@ -157,50 +210,58 @@ $max_ssl = $max_num;
 $max_crypto = $max_num;
 
 my $ssl="ssl/ssl.h";
+$ssl.=" ssl/kssl.h";
 
 my $crypto ="crypto/crypto.h";
-$crypto.=" crypto/des/des.h" unless $no_des;
-$crypto.=" crypto/idea/idea.h" unless $no_idea;
-$crypto.=" crypto/rc4/rc4.h" unless $no_rc4;
-$crypto.=" crypto/rc5/rc5.h" unless $no_rc5;
-$crypto.=" crypto/rc2/rc2.h" unless $no_rc2;
-$crypto.=" crypto/bf/blowfish.h" unless $no_bf;
-$crypto.=" crypto/cast/cast.h" unless $no_cast;
-$crypto.=" crypto/md2/md2.h" unless $no_md2;
-$crypto.=" crypto/md4/md4.h" unless $no_md4;
-$crypto.=" crypto/md5/md5.h" unless $no_md5;
-$crypto.=" crypto/mdc2/mdc2.h" unless $no_mdc2;
-$crypto.=" crypto/sha/sha.h" unless $no_sha;
-$crypto.=" crypto/ripemd/ripemd.h" unless $no_ripemd;
+$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
+$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
+$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
+$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
+$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
+$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
 
 $crypto.=" crypto/bn/bn.h";
-$crypto.=" crypto/rsa/rsa.h" unless $no_rsa;
-$crypto.=" crypto/dsa/dsa.h" unless $no_dsa;
-$crypto.=" crypto/dh/dh.h" unless $no_dh;
-$crypto.=" crypto/hmac/hmac.h" unless $no_hmac;
-
-$crypto.=" crypto/stack/stack.h";
-$crypto.=" crypto/buffer/buffer.h";
-$crypto.=" crypto/bio/bio.h";
-$crypto.=" crypto/dso/dso.h";
-$crypto.=" crypto/lhash/lhash.h";
+$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
+$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+
+$crypto.=" crypto/engine/engine.h";
+$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
+$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
 $crypto.=" crypto/conf/conf.h";
 $crypto.=" crypto/txt_db/txt_db.h";
 
-$crypto.=" crypto/evp/evp.h";
+$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
 $crypto.=" crypto/objects/objects.h";
 $crypto.=" crypto/pem/pem.h";
 #$crypto.=" crypto/meth/meth.h";
 $crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1t.h";
 $crypto.=" crypto/asn1/asn1_mac.h";
-$crypto.=" crypto/err/err.h";
+$crypto.=" crypto/err/err.h" ; # unless $no_err;
 $crypto.=" crypto/pkcs7/pkcs7.h";
 $crypto.=" crypto/pkcs12/pkcs12.h";
 $crypto.=" crypto/x509/x509.h";
 $crypto.=" crypto/x509/x509_vfy.h";
 $crypto.=" crypto/x509v3/x509v3.h";
 $crypto.=" crypto/rand/rand.h";
-$crypto.=" crypto/comp/comp.h";
+$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
+$crypto.=" crypto/ocsp/ocsp.h";
+$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
+$crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
 
 my $symhacks="crypto/symhacks.h";
@@ -216,7 +277,6 @@ if ($do_ssl == 1) {
 	if ($do_rewrite == 1) {
 		open(OUT, ">$ssl_num");
 		&rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
-		close OUT;
 	} else {
 		open(OUT, ">>$ssl_num");
 	}
@@ -237,6 +297,11 @@ if($do_crypto == 1) {
 	close OUT;
 } 
 
+} elsif ($do_checkexist) {
+	&check_existing(*ssl_list, @ssl_symbols)
+		if $do_ssl == 1;
+	&check_existing(*crypto_list, @crypto_symbols)
+		if $do_crypto == 1;
 } elsif ($do_ctest || $do_ctestall) {
 
 	print <<"EOF";
@@ -258,10 +323,10 @@ EOF
 
 } else {
 
-	&print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_symbols)
+	&print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
 		if $do_ssl == 1;
 
-	&print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_symbols)
+	&print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
 		if $do_crypto == 1;
 
 }
@@ -276,16 +341,21 @@ sub do_defs
 	my %platform;		# For anything undefined, we assume ""
 	my %kind;		# For anything undefined, we assume "FUNCTION"
 	my %algorithm;		# For anything undefined, we assume ""
-	my %rename;
+	my %variant;
+	my %variant_cnt;	# To be able to allocate "name{n}" if "name"
+				# is the same name as the original.
 	my $cpp;
+	my %unknown_algorithms = ();
 
 	foreach $file (split(/\s+/,$symhacksfile." ".$files))
 		{
+		print STDERR "DEBUG: starting on $file:\n" if $debug;
 		open(IN,"<$file") || die "unable to open $file:$!\n";
 		my $line = "", my $def= "";
 		my %tag = (
 			(map { $_ => 0 } @known_platforms),
-			(map { "NO_".$_ => 0 } @known_algorithms),
+			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
 			NOPROTO		=> 0,
 			PERL5		=> 0,
 			_WINDLL		=> 0,
@@ -293,16 +363,70 @@ sub do_defs
 			TRUE		=> 1,
 		);
 		my $symhacking = $file eq $symhacksfile;
-		my $begin_error_codes = 0;
+		my @current_platforms = ();
+		my @current_algorithms = ();
+
+		# params: symbol, alias, platforms, kind
+		# The reason to put this subroutine in a variable is that
+		# it will otherwise create it's own, unshared, version of
+		# %tag and %variant...
+		my $make_variant = sub
+		{
+			my ($s, $a, $p, $k) = @_;
+			my ($a1, $a2);
+
+			print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+			if (defined($p))
+			{
+				$a1 = join(",",$p,
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			else
+			{
+				$a1 = join(",",
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			$a2 = join(",",
+				   grep(!/^$/,
+					map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+					@known_ossl_platforms));
+			print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+			if ($a1 eq "") { $a1 = $a2; }
+			elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+			if ($a eq $s)
+			{
+				if (!defined($variant_cnt{$s}))
+				{
+					$variant_cnt{$s} = 0;
+				}
+				$variant_cnt{$s}++;
+				$a .= "{$variant_cnt{$s}}";
+			}
+			my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+			my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+			if (!grep(/^$togrep$/,
+				  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+				if (defined($variant{$s})) { $variant{$s} .= ";"; }
+				$variant{$s} .= $toadd;
+			}
+			print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+		};
+
+		print STDERR "DEBUG: parsing ----------\n" if $debug;
 		while(<IN>) {
-			$begin_error_codes = 1 if (/BEGIN ERROR CODES/);
-			last if ($begin_error_codes && /Error codes for /);
+			last if (/\/\* Error codes for the \w+ functions\. \*\//);
 			if ($line ne '') {
 				$_ = $line . $_;
 				$line = '';
 			}
 
 			if (/\\$/) {
+				chomp; # remove eol
+				chop; # remove ending backslash
 				$line = $_;
 				next;
 			}
@@ -315,134 +439,344 @@ sub do_defs
 
 			s/\/\*.*?\*\///gs;                   # ignore comments
 			s/{[^{}]*}//gs;                      # ignore {} blocks
-			if (/^\#\s*ifndef (.*)/) {
-				push(@tag,$1);
-				$tag{$1}=-1;
-			} elsif (/^\#\s*if !defined\(([^\)]+)\)/) {
+			print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+			if (/^\#\s*ifndef\s+(.*)/) {
+				push(@tag,"-");
 				push(@tag,$1);
 				$tag{$1}=-1;
-			} elsif (/^\#\s*ifdef (.*)/) {
-				push(@tag,$1);
-				$tag{$1}=1;
-			} elsif (/^\#\s*if defined\(([^\)]+)\)/) {
+				print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+			} elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\&\&',$tmp_1) {
+						$tmp_ =~ /!defined\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=-1;
+					}
+				} else {
+					print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=-1;
+				}
+			} elsif (/^\#\s*ifdef\s+(.*)/) {
+				push(@tag,"-");
 				push(@tag,$1);
 				$tag{$1}=1;
+				print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+			} elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\|\|',$tmp_1) {
+						$tmp_ =~ /defined\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=1;
+					}
+				} else {
+					print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=1;
+				}
 			} elsif (/^\#\s*error\s+(\w+) is disabled\./) {
-				if ($tag[$#tag] eq "NO_".$1) {
-					$tag{$tag[$#tag]}=2;
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+						$tag{$tag[$tag_i]}=2;
+						print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
+					}
+					$tag_i--;
 				}
 			} elsif (/^\#\s*endif/) {
-				if ($tag{$tag[$#tag]}==2) {
-					$tag{$tag[$#tag]}=-1;
-				} else {
-					$tag{$tag[$#tag]}=0;
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+					if ($tag{$t}==2) {
+						$tag{$t}=-1;
+					} else {
+						$tag{$t}=0;
+					}
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					pop(@tag);
+					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} else {
+						$t="";
+					}
+					if ($t ne ""
+					    && !grep(/^$t$/, @known_algorithms)) {
+						$unknown_algorithms{$t} = 1;
+						#print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+					}
+					$tag_i--;
 				}
 				pop(@tag);
 			} elsif (/^\#\s*else/) {
-				my $t=$tag[$#tag];
-				$tag{$t}= -$tag{$t};
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					$tag{$t}= -$tag{$t};
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					$tag_i--;
+				}
 			} elsif (/^\#\s*if\s+1/) {
+				push(@tag,"-");
 				# Dummy tag
 				push(@tag,"TRUE");
 				$tag{"TRUE"}=1;
+				print STDERR "DEBUG: $file: found 1\n" if $debug;
 			} elsif (/^\#\s*if\s+0/) {
+				push(@tag,"-");
 				# Dummy tag
 				push(@tag,"TRUE");
 				$tag{"TRUE"}=-1;
+				print STDERR "DEBUG: $file: found 0\n" if $debug;
 			} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
-				 && $symhacking) {
-				my $s = $1;
-				my $a =
-				    $2.":".join(",", grep(!/^$/,
-							  map { $tag{$_} == 1 ?
-								    $_ : "" }
-							  @known_platforms));
-				$rename{$s} = $a;
+				 && $symhacking && $tag{'TRUE'} != -1) {
+				# This is for aliasing.  When we find an alias,
+				# we have to invert
+				&$make_variant($1,$2);
+				print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
 			}
 			if (/^\#/) {
-				my @p = grep(!/^$/,
-					     map { $tag{$_} == 1 ? $_ :
-						       $tag{$_} == -1 ? "!".$_  : "" }
-					     @known_platforms);
-				my @a = grep(!/^$/,
-					     map { $tag{"NO_".$_} == -1 ? $_ : "" }
-					     @known_algorithms);
-				$def .= "#INFO:".join(',',@p).":".join(',',@a).";";
+				@current_platforms =
+				    grep(!/^$/,
+					 map { $tag{$_} == 1 ? $_ :
+						   $tag{$_} == -1 ? "!".$_  : "" }
+					 @known_platforms);
+				push @current_platforms
+				    , grep(!/^$/,
+					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+					   @known_ossl_platforms);
+				@current_algorithms =
+				    grep(!/^$/,
+					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+					 @known_algorithms);
+				$def .=
+				    "#INFO:"
+					.join(',',@current_platforms).":"
+					    .join(',',@current_algorithms).";";
 				next;
 			}
-			if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
-				next;
-			} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
-				next;
-			} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
-				next;
-			} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
-				 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
-				# Things not in Win16
-				$syms{"PEM_read_${1}"} = 1;
-				$platform{"PEM_read_${1}"} = "!WIN16";
-				$syms{"PEM_write_${1}"} = 1;
-				$platform{"PEM_write_${1}"} = "!WIN16";
-				# Things that are everywhere
-				$syms{"PEM_read_bio_${1}"} = 1;
-				$syms{"PEM_write_bio_${1}"} = 1;
-				if ($1 eq "RSAPrivateKey" ||
-				    $1 eq "RSAPublicKey" ||
-				    $1 eq "RSA_PUBKEY") {
-					$algorithm{"PEM_read_${1}"} = "RSA";
-					$algorithm{"PEM_write_${1}"} = "RSA";
-					$algorithm{"PEM_read_bio_${1}"} = "RSA";
-					$algorithm{"PEM_write_bio_${1}"} = "RSA";
-				}
-				elsif ($1 eq "DSAPrivateKey" ||
-				       $1 eq "DSAparams" ||
-				       $1 eq "RSA_PUBKEY") {
-					$algorithm{"PEM_read_${1}"} = "DSA";
-					$algorithm{"PEM_write_${1}"} = "DSA";
-					$algorithm{"PEM_read_bio_${1}"} = "DSA";
-					$algorithm{"PEM_write_bio_${1}"} = "DSA";
-				}
-				elsif ($1 eq "DHparams") {
-					$algorithm{"PEM_read_${1}"} = "DH";
-					$algorithm{"PEM_write_${1}"} = "DH";
-					$algorithm{"PEM_read_bio_${1}"} = "DH";
-					$algorithm{"PEM_write_bio_${1}"} = "DH";
-				}
-			} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
-				     /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
-				# Things not in Win16
-				$syms{"PEM_write_${1}"} = 1;
-				$platform{"PEM_write_${1}"} .= ",!WIN16";
-				# Things that are everywhere
-				$syms{"PEM_write_bio_${1}"} = 1;
-				if ($1 eq "RSAPrivateKey" ||
-				    $1 eq "RSAPublicKey" ||
-				    $1 eq "RSA_PUBKEY") {
-					$algorithm{"PEM_write_${1}"} = "RSA";
-					$algorithm{"PEM_write_bio_${1}"} = "RSA";
-				}
-				elsif ($1 eq "DSAPrivateKey" ||
-				       $1 eq "DSAparams" ||
-				       $1 eq "RSA_PUBKEY") {
-					$algorithm{"PEM_write_${1}"} = "DSA";
-					$algorithm{"PEM_write_bio_${1}"} = "DSA";
-				}
-				elsif ($1 eq "DHparams") {
-					$algorithm{"PEM_write_${1}"} = "DH";
-					$algorithm{"PEM_write_bio_${1}"} = "DH";
-				}
-			} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
-				     /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
-				# Things not in Win16
-				$syms{"PEM_read_${1}"} = 1;
-				$platform{"PEM_read_${1}"} .= ",!WIN16";
-				# Things that are everywhere
-				$syms{"PEM_read_bio_${1}"} = 1;
-			} elsif (
-				($tag{'TRUE'} != -1)
-				&& ($tag{'CONST_STRICT'} != 1)
-				 )
-				{
+			if ($tag{'TRUE'} != -1) {
+				if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					$def .= "int $3_free(void);";
+					$def .= "int $3_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+					 /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$1(void);";
+					$def .= "int i2d_$1(void);";
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					$def .= "int $2_free(void);";
+					$def .= "int $2_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					next;
+				} elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int _shadow_$2;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("_shadow_$2","_shadow_$2",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+				} elsif ($tag{'CONST_STRICT'} != 1) {
 					if (/\{|\/\*|\([^\)]*$/) {
 						$line = $_;
 					} else {
@@ -450,11 +784,13 @@ sub do_defs
 					}
 				}
 			}
+		}
 		close(IN);
 
 		my $algs;
 		my $plays;
 
+		print STDERR "DEBUG: postprocessing ----------\n" if $debug;
 		foreach (split /;/, $def) {
 			my $s; my $k = "FUNCTION"; my $p; my $a;
 			s/^[\n\s]*//g;
@@ -463,26 +799,32 @@ sub do_defs
 			next if(/typedef\W/);
 			next if(/\#define/);
 
+			print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
 			if (/^\#INFO:([^:]*):(.*)$/) {
 				$plats = $1;
 				$algs = $2;
+				print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
 				next;
-			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+)(\[[0-9]*\])*\s*$/) {
+			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
 				$s = $1;
 				$k = "VARIABLE";
-			} elsif (/\(\*(\w*)\([^\)]+/) {
+				print STDERR "DEBUG: found external variable $s\n" if $debug;
+			} elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) {
 				$s = $1;
+				print STDERR "DEBUG: found ANSI C function $s\n" if $debug;
 			} elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) {
 				# K&R C
+				print STDERR "DEBUG: found K&R C function $s\n" if $debug;
 				next;
-			} elsif (/\w+\W+\w+\W*\(.*\)$/s) {
+			} elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)$/s) {
 				while (not /\(\)$/s) {
 					s/[^\(\)]*\)$/\)/s;
 					s/\([^\(\)]*\)\)$/\)/s;
 				}
 				s/\(void\)//;
-				/(\w+)\W*\(\)/s;
+				/(\w+(\{[0-9]+\})?)\W*\(\)/s;
 				$s = $1;
+				print STDERR "DEBUG: found function $s\n" if $debug;
 			} elsif (/\(/ and not (/=/)) {
 				print STDERR "File $file: cannot parse: $_;\n";
 				next;
@@ -513,67 +855,61 @@ sub do_defs
 			$a .= ",RSA" if($s =~ /RSAPrivateKey/);
 			$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
 
-			$platform{$s} .= ','.$p;
+			$platform{$s} =
+			    &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
 			$algorithm{$s} .= ','.$a;
 
-			if (defined($rename{$s})) {
-				(my $r, my $p) = split(/:/,$rename{$s});
-				my @ip = map { /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p;
-				$syms{$r} = 1;
-				$kind{$r} = $kind{$s}."(".$s.")";
-				$algorithm{$r} = $algorithm{$s};
-				$platform{$r} = $platform{$s}.",".$p;
-				$platform{$s} .= ','.join(',', @ip).','.join(',', @ip);
+			if (defined($variant{$s})) {
+				foreach $v (split /;/,$variant{$s}) {
+					(my $r, my $p, my $k) = split(/:/,$v);
+					my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+					$syms{$r} = 1;
+					if (!defined($k)) { $k = $kind{$s}; }
+					$kind{$r} = $k."(".$s.")";
+					$algorithm{$r} = $algorithm{$s};
+					$platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+					$platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+					print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
+				}
 			}
+			print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
 		}
 	}
 
 	# Prune the returned symbols
 
-	$platform{"crypt"} .= ",!PERL5,!__FreeBSD__,!NeXT";
-
-        delete $syms{"SSL_add_dir_cert_subjects_to_stack"};
         delete $syms{"bn_dump1"};
-
-	$platform{"BIO_s_file_internal"} .= ",WIN16";
-	$platform{"BIO_new_file_internal"} .= ",WIN16";
-	$platform{"BIO_new_fp_internal"} .= ",WIN16";
-
-	$platform{"BIO_s_file"} .= ",!WIN16";
-	$platform{"BIO_new_file"} .= ",!WIN16";
-	$platform{"BIO_new_fp"} .= ",!WIN16";
-
 	$platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
 
-	if(exists $syms{"ERR_load_CRYPTO_strings"}) {
-		$platform{"ERR_load_CRYPTO_strings"} .= ",!VMS,!WIN16";
-		$syms{"ERR_load_CRYPTOlib_strings"} = 1;
-		$platform{"ERR_load_CRYPTOlib_strings"} .= ",VMS,WIN16";
-	}
+	$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
+	$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
 
 	# Info we know about
 
-	$platform{"RSA_PKCS1_RSAref"} = "RSAREF";
-	$algorithm{"RSA_PKCS1_RSAref"} = "RSA";
-
 	push @ret, map { $_."\\".&info_string($_,"EXIST",
 					      $platform{$_},
 					      $kind{$_},
 					      $algorithm{$_}) } keys %syms;
 
+	if (keys %unknown_algorithms) {
+		print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+		print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+	}
 	return(@ret);
 }
 
-sub info_string {
-	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
-
-	my %a = defined($algorithms) ?
-	    map { $_ => 1 } split /,/, $algorithms : ();
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+	my ($platforms) = @_;
 	my $pl = defined($platforms) ? $platforms : "";
 	my %p = map { $_ => 0 } split /,/, $pl;
-	my $k = defined($kind) ? $kind : "FUNCTION";
 	my $ret;
 
+	print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+	    if $debug;
 	# We do this, because if there's code like the following, it really
 	# means the function exists in all cases and should therefore be
 	# everywhere.  By increasing and decreasing, we may attain 0:
@@ -595,12 +931,28 @@ sub info_string {
 	}
 
 	delete $p{""};
+
+	$ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+	print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+	    if $debug;
+	return $ret;
+}
+
+sub info_string {
+	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+	my %a = defined($algorithms) ?
+	    map { $_ => 1 } split /,/, $algorithms : ();
+	my $k = defined($kind) ? $kind : "FUNCTION";
+	my $ret;
+	my $p = &reduce_platforms($platforms);
+
 	delete $a{""};
 
 	$ret = $exist;
-	$ret .= ":".join(',',map { $p{$_} < 0 ? "!".$_ : $_ } keys %p);
+	$ret .= ":".$p;
 	$ret .= ":".$k;
-	$ret .= ":".join(',',keys %a);
+	$ret .= ":".join(',',sort keys %a);
 	return $ret;
 }
 
@@ -608,19 +960,30 @@ sub maybe_add_info {
 	(my $name, *nums, my @symbols) = @_;
 	my $sym;
 	my $new_info = 0;
+	my %syms=();
 
 	print STDERR "Updating $name info\n";
 	foreach $sym (@symbols) {
 		(my $s, my $i) = split /\\/, $sym;
-		$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
 		if (defined($nums{$s})) {
+			$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
 			(my $n, my $dummy) = split /\\/, $nums{$s};
 			if (!defined($dummy) || $i ne $dummy) {
 				$nums{$s} = $n."\\".$i;
 				$new_info++;
-				#print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n";
+				print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
 			}
 		}
+		$syms{$s} = 1;
+	}
+
+	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $i) = split /\\/, $nums{$sym};
+		if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+			$new_info++;
+			print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+		}
 	}
 	if ($new_info) {
 		print STDERR "$new_info old symbols got an info update\n";
@@ -632,53 +995,143 @@ sub maybe_add_info {
 	}
 }
 
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+	my ($keywords_txt,$platforms) = @_;
+	my (@keywords) = split /,/,$keywords_txt;
+	my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));
+
+	# Param: one keyword
+	sub recognise
+	{
+		my ($keyword,$platforms) = @_;
+
+		if ($platforms) {
+			# platforms
+			if ($keyword eq "VMS" && $VMS) { return 1; }
+			if ($keyword eq "WIN32" && $W32) { return 1; }
+			if ($keyword eq "WIN16" && $W16) { return 1; }
+			if ($keyword eq "WINNT" && $NT) { return 1; }
+			if ($keyword eq "OS2" && $OS2) { return 1; }
+			# Special platforms:
+			# EXPORT_VAR_AS_FUNCTION means that global variables
+			# will be represented as functions.  This currently
+			# only happens on VMS-VAX.
+			if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
+				return 1;
+			}
+			return 0;
+		} else {
+			# algorithms
+			if ($keyword eq "RC2" && $no_rc2) { return 0; }
+			if ($keyword eq "RC4" && $no_rc4) { return 0; }
+			if ($keyword eq "RC5" && $no_rc5) { return 0; }
+			if ($keyword eq "IDEA" && $no_idea) { return 0; }
+			if ($keyword eq "DES" && $no_des) { return 0; }
+			if ($keyword eq "BF" && $no_bf) { return 0; }
+			if ($keyword eq "CAST" && $no_cast) { return 0; }
+			if ($keyword eq "MD2" && $no_md2) { return 0; }
+			if ($keyword eq "MD4" && $no_md4) { return 0; }
+			if ($keyword eq "MD5" && $no_md5) { return 0; }
+			if ($keyword eq "SHA" && $no_sha) { return 0; }
+			if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
+			if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+			if ($keyword eq "RSA" && $no_rsa) { return 0; }
+			if ($keyword eq "DSA" && $no_dsa) { return 0; }
+			if ($keyword eq "DH" && $no_dh) { return 0; }
+			if ($keyword eq "EC" && $no_ec) { return 0; }
+			if ($keyword eq "HMAC" && $no_hmac) { return 0; }
+			if ($keyword eq "AES" && $no_aes) { return 0; }
+			if ($keyword eq "EVP" && $no_evp) { return 0; }
+			if ($keyword eq "LHASH" && $no_lhash) { return 0; }
+			if ($keyword eq "STACK" && $no_stack) { return 0; }
+			if ($keyword eq "ERR" && $no_err) { return 0; }
+			if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
+			if ($keyword eq "BIO" && $no_bio) { return 0; }
+			if ($keyword eq "COMP" && $no_comp) { return 0; }
+			if ($keyword eq "DSO" && $no_dso) { return 0; }
+			if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+
+			# Nothing recognise as true
+			return 1;
+		}
+	}
+
+	foreach $k (@keywords) {
+		if ($k =~ /^!(.*)$/) {
+			$falsesum += &recognise($1,$platforms);
+		} else {
+			$truesum += &recognise($k,$platforms);
+		}
+	}
+	print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+	return (!$falsesum) && $truesum;
+}
+
 sub print_test_file
 {
-	(*OUT,my $name,*nums,my @symbols)=@_;
+	(*OUT,my $name,*nums,my $testall,my @symbols)=@_;
 	my $n = 1; my @e; my @r;
 	my $sym; my $prev = ""; my $prefSSLeay;
 
-	(@e)=grep(/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
-	(@r)=grep(/^\w+\\.*?:.*?:FUNCTION/ && !/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
 	@symbols=((sort @e),(sort @r));
 
 	foreach $sym (@symbols) {
 		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
-		if ($s ne $prev) {
-			if (!defined($nums{$sym})) {
-				printf STDERR "Warning: $sym does not have a number assigned\n"
-						if(!$do_update);
+		my $v = 0;
+		$v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+		my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+		my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+		if (!defined($nums{$s})) {
+			print STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} elsif (is_valid($p,1) && is_valid($a,0)) {
+			my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+			if ($prev eq $s2) {
+				print OUT "\t/* The following has already appeared previously */\n";
+				print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+			}
+			$prev = $s2;	# To warn about duplicates...
+
+			($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
+			if ($v) {
+				print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
 			} else {
-				$n=$nums{$s};
-				print OUT "\t$s();\n";
+				print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
 			}
 		}
-		$prev = $s;	# To avoid duplicates...
 	}
 }
 
 sub print_def_file
 {
 	(*OUT,my $name,*nums,my @symbols)=@_;
-	my $n = 1; my @e; my @r;
+	my $n = 1; my @e; my @r; my @v; my $prev="";
+	my $liboptions="";
 
 	if ($W32)
 		{ $name.="32"; }
-	else
+	elsif ($W16)
 		{ $name.="16"; }
+	elsif ($OS2)
+		{ $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
 
 	print OUT <<"EOF";
 ;
 ; Definition file for the DLL version of the $name library from OpenSSL
 ;
 
-LIBRARY         $name
+LIBRARY         $name	$liboptions
 
 DESCRIPTION     'OpenSSL $name - http://www.openssl.org/'
 
 EOF
 
-	if (!$W32) {
+	if ($W16) {
 		print <<"EOF";
 CODE            PRELOAD MOVEABLE
 DATA            PRELOAD MOVEABLE SINGLE
@@ -693,80 +1146,35 @@ EOF
 
 	print "EXPORTS\n";
 
-	(@e)=grep(/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
-	(@r)=grep(/^\w+\\.*?:.*?:FUNCTION/ && !/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
-	@symbols=((sort @e),(sort @r));
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+	(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
+	@symbols=((sort @e),(sort @r), (sort @v));
 
 
 	foreach $sym (@symbols) {
 		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
 		if (!defined($nums{$s})) {
 			printf STDERR "Warning: $s does not have a number assigned\n"
-					if(!$do_update);
+			    if(!$do_update);
 		} else {
-			(my $n, my $i) = split /\\/, $nums{$s};
+			(my $n, my $dummy) = split /\\/, $nums{$s};
 			my %pf = ();
-			my @p = split(/,/, ($i =~ /^[^:]*:([^:]*):/,$1));
-			my @a = split(/,/, ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1));
-			# @p_purged must contain hardware platforms only
-			my @p_purged = ();
-			foreach $ptmp (@p) {
-				next if $ptmp =~ /^!?RSAREF$/;
-				push @p_purged, $ptmp;
-			}
-			my $negatives = !!grep(/^!/,@p);
-			# It is very important to check NT before W32
-			if ((($NT && (!@p_purged
-				      || (!$negatives && grep(/^WINNT$/,@p))
-				      || ($negatives && !grep(/^!WINNT$/,@p))))
-			     || ($W32 && (!@p_purged
-					  || (!$negatives && grep(/^WIN32$/,@p))
-					  || ($negatives && !grep(/^!WIN32$/,@p))))
-			     || ($W16 && (!@p_purged
-					  || (!$negatives && grep(/^WIN16$/,@p))
-					  || ($negatives && !grep(/^!WIN16$/,@p)))))
-			    && (!@p
-				|| (!$negatives
-				    && ($rsaref || !grep(/^RSAREF$/,@p)))
-				|| ($negatives
-				    && (!$rsaref || !grep(/^!RSAREF$/,@p))))
-			    && (!@a || (!$no_rc2 || !grep(/^RC2$/,@a)))
-			    && (!@a || (!$no_rc4 || !grep(/^RC4$/,@a)))
-			    && (!@a || (!$no_rc5 || !grep(/^RC5$/,@a)))
-			    && (!@a || (!$no_idea || !grep(/^IDEA$/,@a)))
-			    && (!@a || (!$no_des || !grep(/^DES$/,@a)))
-			    && (!@a || (!$no_bf || !grep(/^BF$/,@a)))
-			    && (!@a || (!$no_cast || !grep(/^CAST$/,@a)))
-			    && (!@a || (!$no_md2 || !grep(/^MD2$/,@a)))
-			    && (!@a || (!$no_md4 || !grep(/^MD4$/,@a)))
-			    && (!@a || (!$no_md5 || !grep(/^MD5$/,@a)))
-			    && (!@a || (!$no_sha || !grep(/^SHA$/,@a)))
-			    && (!@a || (!$no_ripemd || !grep(/^RIPEMD$/,@a)))
-			    && (!@a || (!$no_mdc2 || !grep(/^MDC2$/,@a)))
-			    && (!@a || (!$no_rsa || !grep(/^RSA$/,@a)))
-			    && (!@a || (!$no_dsa || !grep(/^DSA$/,@a)))
-			    && (!@a || (!$no_dh || !grep(/^DH$/,@a)))
-			    && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a)))
-			    && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a)))
-			    ) {
-				printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$s,$n;
-#			} else {
-#				print STDERR "DEBUG: \"$sym\" (@p):",
-#				" rsaref:", !!(!@p
-#					       || (!$negatives
-#						   && ($rsaref || !grep(/^RSAREF$/,@p)))
-#					       || ($negatives
-#						   && (!$rsaref || !grep(/^!RSAREF$/,@p))))?1:0,
-#				" 16:", !!($W16 && (!@p_purged
-#						    || (!$negatives && grep(/^WIN16$/,@p))
-#						    || ($negatives && !grep(/^!WIN16$/,@p)))),
-#				" 32:", !!($W32 && (!@p_purged
-#						    || (!$negatives && grep(/^WIN32$/,@p))
-#						    || ($negatives && !grep(/^!WIN32$/,@p)))),
-#				" NT:", !!($NT && (!@p_purged
-#						   || (!$negatives && grep(/^WINNT$/,@p))
-#						   || ($negatives && !grep(/^!WINNT$/,@p)))),
-#				"\n";
+			my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+			my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+			if (is_valid($p,1) && is_valid($a,0)) {
+				my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+				if ($prev eq $s2) {
+					print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+				}
+				$prev = $s2;	# To warn about duplicates...
+				if($v && !$OS2) {
+					printf OUT "    %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
+				} else {
+					printf OUT "    %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
+				}
 			}
 		}
 	}
@@ -781,6 +1189,7 @@ sub load_numbers
 	$max_num = 0;
 	$num_noinfo = 0;
 	$prev = "";
+	$prev_cnt = 0;
 
 	open(IN,"<$name") || die "unable to open $name:$!\n";
 	while (<IN>) {
@@ -789,14 +1198,22 @@ sub load_numbers
 		next if /^\s*$/;
 		@a=split;
 		if (defined $ret{$a[0]}) {
-			print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
 		}
 		if ($max_num > $a[1]) {
 			print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
 		}
-		if ($max_num == $a[1]) {
+		elsif ($max_num == $a[1]) {
 			# This is actually perfectly OK
 			#print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+			if ($a[0] eq $prev) {
+				$prev_cnt++;
+				$a[0] .= "{$prev_cnt}";
+			}
+		}
+		else {
+			$prev_cnt = 0;
 		}
 		if ($#a < 2) {
 			# Existence will be proven later, in do_defs
@@ -838,7 +1255,7 @@ sub rewrite_numbers
 
 	print STDERR "Rewriting $name\n";
 
-	my @r = grep(/^\w+\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
 	my $r; my %r; my %rsyms;
 	foreach $r (@r) {
 		(my $s, my $i) = split /\\/, $r;
@@ -848,16 +1265,31 @@ sub rewrite_numbers
 		$rsyms{$s} = 1;
 	}
 
-	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+	my %syms = ();
+	foreach $_ (@symbols) {
+		(my $n, my $i) = split /\\/;
+		$syms{$n} = 1;
+	}
+
+	my @s=sort {
+	    &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+	    || $a cmp $b
+	} keys %nums;
 	foreach $sym (@s) {
 		(my $n, my $i) = split /\\/, $nums{$sym};
 		next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
 		next if defined($rsyms{$sym});
-		$i="NOEXIST::FUNCTION:" if !defined($i) || $i eq "";
-		printf OUT "%s%-40s%d\t%s\n","",$sym,$n,$i;
+		print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+		$i="NOEXIST::FUNCTION:"
+			if !defined($i) || $i eq "" || !defined($syms{$sym});
+		my $s2 = $sym;
+		$s2 =~ s/\{[0-9]+\}$//;
+		printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
 		if (exists $r{$sym}) {
 			(my $s, $i) = split /\\/,$r{$sym};
-			printf OUT "%s%-40s%d\t%s\n","",$s,$n,$i;
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
 		}
 	}
 }
@@ -869,7 +1301,7 @@ sub update_numbers
 
 	print STDERR "Updating $name numbers\n";
 
-	my @r = grep(/^\w+\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
 	my $r; my %r; my %rsyms;
 	foreach $r (@r) {
 		(my $s, my $i) = split /\\/, $r;
@@ -887,10 +1319,13 @@ sub update_numbers
 		    if $i eq "";
 		if (!exists $nums{$s}) {
 			$new_syms++;
-			printf OUT "%s%-40s%d\t%s\n","",$s, ++$start_num,$i;
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
 			if (exists $r{$s}) {
 				($s, $i) = split /\\/,$r{$s};
-				printf OUT "%s%-40s%d\t%s\n","",$s, $start_num,$i;
+				$s =~ s/\{[0-9]+\}$//;
+				printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
 			}
 		}
 	}
diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl
index 449aa57..4105047 100644
--- a/crypto/openssl/util/mkerr.pl
+++ b/crypto/openssl/util/mkerr.pl
@@ -7,7 +7,7 @@ my $static = 1;
 my $recurse = 0;
 my $reindex = 0;
 my $dowrite = 0;
-
+my $staticloader = "";
 
 while (@ARGV) {
 	my $arg = $ARGV[0];
@@ -29,6 +29,9 @@ while (@ARGV) {
 	} elsif($arg eq "-nostatic") {
 		$static = 0;
 		shift @ARGV;
+	} elsif($arg eq "-staticloader") {
+		$staticloader = "static ";
+		shift @ARGV;
 	} elsif($arg eq "-write") {
 		$dowrite = 1;
 		shift @ARGV;
@@ -38,7 +41,7 @@ while (@ARGV) {
 }
 
 if($recurse) {
-	@source = (<crypto/*.c>, <crypto/*/*.c>, <rsaref/*.c>, <ssl/*.c>);
+	@source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
 } else {
 	@source = @ARGV;
 }
@@ -79,38 +82,40 @@ while (($hdr, $lib) = each %libinc)
 {
 	next if($hdr eq "NONE");
 	print STDERR "Scanning header file $hdr\n" if $debug; 
-	open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
-	my $line = "", $def= "", $linenr = 0;
-	while(<IN>) {
-	    $linenr++;
-	    print STDERR "line: $linenr\r" if $debug;
-
-	    last if(/BEGIN\s+ERROR\s+CODES/);
-	    if ($line ne '') {
-		$_ = $line . $_;
-		$line = '';
-	    }
+	my $line = "", $def= "", $linenr = 0, $gotfile = 0;
+	if (open(IN, "<$hdr")) {
+	    $gotfile = 1;
+	    while(<IN>) {
+		$linenr++;
+		print STDERR "line: $linenr\r" if $debug;
+
+		last if(/BEGIN\s+ERROR\s+CODES/);
+		if ($line ne '') {
+		    $_ = $line . $_;
+		    $line = '';
+		}
 
-	    if (/\\$/) {
-		$line = $_;
-		next;
-	    }
+		if (/\\$/) {
+		    $line = $_;
+		    next;
+		}
 
-	    $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
-	    if ($cpp) {
-		$cpp = 0 if /^#.*endif/;
-		next;
-	    }
+		$cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
+		if ($cpp) {
+		    $cpp = 0 if /^#.*endif/;
+		    next;
+		}
 
-	    next if (/^#/);                      # skip preprocessor directives
+		next if (/^\#/);                      # skip preprocessor directives
 
-	    s/\/\*.*?\*\///gs;                   # ignore comments
-	    s/{[^{}]*}//gs;                      # ignore {} blocks
+		s/\/\*.*?\*\///gs;                   # ignore comments
+		s/{[^{}]*}//gs;                      # ignore {} blocks
 
-	    if (/{|\/\*/) { # Add a } so editor works...
-		$line = $_;
-	    } else {
-		$def .= $_;
+		if (/\{|\/\*/) { # Add a } so editor works...
+		    $line = $_;
+		} else {
+		    $def .= $_;
+		}
 	    }
 	}
 
@@ -152,10 +157,12 @@ while (($hdr, $lib) = each %libinc)
 	# Scan function and reason codes and store them: keep a note of the
 	# maximum code used.
 
-	while(<IN>) {
-		if(/^#define\s+(\S+)\s+(\S+)/) {
+	if ($gotfile) {
+	    while(<IN>) {
+		if(/^\#define\s+(\S+)\s+(\S+)/) {
 			$name = $1;
 			$code = $2;
+			next if $name =~ /^${lib}err/;
 			unless($name =~ /^${lib}_([RF])_(\w+)$/) {
 				print STDERR "Invalid error code $name\n";
 				next;
@@ -173,6 +180,7 @@ while (($hdr, $lib) = each %libinc)
 				$fcodes{$name} = $code;
 			}
 		}
+	    }
 	}
 	close IN;
 }
@@ -189,9 +197,11 @@ while (($hdr, $lib) = each %libinc)
 # so all those unreferenced can be printed out.
 
 
+print STDERR "Files loaded: " if $debug;
 foreach $file (@source) {
 	# Don't parse the error source file.
 	next if exists $cskip{$file};
+	print STDERR $file if $debug;
 	open(IN, "<$file") || die "Can't open source file $file\n";
 	while(<IN>) {
 		if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
@@ -215,6 +225,7 @@ foreach $file (@source) {
 	}
 	close IN;
 }
+print STDERR "\n" if $debug;
 
 # Now process each library in turn.
 
@@ -241,15 +252,74 @@ foreach $lib (keys %csrc)
 
 	# Rewrite the header file
 
-	open(IN, "<$hfile") || die "Can't Open Header File $hfile\n";
-
-	# Copy across the old file
-	while(<IN>) {
+	if (open(IN, "<$hfile")) {
+	    # Copy across the old file
+	    while(<IN>) {
 		push @out, $_;
 		last if (/BEGIN ERROR CODES/);
+	    }
+	    close IN;
+	} else {
+	    push @out,
+"/* ====================================================================\n",
+" * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.\n",
+" *\n",
+" * Redistribution and use in source and binary forms, with or without\n",
+" * modification, are permitted provided that the following conditions\n",
+" * are met:\n",
+" *\n",
+" * 1. Redistributions of source code must retain the above copyright\n",
+" *    notice, this list of conditions and the following disclaimer. \n",
+" *\n",
+" * 2. Redistributions in binary form must reproduce the above copyright\n",
+" *    notice, this list of conditions and the following disclaimer in\n",
+" *    the documentation and/or other materials provided with the\n",
+" *    distribution.\n",
+" *\n",
+" * 3. All advertising materials mentioning features or use of this\n",
+" *    software must display the following acknowledgment:\n",
+" *    \"This product includes software developed by the OpenSSL Project\n",
+" *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
+" *\n",
+" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
+" *    endorse or promote products derived from this software without\n",
+" *    prior written permission. For written permission, please contact\n",
+" *    openssl-core\@openssl.org.\n",
+" *\n",
+" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
+" *    nor may \"OpenSSL\" appear in their names without prior written\n",
+" *    permission of the OpenSSL Project.\n",
+" *\n",
+" * 6. Redistributions of any form whatsoever must retain the following\n",
+" *    acknowledgment:\n",
+" *    \"This product includes software developed by the OpenSSL Project\n",
+" *    for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
+" *\n",
+" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
+" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
+" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
+" * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
+" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
+" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
+" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
+" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
+" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
+" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
+" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
+" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
+" * ====================================================================\n",
+" *\n",
+" * This product includes cryptographic software written by Eric Young\n",
+" * (eay\@cryptsoft.com).  This product includes software written by Tim\n",
+" * Hudson (tjh\@cryptsoft.com).\n",
+" *\n",
+" */\n",
+"\n",
+"#ifndef HEADER_${lib}_ERR_H\n",
+"#define HEADER_${lib}_ERR_H\n",
+"\n",
+"/* BEGIN ERROR CODES */\n";
 	}
-	close IN;
-
 	open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
 
 	print OUT @out;
@@ -258,8 +328,22 @@ foreach $lib (keys %csrc)
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
-void ERR_load_${lib}_strings(void);
+EOF
+	if($static) {
+		print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
 
+EOF
+	} else {
+		print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+${staticloader}void ERR_unload_${lib}_strings(void);
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+
+EOF
+	}
+	print OUT <<"EOF";
 /* Error codes for the $lib functions. */
 
 /* Function codes. */
@@ -383,7 +467,7 @@ EOF
 #include $hincf
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ${lib}_str_functs[]=
 	{
 EOF
@@ -426,14 +510,14 @@ if($static) {
 
 #endif
 
-void ERR_load_${lib}_strings(void)
+${staticloader}void ERR_load_${lib}_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
 		ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
 #endif
@@ -457,19 +541,18 @@ static ERR_STRING_DATA ${lib}_lib_name[]=
 #endif
 
 
-int ${lib}_lib_error_code=0;
+static int ${lib}_lib_error_code=0;
+static int ${lib}_error_init=1;
 
-void ERR_load_${lib}_strings(void)
+${staticloader}void ERR_load_${lib}_strings(void)
 	{
-	static int init=1;
-
 	if (${lib}_lib_error_code == 0)
 		${lib}_lib_error_code=ERR_get_next_error_library();
 
-	if (init)
+	if (${lib}_error_init)
 		{
-		init=0;
-#ifndef NO_ERR
+		${lib}_error_init=0;
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
 		ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
 #endif
@@ -481,7 +564,23 @@ void ERR_load_${lib}_strings(void)
 		}
 	}
 
-void ERR_${lib}_error(int function, int reason, char *file, int line)
+${staticloader}void ERR_unload_${lib}_strings(void)
+	{
+	if (${lib}_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
+		ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+		ERR_unload_strings(0,${lib}_lib_name);
+#endif
+		${lib}_error_init=1;
+		}
+	}
+
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
 	{
 	if (${lib}_lib_error_code == 0)
 		${lib}_lib_error_code=ERR_get_next_error_library();
diff --git a/crypto/openssl/util/mkfiles.pl b/crypto/openssl/util/mkfiles.pl
index 5296bdb..29e1404 100755
--- a/crypto/openssl/util/mkfiles.pl
+++ b/crypto/openssl/util/mkfiles.pl
@@ -23,11 +23,13 @@ my @dirs = (
 "crypto/idea",
 "crypto/bf",
 "crypto/cast",
+"crypto/aes",
 "crypto/bn",
 "crypto/rsa",
 "crypto/dsa",
 "crypto/dso",
 "crypto/dh",
+"crypto/ec",
 "crypto/buffer",
 "crypto/bio",
 "crypto/stack",
@@ -45,8 +47,11 @@ my @dirs = (
 "crypto/pkcs7",
 "crypto/pkcs12",
 "crypto/comp",
+"crypto/engine",
+"crypto/ocsp",
+"crypto/ui",
+"crypto/krb5",
 "ssl",
-"rsaref",
 "apps",
 "test",
 "tools"
diff --git a/crypto/openssl/util/mklink.pl b/crypto/openssl/util/mklink.pl
index 9e9c9a5..9386da7 100755
--- a/crypto/openssl/util/mklink.pl
+++ b/crypto/openssl/util/mklink.pl
@@ -18,10 +18,10 @@
 my $from = shift;
 my @files = @ARGV;
 
-my @from_path = split(/\//, $from);
+my @from_path = split(/[\\\/]/, $from);
 my $pwd = `pwd`;
 chop($pwd);
-my @pwd_path = split(/\//, $pwd);
+my @pwd_path = split(/[\\\/]/, $pwd);
 
 my @to_path = ();
 
@@ -54,7 +54,16 @@ foreach $file (@files) {
     if ($symlink_exists) {
 	symlink("$to/$file", "$from/$file") or $err = " [$!]";
     } else {
-	system ("cp", "$file", "$from/$file") and $err = " [$!]";
+	unlink "$from/$file"; 
+	open (OLD, "<$file") or die "Can't open $file: $!";
+	open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
+	binmode(OLD);
+	binmode(NEW);
+	while (<OLD>) {
+	    print NEW $_;
+	}
+	close (OLD) or die "Can't close $file: $!";
+	close (NEW) or die "Can't close $from/$file: $!";
     }
     print $file . " => $from/$file$err\n";
 }
diff --git a/crypto/openssl/util/mkstack.pl b/crypto/openssl/util/mkstack.pl
index 3ee13fe..085c50f 100755
--- a/crypto/openssl/util/mkstack.pl
+++ b/crypto/openssl/util/mkstack.pl
@@ -21,7 +21,7 @@ while (@ARGV) {
 }
 
 
-@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <rsaref/*.[ch]>, <ssl/*.[ch]>);
+@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
 foreach $file (@source) {
 	next if -l $file;
 
diff --git a/crypto/openssl/util/pl/BC-16.pl b/crypto/openssl/util/pl/BC-16.pl
index 6c6df4f..2033f52 100644
--- a/crypto/openssl/util/pl/BC-16.pl
+++ b/crypto/openssl/util/pl/BC-16.pl
@@ -21,14 +21,14 @@ $lflags="$base_lflags";
 if ($win16)
 	{
 	$shlib=1;
-	$cflags.=" -DWINDOWS -DWIN16";
+	$cflags.=" -DOPENSSL_SYSNAME_WIN16";
 	$app_cflag="-W";
 	$lib_cflag="-WD";
 	$lflags.="/Twe";
 	}
 else
 	{
-	$cflags.=" -DMSDOS";
+	$cflags.=" -DOENSSL_SYSNAME_MSDOS";
 	$lflags.=" /Tde";
 	}
 
diff --git a/crypto/openssl/util/pl/BC-32.pl b/crypto/openssl/util/pl/BC-32.pl
index c268c49..e83b336 100644
--- a/crypto/openssl/util/pl/BC-32.pl
+++ b/crypto/openssl/util/pl/BC-32.pl
@@ -4,7 +4,6 @@
 
 $ssl=	"ssleay32";
 $crypto="libeay32";
-$RSAref="RSAref32";
 
 $o='\\';
 $cp='copy';
@@ -19,7 +18,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -52,9 +51,9 @@ $lfile='';
 $shlib_ex_obj="";
 $app_ex_obj="c0x32.obj"; 
 
-$asm='n_o_T_a_s_m';
+$asm='nasmw -f obj';
 $asm.=" /Zi" if $debug;
-$afile='/Fo';
+$afile='-o';
 
 $bn_mulw_obj='';
 $bn_mulw_src='';
diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl
index 37f3612..45ab685 100644
--- a/crypto/openssl/util/pl/Mingw32.pl
+++ b/crypto/openssl/util/pl/Mingw32.pl
@@ -25,6 +25,8 @@ if ($gaswin and !$no_asm)
 	{
         $bn_asm_obj='$(OBJ_D)/bn-win32.o';
         $bn_asm_src='crypto/bn/asm/bn-win32.s';
+        $bnco_asm_obj='$(OBJ_D)/co-win32.o';
+        $bnco_asm_src='crypto/bn/asm/co-win32.s';
         $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';
         $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
         $bf_enc_obj='$(OBJ_D)/b-win32.o';
@@ -66,12 +68,12 @@ $lfile='';
 
 $asm='as';
 $afile='-o ';
-$bn_asm_obj="";
-$bn_asm_src="";
-$des_enc_obj="";
-$des_enc_src="";
-$bf_enc_obj="";
-$bf_enc_src="";
+#$bn_asm_obj="";
+#$bn_asm_src="";
+#$des_enc_obj="";
+#$des_enc_src="";
+#$bf_enc_obj="";
+#$bf_enc_src="";
 
 sub do_lib_rule
 	{
diff --git a/crypto/openssl/util/pl/OS2-EMX.pl b/crypto/openssl/util/pl/OS2-EMX.pl
new file mode 100644
index 0000000..d695dda
--- /dev/null
+++ b/crypto/openssl/util/pl/OS2-EMX.pl
@@ -0,0 +1,117 @@
+#!/usr/local/bin/perl
+#
+# OS2-EMX.pl - for EMX GCC on OS/2
+#
+
+$o='\\';
+$cp='copy';
+$rm='rm -f';
+
+# C compiler stuff
+
+$cc='gcc';
+$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
+$cflags.="-Zomf " if $shlib;
+$shl_cflag="-Zdll";
+
+if ($debug) { 
+	$cflags.="-g "; 
+}
+
+$obj=$shlib ? '.obj' : '.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS} -Zbsd-signals -s';
+$efile='-o ';
+$exep='.exe';
+$ex_libs="-lsocket";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib="ar s";
+$plib='';
+$libp=$shlib ? ".lib" : ".a";
+$shlibp=$shlib ? ".dll" : ".a";
+$lfile='';
+
+$asm=$shlib ? 'as -Zomf' : 'as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+if (!$no_asm)
+	{
+	$bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj";
+	$bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm";
+	$des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj";
+	$des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm";
+	$bf_enc_obj="crypto\\bf\\asm\\b-os2$obj";
+	$bf_enc_src="crypto\\bf\\asm\\b-os2.asm";
+	$cast_enc_obj="crypto\\cast\\asm\\c-os2$obj";
+	$cast_enc_src="crypto\\cast\\asm\\c-os2.asm";
+	$rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj";
+	$rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm";
+	$rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj";
+	$rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm";
+	$md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj";
+	$md5_asm_src="crypto\\md5\\asm\\m5-os2.asm";
+	$sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj";
+	$sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm";
+	$rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj";
+	$rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm";
+	}
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags -Zdll";
+	$lib_cflag=" -D_DLL";
+	$out_def="out_dll";
+	$tmp_def="tmp_dll";
+	}
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	if (!$shlib) 
+		{
+		$ret.="\t\$(RM) $target\n";
+		$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+		$ret.="\t\$(RANLIB) $target\n\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' -lsocket';
+		$ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+		$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
+		$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
+		}
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/VC-16.pl b/crypto/openssl/util/pl/VC-16.pl
index a5079d4..7cda5e6 100644
--- a/crypto/openssl/util/pl/VC-16.pl
+++ b/crypto/openssl/util/pl/VC-16.pl
@@ -4,7 +4,6 @@
 
 $ssl=	"ssleay16";
 $crypto="libeay16";
-$RSAref="RSAref16";
 
 $o='\\';
 $cp='copy';
@@ -34,7 +33,7 @@ $lflags="$base_lflags /STACK:20000";
 
 if ($win16)
 	{
-	$cflags.=" -DWINDOWS -DWIN16";
+	$cflags.=" -DOPENSSL_SYSNAME_WIN16";
 	$app_cflag="/Gw /FPi87";
 	$lib_cflag="/Gw";
 	$lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
diff --git a/crypto/openssl/util/pl/VC-32.pl b/crypto/openssl/util/pl/VC-32.pl
index 8dea921..285990c 100644
--- a/crypto/openssl/util/pl/VC-32.pl
+++ b/crypto/openssl/util/pl/VC-32.pl
@@ -4,7 +4,6 @@
 
 $ssl=	"ssleay32";
 $crypto="libeay32";
-$RSAref="RSAref32";
 
 $o='\\';
 $cp='copy nul+';	# Timestamps get stuffed otherwise
@@ -12,7 +11,7 @@ $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -22,11 +21,11 @@ $inc_def="inc32";
 
 if ($debug)
 	{
-	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}
-$cflags .= " -DWINNT" if $NT == 1;
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
 
 $obj='.obj';
 $ofile="/Fo";
@@ -92,7 +91,7 @@ if ($shlib)
 	{
 	$mlflags.=" $lflags /dll";
 #	$cflags =~ s| /MD| /MT|;
-	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$lib_cflag=" -D_WINDLL";
 	$out_def="out32dll";
 	$tmp_def="tmp32dll";
 	}
diff --git a/crypto/openssl/util/pl/VC-CE.pl b/crypto/openssl/util/pl/VC-CE.pl
new file mode 100644
index 0000000..1805ef9
--- /dev/null
+++ b/crypto/openssl/util/pl/VC-CE.pl
@@ -0,0 +1,111 @@
+#!/usr/local/bin/perl
+# VC-CE.pl - the file for eMbedded Visual C++ 3.0 for windows CE, static libraries
+#
+
+$ssl=	"ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+
+$o='\\';
+$cp='copy nul+';	# Timestamps get stuffed otherwise
+$rm='del';
+
+# C compiler stuff
+$cc='$(CC)';
+$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include';
+$lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref';
+$mlflags='';
+
+$out_def='out32_$(TARGETCPU)';
+$tmp_def='tmp32_$(TARGETCPU)';
+$inc_def="inc32";
+
+if ($debug)
+	{
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+	$lflags.=" /debug";
+	$mlflags.=' /debug';
+	}
+
+$obj='.obj';
+$ofile="/Fo";
+
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs='winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib $(WCELDFLAGS)'; }
+
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+
+$shlib_ex_obj="";
+#$app_ex_obj="setargv.obj";
+$app_ex_obj="";
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" -D_WINDLL -D_DLL";
+	$out_def='out32dll_$(TARGETCPU)';
+	$tmp_def='tmp32dll_$(TARGETCPU)';
+	}
+
+$cflags.=" /Fd$out_def";
+
+sub do_lib_rule
+	{
+	local($objs,$target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
+	if (!$shlib)
+		{
+#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ex =' ';
+		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+#		$ex.=' winsock.lib coredll.lib $(WCECOMPAT)/lib/wcecompatex.lib';
+		$ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($targer);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+	$ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pod2mantest b/crypto/openssl/util/pod2mantest
index 449ef14..412ca8d 100755
--- a/crypto/openssl/util/pod2mantest
+++ b/crypto/openssl/util/pod2mantest
@@ -11,9 +11,11 @@
 
 
 IFS=:
-try_without_dir=false
+if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
+
+try_without_dir=true
 # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
-for dir in dummy:$PATH; do
+for dir in dummy${IFS}$PATH; do
     if [ "$try_without_dir" = true ]; then
       # first iteration
       pod2man=pod2man
@@ -29,9 +31,16 @@ for dir in dummy:$PATH; do
     if [ ! "$pod2man" = '' ]; then
         failure=none
 
+	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+	    :
+	else
+	    failure=BasicTest
+	fi
 
-	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
-	    failure=MultilineTest
+	if [ "$failure" = none ]; then
+	    if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+	        failure=MultilineTest
+	    fi
 	fi
 
 
@@ -45,9 +54,5 @@ for dir in dummy:$PATH; do
 done
 
 echo "No working pod2man found.  Consider installing a new version." >&2
-if [ "$1" = ignore ]; then
-  echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
-  echo "../../util/pod2man.pl"
-  exit 0
-fi
-exit 1
+echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+echo "$1 ../../util/pod2man.pl"
diff --git a/crypto/openssl/util/point.sh b/crypto/openssl/util/point.sh
index 47543c8..ce7dcc5 100755
--- a/crypto/openssl/util/point.sh
+++ b/crypto/openssl/util/point.sh
@@ -1,6 +1,10 @@
 #!/bin/sh
 
 rm -f $2
-ln -s $1 $2
+if test "$OSTYPE" = msdosdjgpp; then
+    cp $1 $2
+else
+    ln -s $1 $2
+fi
 echo "$2 => $1"
 
diff --git a/crypto/openssl/util/selftest.pl b/crypto/openssl/util/selftest.pl
index 936afa0..276b811 100644
--- a/crypto/openssl/util/selftest.pl
+++ b/crypto/openssl/util/selftest.pl
@@ -50,6 +50,7 @@ if (open(IN,"<Makefile.ssl")) {
 
 $cversion=`$cc -v 2>&1`;
 $cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc -V |head -1` if $cversion =~ "Error";
 $cversion=`$cc --version` if $cversion eq "";
 $cversion =~ s/Reading specs.*\n//;
 $cversion =~ s/usage.*\n//;
@@ -131,19 +132,14 @@ if (system("make 2>&1 | tee make.log") > 255) {
 
 $_=$options;
 s/no-asm//;
+s/no-shared//;
+s/no-krb5//;
 if (/no-/)
 {
     print OUT "Test skipped.\n";
     goto err;
 }
 
-if (`echo 4+1 | bc` != 5)
-{
-    print OUT "Can't run bc! Test skipped.\n";
-    print OUT $not_our_fault;
-    goto err;
-}
-
 print "Running make test...\n";
 if (system("make test 2>&1 | tee maketest.log") > 255)
  {
diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num
index 6883733..fdea472 100755
--- a/crypto/openssl/util/ssleay.num
+++ b/crypto/openssl/util/ssleay.num
@@ -18,16 +18,16 @@ SSL_CTX_set_ssl_version                 19	EXIST::FUNCTION:
 SSL_CTX_set_verify                      21	EXIST::FUNCTION:
 SSL_CTX_use_PrivateKey                  22	EXIST::FUNCTION:
 SSL_CTX_use_PrivateKey_ASN1             23	EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey_file             24	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             24	EXIST::FUNCTION:STDIO
 SSL_CTX_use_RSAPrivateKey               25	EXIST::FUNCTION:RSA
 SSL_CTX_use_RSAPrivateKey_ASN1          26	EXIST::FUNCTION:RSA
-SSL_CTX_use_RSAPrivateKey_file          27	EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file          27	EXIST::FUNCTION:RSA,STDIO
 SSL_CTX_use_certificate                 28	EXIST::FUNCTION:
 SSL_CTX_use_certificate_ASN1            29	EXIST::FUNCTION:
-SSL_CTX_use_certificate_file            30	EXIST::FUNCTION:
+SSL_CTX_use_certificate_file            30	EXIST::FUNCTION:STDIO
 SSL_SESSION_free                        31	EXIST::FUNCTION:
 SSL_SESSION_new                         32	EXIST::FUNCTION:
-SSL_SESSION_print                       33	EXIST::FUNCTION:
+SSL_SESSION_print                       33	EXIST::FUNCTION:BIO
 SSL_SESSION_print_fp                    34	EXIST::FUNCTION:FP_API
 SSL_accept                              35	EXIST::FUNCTION:
 SSL_add_client_CA                       36	EXIST::FUNCTION:
@@ -52,15 +52,15 @@ SSL_get_error                           58	EXIST::FUNCTION:
 SSL_get_fd                              59	EXIST::FUNCTION:
 SSL_get_peer_cert_chain                 60	EXIST::FUNCTION:
 SSL_get_peer_certificate                61	EXIST::FUNCTION:
-SSL_get_rbio                            63	EXIST::FUNCTION:
+SSL_get_rbio                            63	EXIST::FUNCTION:BIO
 SSL_get_read_ahead                      64	EXIST::FUNCTION:
 SSL_get_shared_ciphers                  65	EXIST::FUNCTION:
 SSL_get_ssl_method                      66	EXIST::FUNCTION:
 SSL_get_verify_callback                 69	EXIST::FUNCTION:
 SSL_get_verify_mode                     70	EXIST::FUNCTION:
 SSL_get_version                         71	EXIST::FUNCTION:
-SSL_get_wbio                            72	EXIST::FUNCTION:
-SSL_load_client_CA_file                 73	EXIST::FUNCTION:
+SSL_get_wbio                            72	EXIST::FUNCTION:BIO
+SSL_load_client_CA_file                 73	EXIST::FUNCTION:STDIO
 SSL_load_error_strings                  74	EXIST::FUNCTION:
 SSL_new                                 75	EXIST::FUNCTION:
 SSL_peek                                76	EXIST::FUNCTION:
@@ -70,29 +70,29 @@ SSL_renegotiate                         79	EXIST::FUNCTION:
 SSL_rstate_string                       80	EXIST::FUNCTION:
 SSL_rstate_string_long                  81	EXIST::FUNCTION:
 SSL_set_accept_state                    82	EXIST::FUNCTION:
-SSL_set_bio                             83	EXIST::FUNCTION:
+SSL_set_bio                             83	EXIST::FUNCTION:BIO
 SSL_set_cipher_list                     84	EXIST::FUNCTION:
 SSL_set_client_CA_list                  85	EXIST::FUNCTION:
 SSL_set_connect_state                   86	EXIST::FUNCTION:
-SSL_set_fd                              87	EXIST::FUNCTION:
+SSL_set_fd                              87	EXIST::FUNCTION:SOCK
 SSL_set_read_ahead                      88	EXIST::FUNCTION:
-SSL_set_rfd                             89	EXIST::FUNCTION:
+SSL_set_rfd                             89	EXIST::FUNCTION:SOCK
 SSL_set_session                         90	EXIST::FUNCTION:
 SSL_set_ssl_method                      91	EXIST::FUNCTION:
 SSL_set_verify                          94	EXIST::FUNCTION:
-SSL_set_wfd                             95	EXIST::FUNCTION:
+SSL_set_wfd                             95	EXIST::FUNCTION:SOCK
 SSL_shutdown                            96	EXIST::FUNCTION:
 SSL_state_string                        97	EXIST::FUNCTION:
 SSL_state_string_long                   98	EXIST::FUNCTION:
 SSL_use_PrivateKey                      99	EXIST::FUNCTION:
 SSL_use_PrivateKey_ASN1                 100	EXIST::FUNCTION:
-SSL_use_PrivateKey_file                 101	EXIST::FUNCTION:
+SSL_use_PrivateKey_file                 101	EXIST::FUNCTION:STDIO
 SSL_use_RSAPrivateKey                   102	EXIST::FUNCTION:RSA
 SSL_use_RSAPrivateKey_ASN1              103	EXIST::FUNCTION:RSA
-SSL_use_RSAPrivateKey_file              104	EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file              104	EXIST::FUNCTION:RSA,STDIO
 SSL_use_certificate                     105	EXIST::FUNCTION:
 SSL_use_certificate_ASN1                106	EXIST::FUNCTION:
-SSL_use_certificate_file                107	EXIST::FUNCTION:
+SSL_use_certificate_file                107	EXIST::FUNCTION:STDIO
 SSL_write                               108	EXIST::FUNCTION:
 SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
 SSLv23_client_method                    110	EXIST::FUNCTION:RSA
@@ -106,17 +106,17 @@ SSLv3_method                            117	EXIST::FUNCTION:
 SSLv3_server_method                     118	EXIST::FUNCTION:
 d2i_SSL_SESSION                         119	EXIST::FUNCTION:
 i2d_SSL_SESSION                         120	EXIST::FUNCTION:
-BIO_f_ssl                               121	EXIST::FUNCTION:
-BIO_new_ssl                             122	EXIST::FUNCTION:
+BIO_f_ssl                               121	EXIST::FUNCTION:BIO
+BIO_new_ssl                             122	EXIST::FUNCTION:BIO
 BIO_proxy_ssl_copy_session_id           123	NOEXIST::FUNCTION:
-BIO_ssl_copy_session_id                 124	EXIST::FUNCTION:
+BIO_ssl_copy_session_id                 124	EXIST::FUNCTION:BIO
 SSL_do_handshake                        125	EXIST::FUNCTION:
 SSL_get_privatekey                      126	EXIST::FUNCTION:
 SSL_get_current_cipher                  127	EXIST::FUNCTION:
 SSL_CIPHER_get_bits                     128	EXIST::FUNCTION:
 SSL_CIPHER_get_version                  129	EXIST::FUNCTION:
 SSL_CIPHER_get_name                     130	EXIST::FUNCTION:
-BIO_ssl_shutdown                        131	EXIST::FUNCTION:
+BIO_ssl_shutdown                        131	EXIST::FUNCTION:BIO
 SSL_SESSION_cmp                         132	EXIST::FUNCTION:
 SSL_SESSION_hash                        133	EXIST::FUNCTION:
 SSL_SESSION_get_time                    134	EXIST::FUNCTION:
@@ -152,8 +152,8 @@ SSL_get_ex_new_index                    169	EXIST::FUNCTION:
 TLSv1_method                            170	EXIST::FUNCTION:
 TLSv1_server_method                     171	EXIST::FUNCTION:
 TLSv1_client_method                     172	EXIST::FUNCTION:
-BIO_new_buffer_ssl_connect              173	EXIST::FUNCTION:
-BIO_new_ssl_connect                     174	EXIST::FUNCTION:
+BIO_new_buffer_ssl_connect              173	EXIST::FUNCTION:BIO
+BIO_new_ssl_connect                     174	EXIST::FUNCTION:BIO
 SSL_get_ex_data_X509_STORE_CTX_idx      175	EXIST:!VMS:FUNCTION:
 SSL_get_ex_d_X509_STORE_CTX_idx         175	EXIST:VMS:FUNCTION:
 SSL_CTX_set_tmp_dh_callback             176	EXIST::FUNCTION:DH
@@ -164,16 +164,16 @@ SSL_CTX_get_cert_store                  180	EXIST::FUNCTION:
 SSL_CTX_set_cert_store                  181	EXIST::FUNCTION:
 SSL_want                                182	EXIST::FUNCTION:
 SSL_library_init                        183	EXIST::FUNCTION:
-SSL_COMP_add_compression_method         184	EXIST::FUNCTION:
-SSL_add_file_cert_subjects_to_stack     185	EXIST:!VMS:FUNCTION:
-SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:
+SSL_COMP_add_compression_method         184	EXIST::FUNCTION:COMP
+SSL_add_file_cert_subjects_to_stack     185	EXIST:!VMS:FUNCTION:STDIO
+SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
 SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
 SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
-SSL_add_dir_cert_subjects_to_stack      188	NOEXIST::FUNCTION:
-SSL_add_dir_cert_subjs_to_stk           188	EXIST:VMS:FUNCTION:
+SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS,!WIN32:FUNCTION:STDIO
+SSL_add_dir_cert_subjs_to_stk           188	NOEXIST::FUNCTION:
 SSL_set_session_id_context              189	EXIST::FUNCTION:
-SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:
-SSL_CTX_use_cert_chain_file             222	EXIST:VMS:FUNCTION:
+SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+SSL_CTX_use_cert_chain_file             222	EXIST:VMS:FUNCTION:STDIO
 SSL_CTX_set_verify_depth                225	EXIST::FUNCTION:
 SSL_set_verify_depth                    226	EXIST::FUNCTION:
 SSL_CTX_get_verify_depth                228	EXIST::FUNCTION:
@@ -195,3 +195,23 @@ SSL_callback_ctrl                       244	EXIST::FUNCTION:
 SSL_CTX_sessions                        245	EXIST::FUNCTION:
 SSL_get_rfd                             246	EXIST::FUNCTION:
 SSL_get_wfd                             247	EXIST::FUNCTION:
+kssl_cget_tkt                           248	EXIST::FUNCTION:KRB5
+SSL_has_matching_session_id             249	EXIST::FUNCTION:
+kssl_err_set                            250	EXIST::FUNCTION:KRB5
+kssl_ctx_show                           251	EXIST::FUNCTION:KRB5
+kssl_validate_times                     252	EXIST::FUNCTION:KRB5
+kssl_check_authent                      253	EXIST::FUNCTION:KRB5
+kssl_ctx_new                            254	EXIST::FUNCTION:KRB5
+kssl_build_principal_2                  255	EXIST::FUNCTION:KRB5
+kssl_skip_confound                      256	EXIST::FUNCTION:KRB5
+kssl_sget_tkt                           257	EXIST::FUNCTION:KRB5
+SSL_set_generate_session_id             258	EXIST::FUNCTION:
+kssl_ctx_setkey                         259	EXIST::FUNCTION:KRB5
+kssl_ctx_setprinc                       260	EXIST::FUNCTION:KRB5
+kssl_ctx_free                           261	EXIST::FUNCTION:KRB5
+kssl_krb5_free_data_contents            262	EXIST::FUNCTION:KRB5
+kssl_ctx_setstring                      263	EXIST::FUNCTION:KRB5
+SSL_CTX_set_generate_session_id         264	EXIST::FUNCTION:
+SSL_renegotiate_pending                 265	EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                266	EXIST::FUNCTION:
+SSL_set_msg_callback                    267	EXIST::FUNCTION: